Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coldfusion vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2005-4342
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote malicious users to "bypass security controls," aka "JRun Clustered Sandbox Secu...
Macromedia Coldfusion 7.0
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
5
CVSSv2
CVE-2005-4343
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote malicious users to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL inje...
Macromedia Coldfusion 6.1
Macromedia Coldfusion 6.0
Macromedia Coldfusion 7.0
5
CVSSv2
CVE-2002-0576
ColdFusion 5.0 and previous versions on Windows systems allows remote malicious users to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
Allaire Coldfusion Server 5.0
Allaire Coldfusion Server 4.0
Allaire Coldfusion Server 4.5
5
CVSSv2
CVE-2000-0189
ColdFusion Server 4.x allows remote malicious users to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
Allaire Coldfusion Server 4.0
Allaire Coldfusion Server 4.0.1
Allaire Coldfusion Server 4.5
5
CVSSv2
CVE-2002-1992
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote malicious users to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
Macromedia Coldfusion
Macromedia Coldfusion Professional
7.8
CVSSv2
CVE-2013-5328
Adobe ColdFusion 10 before Update 12 allows remote malicious users to read arbitrary files via unspecified vectors.
Adobe Coldfusion 10.0
Adobe Coldfusion
4.3
CVSSv2
CVE-2020-3767
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).
Adobe Coldfusion 2016
Adobe Coldfusion 2018
5
CVSSv2
CVE-2020-3761
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.
Adobe Coldfusion 2016
Adobe Coldfusion 2018
4.4
CVSSv2
CVE-2020-3768
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
Adobe Coldfusion 2016
Adobe Coldfusion 2018
4.3
CVSSv2
CVE-2020-3796
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.
Adobe Coldfusion 2016
Adobe Coldfusion 2018
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »