Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coldfusion vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-4342
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote malicious users to "bypass security controls," aka "JRun Clustered Sandbox Secu...
Macromedia Coldfusion 7.0
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
NA
CVE-2005-4343
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote malicious users to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL inje...
Macromedia Coldfusion 6.1
Macromedia Coldfusion 6.0
Macromedia Coldfusion 7.0
NA
CVE-2000-0189
ColdFusion Server 4.x allows remote malicious users to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
Allaire Coldfusion Server 4.0
Allaire Coldfusion Server 4.0.1
Allaire Coldfusion Server 4.5
NA
CVE-2002-0576
ColdFusion 5.0 and previous versions on Windows systems allows remote malicious users to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
Allaire Coldfusion Server 5.0
Allaire Coldfusion Server 4.0
Allaire Coldfusion Server 4.5
NA
CVE-2013-5328
Adobe ColdFusion 10 before Update 12 allows remote malicious users to read arbitrary files via unspecified vectors.
Adobe Coldfusion 10.0
Adobe Coldfusion
NA
CVE-2002-1992
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote malicious users to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
Macromedia Coldfusion
Macromedia Coldfusion Professional
NA
CVE-2004-2204
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
9.8
CVSSv3
CVE-2022-35710
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not requi...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
9.8
CVSSv3
CVE-2017-11283
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and previous versions versions for ColdFusion 2016, and Update 12 and previous versions versions for ColdFusion 11.
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
1 Article
9.8
CVSSv3
CVE-2017-11284
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and previous versions versions for ColdFusion 2016, and Update 12 and previous versions versions for ColdFusion 11.
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »