Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coldfusion server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-3349
Unspecified vulnerability in Adobe ColdFusion 9.0 up to and including 9.0.2, when the JRun application server is used, allows remote malicious users to cause a denial of service via unknown vectors.
Adobe Coldfusion 9.0.2
Adobe Coldfusion 9.0
Adobe Coldfusion 9.0.1
NA
CVE-2007-0817
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote malicious users to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
Adobe Coldfusion 7.0.2
Adobe Coldfusion 6.1
Adobe Coldfusion 7.0.1
1 EDB exploit
NA
CVE-2004-2204
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
Macromedia Coldfusion 6.1
Macromedia Coldfusion 6.0
9.8
CVSSv3
CVE-2022-35690
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not requi...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
9.8
CVSSv3
CVE-2022-35710
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not requi...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
9.8
CVSSv3
CVE-2022-35711
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not requir...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
9.8
CVSSv3
CVE-2022-35712
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not requir...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
8.6
CVSSv3
CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and previous versions) and 2021 Update 5 (and previous versions) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does no...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
2 Metasploit modules
2 Github repositories
1 Article
NA
CVE-2004-0928
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote malicious users to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
Hitachi Cosminexus Enterprise 01 01 1
Hitachi Cosminexus Enterprise 01 02 2
Macromedia Jrun 3.1
Macromedia Jrun 3.0
Macromedia Coldfusion 6.1
Macromedia Coldfusion 6.0
Hitachi Cosminexus Server Web 01-01 2
Hitachi Cosminexus Server Web 01-01 1
Macromedia Jrun 4.0
NA
CVE-2004-1478
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote malicious users to perform a session fixation attack and hijack a user's HTTP session.
Hitachi Cosminexus Enterprise 01 01 1
Hitachi Cosminexus Enterprise 01 02 2
Macromedia Jrun 3.1
Macromedia Jrun 3.0
Macromedia Coldfusion 6.1
Macromedia Coldfusion 6.0
Hitachi Cosminexus Server Web 01-01 2
Hitachi Cosminexus Server Web 01-01 1
Macromedia Jrun 4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »