Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coldfusion server vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2007-0817
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote malicious users to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
Adobe Coldfusion 7.0.1
Adobe Coldfusion 7.0.2
Adobe Coldfusion 6.1
1 EDB exploit
641
VMScore
CVE-2004-2204
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
NA
CVE-2022-35690
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not requi...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
NA
CVE-2022-35710
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not requi...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
NA
CVE-2022-35711
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not requir...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
NA
CVE-2022-35712
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not requir...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
505
VMScore
CVE-2003-1469
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote malicious users to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
Macromedia Coldfusion 6.0
Macromedia Coldfusion Professional
Macromedia Coldfusion
1 EDB exploit
668
VMScore
CVE-2004-1478
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote malicious users to perform a session fixation attack and hijack a user's HTTP session.
Hitachi Cosminexus Enterprise 01 02 2
Hitachi Cosminexus Server Web 01-01 1
Macromedia Jrun 4.0
Hitachi Cosminexus Server Web 01-01 2
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
Hitachi Cosminexus Enterprise 01 01 1
Macromedia Jrun 3.0
Macromedia Jrun 3.1
445
VMScore
CVE-2004-0928
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote malicious users to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
Hitachi Cosminexus Enterprise 01 02 2
Macromedia Jrun 4.0
Hitachi Cosminexus Enterprise 01 01 1
Macromedia Jrun 3.0
Macromedia Jrun 3.1
Hitachi Cosminexus Server Web 01-01 1
Hitachi Cosminexus Server Web 01-01 2
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
NA
CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and previous versions) and 2021 Update 5 (and previous versions) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does no...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
2 Metasploit modules
2 Github repositories
1 Article
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »