Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
macromedia coldfusion vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2004-2330
ColdFusion MX 6.1 and 6.1 J2EE allows remote malicious users to cause a denial of service via an HTTP request containing a large number of form fields.
Macromedia Coldfusion 6.1
4.3
CVSSv2
CVE-2005-2480
Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote malicious users to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.
Macromedia Coldfusion Fusebox 4.1.0
1 EDB exploit
5
CVSSv2
CVE-2005-2481
ColdFusion Fusebox 4.1.0 allows remote malicious users to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.
Macromedia Coldfusion Fusebox 4.1.0
5
CVSSv2
CVE-2004-0928
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote malicious users to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
Hitachi Cosminexus Enterprise 01 02 2
Macromedia Jrun 4.0
Hitachi Cosminexus Enterprise 01 01 1
Macromedia Jrun 3.0
Macromedia Jrun 3.1
Hitachi Cosminexus Server Web 01-01 1
Hitachi Cosminexus Server Web 01-01 2
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
7.5
CVSSv2
CVE-2004-1478
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote malicious users to perform a session fixation attack and hijack a user's HTTP session.
Hitachi Cosminexus Enterprise 01 02 2
Hitachi Cosminexus Server Web 01-01 1
Macromedia Jrun 4.0
Hitachi Cosminexus Server Web 01-01 2
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
Hitachi Cosminexus Enterprise 01 01 1
Macromedia Jrun 3.0
Macromedia Jrun 3.1
7.5
CVSSv2
CVE-2001-0535
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote malicious users to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable i...
Macromedia Coldfusion Server 4.x
4.3
CVSSv2
CVE-2002-1700
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote malicious users to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulti...
Macromedia Coldfusion 6.0
Microsoft Internet Information Services 5.0
Microsoft Windows 2000
1 EDB exploit
1 Github repository
6.4
CVSSv2
CVE-2001-1120
Vulnerabilities in ColdFusion 2.0 up to and including 4.5.1 SP 2 allow remote malicious users to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
Allaire Coldfusion Server 3.1
Allaire Coldfusion Server 3.1.1
Allaire Coldfusion Server 2.0
Allaire Coldfusion Server 4.0.1
Allaire Coldfusion Server 4.5
Allaire Coldfusion Server 3.1.2
Allaire Coldfusion Server 4.0
Allaire Coldfusion Server 3.0
Allaire Coldfusion Server 3.0.1
Allaire Coldfusion Server 4.5.1
Allaire Coldfusion Server 4.5.1 Sp1
Allaire Coldfusion Server 4.5.1 Sp2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3