Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coldfusion vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2016-4264
The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote malicious users to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunct...
Adobe Coldfusion
1 EDB exploit
2 Github repositories
6.4
CVSSv2
CVE-2006-2046
Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (...
Application Dynamics Cartweaver Coldfusion
2 EDB exploits
6.4
CVSSv2
CVE-2001-1120
Vulnerabilities in ColdFusion 2.0 up to and including 4.5.1 SP 2 allow remote malicious users to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
Allaire Coldfusion Server 3.1
Allaire Coldfusion Server 3.1.1
Allaire Coldfusion Server 2.0
Allaire Coldfusion Server 4.0.1
Allaire Coldfusion Server 4.5
Allaire Coldfusion Server 3.1.2
Allaire Coldfusion Server 4.0
Allaire Coldfusion Server 3.0
Allaire Coldfusion Server 3.0.1
Allaire Coldfusion Server 4.5.1
Allaire Coldfusion Server 4.5.1 Sp1
Allaire Coldfusion Server 4.5.1 Sp2
5.8
CVSSv2
CVE-2009-1878
Session fixation vulnerability in Adobe ColdFusion 8.0.1 and previous versions allows remote malicious users to hijack web sessions via unspecified vectors.
Adobe Coldfusion 7.2
Adobe Coldfusion 7.0
Adobe Coldfusion 6.0
Adobe Coldfusion 7.0.2
Adobe Coldfusion 7.0.1
Adobe Coldfusion 8.0
Adobe Coldfusion 8.1
Adobe Coldfusion 6.1
Adobe Coldfusion
5.8
CVSSv2
CVE-2006-2364
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which i...
Macromedia Coldfusion 5.0
5
CVSSv2
CVE-2020-3761
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.
Adobe Coldfusion 2016
Adobe Coldfusion 2018
5
CVSSv2
CVE-2019-8072
ColdFusion 2018- update 4 and previous versions and ColdFusion 2016- update 11 and previous versions have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
Adobe Coldfusion 2016
Adobe Coldfusion 2018
1 Article
5
CVSSv2
CVE-2019-15862
An issue exists in CKFinder up to and including 2.6.2.1. Improper checks of file names allows remote malicious users to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP...
Cksource Ckfinder
5
CVSSv2
CVE-2018-15962
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and previous versions, and Update 14 and previous versions have a directory listing vulnerability. Successful exploitation could lead to information disclosure.
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
Adobe Coldfusion 2018
5
CVSSv2
CVE-2018-15964
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and previous versions, and Update 14 and previous versions have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
Adobe Coldfusion 2018
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »