Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adobe coldfusion vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-1113
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Adobe Coldfusion 10.0
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
9.8
CVSSv3
CVE-2016-1114
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Adobe Coldfusion 10.0
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
5.9
CVSSv3
CVE-2016-1115
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle malicious users to spoof servers via a crafted certificate.
Adobe Coldfusion 10.0
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
6.1
CVSSv3
CVE-2016-4159
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Adobe Coldfusion 10.0
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
NA
CVE-2007-0817
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote malicious users to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
Adobe Coldfusion 7.0.1
Adobe Coldfusion 7.0.2
Adobe Coldfusion 6.1
1 EDB exploit
NA
CVE-2013-5328
Adobe ColdFusion 10 before Update 12 allows remote malicious users to read arbitrary files via unspecified vectors.
Adobe Coldfusion 10.0
Adobe Coldfusion
9.8
CVSSv3
CVE-2017-11283
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and previous versions versions for ColdFusion 2016, and Update 12 and previous versions versions for ColdFusion 11.
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
1 Article
7.5
CVSSv3
CVE-2017-11286
Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and previous versions versions for ColdFusion 2016, and Update 12 and previous versions versions for ColdFusion 11.
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
1 Article
9.8
CVSSv3
CVE-2022-38418
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context ...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
7.5
CVSSv3
CVE-2022-38419
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue do...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »