Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coldfusion vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-0770
Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote malicious users to cause a denial of service (CPU consumption) by sending many crafted parameters.
Adobe Coldfusion 9.0
Adobe Coldfusion 9.0.1
Adobe Coldfusion 8.0
Adobe Coldfusion 8.0.1
5
CVSSv2
CVE-2011-2091
Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote malicious users to cause a denial of service via unknown vectors.
Adobe Coldfusion 8.0.1
Adobe Coldfusion 9.0
Adobe Coldfusion 9.0.1
Adobe Coldfusion 8.0
5
CVSSv2
CVE-2011-0582
Unspecified vulnerability in the administrator console in Adobe ColdFusion 8.0 up to and including 9.0.1 allows malicious users to obtain sensitive information via unknown vectors.
Adobe Coldfusion 8.0
Adobe Coldfusion 8.0.1
Adobe Coldfusion 9.0
Adobe Coldfusion 9.0.1
5
CVSSv2
CVE-2011-0737
Adobe ColdFusion 9.0.1 CHF1 and previous versions allows remote malicious users to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wid...
Adobe Coldfusion 7.0.2
Adobe Coldfusion 8.0
Adobe Coldfusion 9.0
Adobe Coldfusion 6.0
Adobe Coldfusion 7.0
Adobe Coldfusion 5.0
Adobe Coldfusion 6.1
Adobe Coldfusion 7.0.1
Adobe Coldfusion 8.0.1
Adobe Coldfusion
Adobe Coldfusion 8.1
Adobe Coldfusion 9.0.1
Adobe Coldfusion 4.5
5
CVSSv2
CVE-2010-0185
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote malicious users to obtain collection metadata, search information, and index data via a request to an unspecified URL.
Adobe Coldfusion 9.0
5
CVSSv2
CVE-2009-1876
Adobe ColdFusion 8.0.1 and previous versions might allow malicious users to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."
Adobe Coldfusion 6.0
Adobe Coldfusion 7.0.1
Adobe Coldfusion 7.0.2
Adobe Coldfusion
Adobe Coldfusion 6.1
Adobe Coldfusion 7.0
Adobe Coldfusion 7.2
Adobe Coldfusion 8.0
5
CVSSv2
CVE-2008-6580
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb.
Funscripts Red Reservations -
1 EDB exploit
5
CVSSv2
CVE-2008-0644
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote malicious users to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.
Adobe Coldfusion 7.0
Adobe Coldfusion 7.0.1
Adobe Coldfusion 7.0.2
Adobe Coldfusion 8.0
5
CVSSv2
CVE-2006-5858
Adobe ColdFusion MX 7 up to and including 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote malicious users to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.
Adobe Coldfusion
Adobe Jrun 4.0
5
CVSSv2
CVE-2006-6482
Adobe ColdFusion MX7 allows remote malicious users to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm w...
Adobe Coldfusion 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »