Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coldfusion vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2006-2042
Adobe Dreamweaver 8 prior to 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.
Adobe Dreamweaver 7.0
Adobe Dreamweaver 8.0
668
VMScore
CVE-2005-4342
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote malicious users to "bypass security controls," aka "JRun Clustered Sandbox Secu...
Macromedia Coldfusion 7.0
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
668
VMScore
CVE-2004-1478
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote malicious users to perform a session fixation attack and hijack a user's HTTP session.
Hitachi Cosminexus Enterprise 01 02 2
Hitachi Cosminexus Server Web 01-01 1
Macromedia Jrun 4.0
Hitachi Cosminexus Server Web 01-01 2
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
Hitachi Cosminexus Enterprise 01 01 1
Macromedia Jrun 3.0
Macromedia Jrun 3.1
668
VMScore
CVE-2002-1309
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote malicious users to execute arbitrary via an HTTP GET request with a long .cfm file name.
Macromedia Coldfusion 6.0
668
VMScore
CVE-2001-0535
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote malicious users to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable i...
Macromedia Coldfusion Server 4.x
668
VMScore
CVE-2001-1427
Unknown vulnerability in ColdFusion Server 2.0 up to and including 4.5.1 SP2 allows remote malicious users to overwrite templates with zero byte files via unknown attack vectors.
Macromedia Coldfusion 4.0
Macromedia Coldfusion 4.0.1
Macromedia Coldfusion 3.0.1
Macromedia Coldfusion 3.1
Macromedia Coldfusion 4.5.1
Macromedia Coldfusion 2.0
Macromedia Coldfusion 3.0
Macromedia Coldfusion 4.5
Macromedia Coldfusion 3.1.1
Macromedia Coldfusion 3.1.2
668
VMScore
CVE-1999-0923
Sample runnable code snippets in ColdFusion Server 4.0 allow remote malicious users to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.
Allaire Coldfusion Server 4.0
668
VMScore
CVE-1999-1124
HTTP Client application in ColdFusion allows remote malicious users to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from...
Allaire Coldfusion
650
VMScore
CVE-2006-2046
Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (...
Application Dynamics Cartweaver Coldfusion
2 EDB exploits
646
VMScore
CVE-2016-4264
The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote malicious users to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunct...
Adobe Coldfusion
1 EDB exploit
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »