Published: 17/01/2013 Updated: 17/01/2014

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote malicious users to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe coldfusion 9.0
adobe coldfusion 9.0.1
adobe coldfusion 9.0.2
adobe coldfusion 10.0

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE Rank = GreatRanking de ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' require 'digest/sha1' require 'openssl' class Metasploit3 < Msf::Exploit::Remote incl ...

This Metasploit module exploits a pile of vulnerabilities in Adobe ColdFusion APSB13-03 including arbitrary command execution in scheduleeditcfm (9x only), directory traversal, and authentication bypass issues ...

Adobe ColdFusion versions 90, 901, and 902 do not properly check the "rdsPasswordAllowed" field when accessing the Administrator API CFC that is used for logging in The login function never checks if RDS is enabled when rdsPasswordAllowed="true" This means that if RDS was not configured, the RDS user does not have a password associated with ...

clusterd clusterd is an open source application server attack toolkit Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack See the wiki for more information Requirements Python >= 27x Requests >= 22x Installation The re

application server attack toolkit

clusterd clusterd is an open source application server attack toolkit Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack See the wiki for more information Requirements Python >= 27x Requests >= 22x Installation The re

FortiSIEM Incapsula WAF Parser Custom Why did we create a custom Incapsula WAF for FortiSIEM? Because the latest version of FortiSIEM doesn't support this parser or API yet Furthermore, Common Event Format(CEF) logs that have come to the FortiSIEM will be parsed to the generic CEF instead The structure of the parser <patternDefinitions> <!-- Defi

CWE-200 http://www.adobe.com/support/security/bulletins/apsb13-03.html http://www.adobe.com/support/security/advisories/apsa13-01.html http://www.exploit-db.com/exploits/30210 https://nvd.nist.gov https://github.com/qashqao/clusterd https://github.com/hatRiot/clusterd https://www.exploit-db.com/exploits/27755/

CVE-2013-0632

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect