Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2018-15961

Published: 25/09/2018 Updated: 04/09/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Adobe

Vulnerability Summary

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and previous versions, and Update 14 and previous versions have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Mailing Lists

Packetstorm: Adobe ColdFusion 2018 Shell Upload
Adobe ColdFusion 2018 suffers from a remote shell upload vulnerability ...

Metasploit Modules

Adobe ColdFusion CKEditor unrestricted file upload

A file upload vulnerability in the CKEditor of Adobe ColdFusion 11 (Update 14 and earlier), ColdFusion 2016 (Update 6 and earlier), and ColdFusion 2018 (July 12 release) allows unauthenticated remote attackers to upload and execute JSP files through the filemanager plugin. Tested on Adobe ColdFusion 2018.0.0.310739.

msf > use exploit/multi/http/coldfusion_ckeditor_file_upload
msf exploit(coldfusion_ckeditor_file_upload) > show targets
    ...targets...
msf exploit(coldfusion_ckeditor_file_upload) > set TARGET < target-id >
msf exploit(coldfusion_ckeditor_file_upload) > show options
    ...show and set options...
msf exploit(coldfusion_ckeditor_file_upload) > exploit

Github Repositories

cve-2018-15961

cve-2018-15961

CVE-2018-15961 This is part of Cved: a tool to manage vulnerable docker containers Cved: gitlabcom/git-rep/cved Image source: githubcom/cved-sources/cve-2018-15961 Image author: bintraycom/eaps/coldfusion/cf%3Acoldfusion/201800

CVE-2018-15961

CVE-2018-15961py An exploit for CVE-2018-15961

CVE-2018-15961

Unrestricted file upload in Adobe ColdFusion

CVE-2018-15961 Unrestricted file upload in Adobe ColdFusion POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadcfm HTTP/11 Host: coldfusion:port User-Agent: Mozilla/50 (Windows NT 100; WOW64) AppleWebKit/53736 (KHTML, like Gecko) Chrome/62032029 Safari/53736 Content-Type: multipart/form-data; boundary=---------------------------24464570528145 Content-Leng

fireeye_CVEs

CVEs enumerated by FireEye and that should be addressed to limit the effectiveness of leaked the Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN

fireeye_cves

vFeed CVEs Vulnerability Indicators that should be addressed to limit the effectiveness of the Leaked FireEye Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Forti

CVE-POC

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC-in-GitHub

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Exp101tsArchiv30thers

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

awesome-cve-poc_qazbnm456

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Critical code execution vulnerability fixed in Adobe ColdFusion
BleepingComputer • Sergiu Gatlan • 22 Mar 2021

Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018.
Today's emergency updates patch an arbitrary code execution security flaw caused by an 
 software vulnerability.
Adobe released ColdFusion 2016 Update 17, ColdFusion 2018 Update 11, and ColdFusion 2021 Update 1 to patch the vulnerability and said that all previous versions before these patches are vulnerable to attacks.
In the 
...

Read more...
Recently-Patched Adobe ColdFusion Flaw Exploited By APT
Threatpost • Lindsey O'Donnell • 09 Nov 2018

An Adobe ColdFusion vulnerability, patched two months ago, was being exploited in the wild by a China-linked APT group, researchers found.
The vulnerability, CVE-2018-15961, is a critical unrestricted file upload bug that could also lead to arbitrary code-execution, researchers at Volexity, who discovered the exploitation, said on Thursday.
“Volexity recently observed active exploitation of a newly patched vulnerability in Adobe ColdFusion, for which no public details or proof-of-c...

Read more...

References

CWE-434https://helpx.adobe.com/security/products/coldfusion/apsb18-33.htmlhttp://www.securitytracker.com/id/1041621http://www.securityfocus.com/bid/105314https://www.exploit-db.com/exploits/45979/https://github.com/cved-sources/cve-2018-15961https://nvd.nist.govhttps://www.securityfocus.com/bid/105314
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-29506CVE-2020-20092encryptionCVE-2021-21551arbitrary unspecifiedCVE-2020-23689CVE-2021-28476CVE-2021-20996
Vulnerability Notification Service
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook