Search
Total
123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3336 | 1 Adobe | 1 Coldfusion | 2013-11-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2010-2861 | 1 Adobe | 1 Coldfusion | 2013-09-24 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/. | |||||
| CVE-2013-0629 | 1 Adobe | 1 Coldfusion | 2013-01-18 | 4.3 MEDIUM | N/A |
| Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2013-0631 | 1 Adobe | 1 Coldfusion | 2013-01-18 | 5.0 MEDIUM | N/A |
| Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2013-0625 | 1 Adobe | 1 Coldfusion | 2013-01-18 | 6.8 MEDIUM | N/A |
| Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2012-5675 | 1 Adobe | 1 Coldfusion | 2012-12-12 | 4.4 MEDIUM | N/A |
| Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors. | |||||
| CVE-2012-2041 | 1 Adobe | 1 Coldfusion | 2012-06-13 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2011-4368 | 1 Adobe | 1 Coldfusion | 2012-02-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2463 | 1 Adobe | 1 Coldfusion | 2012-02-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag. | |||||
| CVE-2011-0733 | 1 Adobe | 1 Coldfusion | 2011-11-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file. | |||||
| CVE-2011-0734 | 1 Adobe | 1 Coldfusion | 2011-11-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier. | |||||
| CVE-2011-0735 | 1 Adobe | 1 Coldfusion | 2011-11-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script." | |||||
| CVE-2011-0736 | 1 Adobe | 1 Coldfusion | 2011-11-08 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure. | |||||
| CVE-2011-0737 | 1 Adobe | 1 Coldfusion | 2011-11-08 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure. | |||||
| CVE-2008-4831 | 1 Adobe | 1 Coldfusion | 2011-03-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors. | |||||
| CVE-2006-5859 | 1 Adobe | 1 Coldfusion | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. | |||||
| CVE-2010-1294 | 1 Adobe | 1 Coldfusion | 2010-05-14 | 2.1 LOW | N/A |
| Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors. | |||||
| CVE-2009-3467 | 1 Adobe | 1 Coldfusion | 2010-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2010-1293 | 1 Adobe | 1 Coldfusion | 2010-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-1876 | 1 Adobe | 1 Coldfusion | 2009-08-26 | 5.0 MEDIUM | N/A |
| Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability." | |||||
| CVE-2009-1875 | 1 Adobe | 1 Coldfusion | 2009-08-26 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877. | |||||
| CVE-2009-1877 | 1 Adobe | 1 Coldfusion | 2009-08-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875. | |||||
| CVE-2009-1878 | 1 Adobe | 1 Coldfusion | 2009-08-26 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||||