Total
144 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0817 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. | |||||
| CVE-2006-6483 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 2.6 LOW | N/A |
| Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag. | |||||
| CVE-2006-6482 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 5.0 MEDIUM | N/A |
| Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag. | |||||
| CVE-2006-5860 | 1 Adobe | 2 Coldfusion, Jrun | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2006-5859 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. | |||||
| CVE-2006-5858 | 2 Adobe, Microsoft | 3 Coldfusion, Jrun, Internet Information Services | 2024-11-21 | 5.0 MEDIUM | N/A |
| Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. | |||||
| CVE-2006-4726 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page. | |||||
| CVE-2006-4725 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.6 MEDIUM | N/A |
| Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox. | |||||
| CVE-2006-4724 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. | |||||
| CVE-2006-3978 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2024-41874 | 1 Adobe | 1 Coldfusion | 2024-09-13 | N/A | 9.8 CRITICAL |
| ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-45113 | 1 Adobe | 1 Coldfusion | 2024-09-13 | N/A | 7.5 HIGH |
| ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access and affect the integrity of the application. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-34113 | 1 Adobe | 1 Coldfusion | 2024-08-07 | N/A | 5.5 MEDIUM |
| ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction. | |||||
| CVE-2018-15961 | 1 Adobe | 1 Coldfusion | 2024-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2023-26360 | 1 Adobe | 1 Coldfusion | 2024-06-28 | N/A | 8.6 HIGH |
| Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-44353 | 1 Adobe | 1 Coldfusion | 2024-02-05 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-44350 | 1 Adobe | 1 Coldfusion | 2024-02-05 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-26347 | 1 Adobe | 1 Coldfusion | 2024-02-05 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-44355 | 1 Adobe | 1 Coldfusion | 2024-02-05 | N/A | 4.3 MEDIUM |
| Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction. | |||||
| CVE-2023-44352 | 1 Adobe | 1 Coldfusion | 2024-02-05 | N/A | 6.1 MEDIUM |
| Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||