VYPR

Coldfusion

by Adobe Inc.

Source repositories

CVEs (222)

  • CVE-2012-2048Sep 12, 2012
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors.

  • CVE-2012-2041Jun 13, 2012
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

  • CVE-2012-0770Mar 13, 2012
    risk 0.00cvss epss 0.03

    Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

  • CVE-2011-4368Dec 14, 2011
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-2463Dec 14, 2011
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag.

  • CVE-2011-2091Jun 16, 2011
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to cause a denial of service via unknown vectors.

  • CVE-2011-0629Jun 16, 2011
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2011-0584Feb 10, 2011
    risk 0.00cvss epss 0.03

    Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors.

  • CVE-2011-0583Feb 10, 2011
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag.

  • CVE-2011-0582Feb 10, 2011
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allows attackers to obtain sensitive information via unknown vectors.

  • CVE-2011-0581Feb 10, 2011
    risk 0.00cvss epss 0.03

    Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags.

  • CVE-2011-0580Feb 10, 2011
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-0735Feb 1, 2011
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script."

  • CVE-2011-0734Feb 1, 2011
    risk 0.00cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was…

  • CVE-2011-0733Feb 1, 2011
    risk 0.00cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file.

  • CVE-2010-1294May 13, 2010
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors.

  • CVE-2010-1293May 13, 2010
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-3467May 13, 2010
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2010-0185Feb 3, 2010
    risk 0.00cvss epss 0.04

    The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL.

  • CVE-2009-1878Aug 18, 2009
    risk 0.00cvss epss 0.02

    Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

Page 10 of 12