Coldfusion
by Adobe Inc.
Source repositories
CVEs (222)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2048 | 0.00 | — | 0.04 | Sep 12, 2012 | Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors. | |||
| CVE-2012-2041 | 0.00 | — | 0.02 | Jun 13, 2012 | CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||
| CVE-2012-0770 | 0.00 | — | 0.03 | Mar 13, 2012 | Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||
| CVE-2011-4368 | 0.00 | — | 0.02 | Dec 14, 2011 | Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-2463 | 0.00 | — | 0.02 | Dec 14, 2011 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag. | |||
| CVE-2011-2091 | 0.00 | — | 0.03 | Jun 16, 2011 | Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2011-0629 | 0.00 | — | 0.01 | Jun 16, 2011 | Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2011-0584 | 0.00 | — | 0.03 | Feb 10, 2011 | Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2011-0583 | 0.00 | — | 0.03 | Feb 10, 2011 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag. | |||
| CVE-2011-0582 | 0.00 | — | 0.04 | Feb 10, 2011 | Unspecified vulnerability in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allows attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2011-0581 | 0.00 | — | 0.03 | Feb 10, 2011 | Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags. | |||
| CVE-2011-0580 | 0.00 | — | 0.03 | Feb 10, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-0735 | 0.00 | — | 0.03 | Feb 1, 2011 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script." | |||
| CVE-2011-0734 | 0.00 | — | 0.04 | Feb 1, 2011 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was… | |||
| CVE-2011-0733 | 0.00 | — | 0.04 | Feb 1, 2011 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file. | |||
| CVE-2010-1294 | 0.00 | — | 0.01 | May 13, 2010 | Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2010-1293 | 0.00 | — | 0.03 | May 13, 2010 | Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-3467 | 0.00 | — | 0.02 | May 13, 2010 | Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2010-0185 | 0.00 | — | 0.04 | Feb 3, 2010 | The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL. | |||
| CVE-2009-1878 | 0.00 | — | 0.02 | Aug 18, 2009 | Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors. |
- CVE-2012-2048Sep 12, 2012risk 0.00cvss —epss 0.04
Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors.
- CVE-2012-2041Jun 13, 2012risk 0.00cvss —epss 0.02
CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
- CVE-2012-0770Mar 13, 2012risk 0.00cvss —epss 0.03
Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
- CVE-2011-4368Dec 14, 2011risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-2463Dec 14, 2011risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag.
- CVE-2011-2091Jun 16, 2011risk 0.00cvss —epss 0.03
Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to cause a denial of service via unknown vectors.
- CVE-2011-0629Jun 16, 2011risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2011-0584Feb 10, 2011risk 0.00cvss —epss 0.03
Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors.
- CVE-2011-0583Feb 10, 2011risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag.
- CVE-2011-0582Feb 10, 2011risk 0.00cvss —epss 0.04
Unspecified vulnerability in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allows attackers to obtain sensitive information via unknown vectors.
- CVE-2011-0581Feb 10, 2011risk 0.00cvss —epss 0.03
Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags.
- CVE-2011-0580Feb 10, 2011risk 0.00cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-0735Feb 1, 2011risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script."
- CVE-2011-0734Feb 1, 2011risk 0.00cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was…
- CVE-2011-0733Feb 1, 2011risk 0.00cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file.
- CVE-2010-1294May 13, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors.
- CVE-2010-1293May 13, 2010risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-3467May 13, 2010risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2010-0185Feb 3, 2010risk 0.00cvss —epss 0.04
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL.
- CVE-2009-1878Aug 18, 2009risk 0.00cvss —epss 0.02
Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
Page 10 of 12