VYPR

Coldfusion

by Adobe Inc.

Source repositories

CVEs (222)

  • CVE-2019-7092May 24, 2019
    risk 0.00cvss epss 0.02

    ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure .

  • CVE-2019-7816May 24, 2019
    risk 0.00cvss epss 0.68

    ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2015-8053Nov 18, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052.

  • CVE-2015-8052Nov 18, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053.

  • CVE-2015-5255Nov 18, 2015
    risk 0.00cvss epss 0.04

    Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to…

  • CVE-2015-0345Apr 15, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-9166Dec 10, 2014
    risk 0.00cvss epss 0.03

    Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via unspecified vectors.

  • CVE-2014-0572Oct 15, 2014
    risk 0.00cvss epss 0.01

    Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors.

  • CVE-2014-0571Oct 15, 2014
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-0570Oct 15, 2014
    risk 0.00cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2014-5315Sep 26, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-5328Nov 13, 2013
    risk 0.00cvss epss 0.03

    Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2013-5326Nov 13, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via…

  • CVE-2010-5290Sep 20, 2013
    risk 0.00cvss epss 0.06

    The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration…

  • CVE-2013-3349Jul 10, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors.

  • CVE-2013-1389May 16, 2013
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2013-1387Apr 10, 2013
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to impersonate users via unknown vectors.

  • CVE-2013-1388Apr 10, 2013
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors.

  • CVE-2012-5675Dec 12, 2012
    risk 0.00cvss epss 0.01

    Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors.

  • CVE-2012-5674Nov 20, 2012
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors.

Page 9 of 12