Coldfusion

coldfusion

Vendor: Adobe • 208 CVEs

CVEs (208)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-5255 2Adobe Hp 4Coldfusion Livecycle Data ServicesXp7 Command View Advanced Edition+1 more May 6, 2026 Nov 18, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, an...Show more Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.Show less
CVE-2015-0345 1Adobe 1Coldfusion May 6, 2026 Apr 15, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-9166 1Adobe 1Coldfusion May 6, 2026 Dec 10, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via unspecified vectors.
CVE-2014-0572 1Adobe 1Coldfusion May 6, 2026 Oct 15, 2014 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors...Show more Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors.Show less
CVE-2014-0571 1Adobe 1Coldfusion May 6, 2026 Oct 15, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary we...Show more Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2014-0570 1Adobe 1Coldfusion May 6, 2026 Oct 15, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the a...Show more Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.Show less
CVE-2014-5315 1Adobe 2Acrobat Coldfusion May 6, 2026 Sep 26, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5328 1Adobe 1Coldfusion Apr 29, 2026 Nov 13, 2013 N/A· v4 N/A· v3 7.8 HIGH· v2 Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2013-5326 1Adobe 1Coldfusion Apr 29, 2026 Nov 13, 2013 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticate...Show more Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory.Show less
CVE-2010-5290 1Adobe 1Coldfusion Apr 29, 2026 Sep 20, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative...Show more The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.Show less
CVE-2013-3350 1Adobe 1Coldfusion Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.
CVE-2013-3349 1Adobe 1Coldfusion Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors.
CVE-2013-1389 1Adobe 1Coldfusion Apr 29, 2026 May 16, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2013-3336 1Adobe 1Coldfusion Apr 29, 2026 May 9, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.
CVE-2013-1388 1Adobe 1Coldfusion Apr 29, 2026 Apr 10, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors.
CVE-2013-1387 1Adobe 1Coldfusion Apr 29, 2026 Apr 10, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to impersonate users via unknown vectors.
CVE-2013-0632 1Adobe 1Coldfusion Apr 21, 2026 Jan 17, 2013 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and...Show more administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.Show less
CVE-2013-0631 1Adobe 1Coldfusion Apr 21, 2026 Jan 9, 2013 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.
CVE-2013-0629 1Adobe 1Coldfusion Apr 21, 2026 Jan 9, 2013 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
CVE-2013-0625 1Adobe 1Coldfusion Apr 21, 2026 Jan 9, 2013 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January...Show more Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.Show less

Previous 1...789 10 11 Next