Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Coldfusion
(Adobe)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 153 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-05-11 | CVE-2016-1114 | Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | Coldfusion | N/A | ||
| 2007-03-16 | CVE-2007-1278 | Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. | Coldfusion, Jrun | N/A | ||
| 2014-09-26 | CVE-2014-5315 | Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Acrobat, Coldfusion | N/A | ||
| 2013-07-10 | CVE-2013-3349 | Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors. | Coldfusion | N/A | ||
| 2013-05-09 | CVE-2013-3336 | Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. | Coldfusion | N/A | ||
| 2012-12-12 | CVE-2012-5675 | Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors. | Coldfusion | N/A | ||
| 2012-09-12 | CVE-2012-2048 | Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors. | Coldfusion | N/A | ||
| 2012-06-13 | CVE-2012-2041 | CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | Coldfusion | N/A | ||
| 2012-03-13 | CVE-2012-0770 | Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | Coldfusion | N/A | ||
| 2011-12-14 | CVE-2011-4368 | Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Coldfusion | N/A |