Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Coldfusion
(Adobe)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 153 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-12-01 | CVE-2017-11286 | Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | Coldfusion | N/A | ||
| 2017-12-01 | CVE-2017-11284 | Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | Coldfusion | N/A | ||
| 2017-12-01 | CVE-2017-11283 | Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | Coldfusion | N/A | ||
| 2016-06-16 | CVE-2016-4159 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Coldfusion | N/A | ||
| 2016-05-11 | CVE-2016-1115 | Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | Coldfusion | N/A | ||
| 2016-05-11 | CVE-2016-1114 | Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | Coldfusion | N/A | ||
| 2007-03-16 | CVE-2007-1278 | Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. | Coldfusion, Jrun | N/A | ||
| 2014-09-26 | CVE-2014-5315 | Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Acrobat, Coldfusion | N/A | ||
| 2013-07-10 | CVE-2013-3349 | Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors. | Coldfusion | N/A | ||
| 2013-05-09 | CVE-2013-3336 | Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. | Coldfusion | N/A |