Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Coldfusion
(Adobe)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 153 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2009-08-18 | CVE-2009-1877 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875. | Coldfusion | N/A | ||
| 2009-08-18 | CVE-2009-1876 | Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability." | Coldfusion | N/A | ||
| 2009-08-18 | CVE-2009-1875 | Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877. | Coldfusion | N/A | ||
| 2009-08-18 | CVE-2009-1872 | Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. | Coldfusion | N/A | ||
| 2008-11-10 | CVE-2008-4831 | Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors. | Coldfusion | N/A | ||
| 2008-04-09 | CVE-2008-1656 | Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725. | Coldfusion | N/A | ||
| 2008-03-11 | CVE-2008-1203 | The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. | Coldfusion | N/A | ||
| 2008-03-11 | CVE-2008-0644 | Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. | Coldfusion | N/A | ||
| 2008-03-11 | CVE-2008-0643 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Coldfusion | N/A | ||
| 2007-11-15 | CVE-2007-5905 | Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | Coldfusion | N/A |