Adobe

Coldfusion

201 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2011-0735

Exploit
  • EPSS 0.6%
  • Veröffentlicht 01.02.2011 18:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script."

4.3

CVE-2011-0736

Exploit
  • EPSS 0.82%
  • Veröffentlicht 01.02.2011 18:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes...

9.8

CVE-2010-2861

Warnung Exploit
  • EPSS 94.23%
  • Veröffentlicht 11.08.2010 18:47:51
  • Zuletzt bearbeitet 22.10.2025 01:15:37

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/sett...

4.3

CVE-2010-1293

  • EPSS 0.82%
  • Veröffentlicht 13.05.2010 17:30:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2.1

CVE-2010-1294

  • EPSS 0.15%
  • Veröffentlicht 13.05.2010 17:30:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors.

4.3

CVE-2009-3467

  • EPSS 0.82%
  • Veröffentlicht 13.05.2010 17:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

6.5

CVE-2009-3960

Warnung Exploit
  • EPSS 88.74%
  • Veröffentlicht 15.02.2010 18:30:00
  • Zuletzt bearbeitet 22.10.2025 01:15:35

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain se...

5

CVE-2010-0185

  • EPSS 1.65%
  • Veröffentlicht 03.02.2010 18:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an ...

4.3

CVE-2009-1872

Exploit
  • EPSS 8.67%
  • Veröffentlicht 18.08.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query s...

4.3

CVE-2009-1875

  • EPSS 0.67%
  • Veröffentlicht 18.08.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877.