CVSS: 10.0EPSS: 96%CPEs: 4EXPL: 5CVE-2013-0632 – Adobe ColdFusion Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-0632
17 Jan 2013 — administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. En el archivo administrator.cfc en ColdFusion de Adobe versiones 9.0, 9.0.1, 9.0.2 y 10, permite a los atacantes remotos omitir la autenticación y posiblemente ejecutar código arbit... • https://packetstorm.news/files/id/122864 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 65%CPEs: 4EXPL: 1CVE-2013-0625 – Adobe ColdFusion Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-0625
09 Jan 2013 — Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. Adobe ColdFusion v9.0, v9.0.1, v9.0.2 y v10, cuando una contraseña no está configurada, permite a atacantes remotos evitar la autenticación y posiblemente ejecutar código arbitrario a través de vectores no especificados, como se explotó en enero de 2013. Adobe Coldfusion contains an a... • https://www.exploit-db.com/exploits/24946 • CWE-255: Credentials Management Errors CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 80%CPEs: 4EXPL: 1CVE-2013-0629 – Adobe ColdFusion Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2013-0629
09 Jan 2013 — Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013. Adobe ColdFusion v9.0, v9.0.1, v9.0.2 y v10, cuando una contraseña no está configurada, permite a los atacantes acceder a directorios restringidos a través de vectores no especificados, como se explotó en enero de 2013. Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorize... • https://www.exploit-db.com/exploits/24946 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 82%CPEs: 3EXPL: 0CVE-2013-0631 – Adobe ColdFusion Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2013-0631
09 Jan 2013 — Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. Adobe ColdFusion v9.0, v9.0.1, y v9.0.2 permite a los atacantes obtener información sensible a través de vectores no especificados, como se explotó en enero de 2013. Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server. • http://www.adobe.com/support/security/advisories/apsa13-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2012-5675
https://notcve.org/view.php?id=CVE-2012-5675
12 Dec 2012 — Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors. Adobe ColdFusion v9.0 hasta v9.0.2 y v10 permite a usuarios locales evitar permisos de entorno de ejecución seguros en alojamiento compartido a través de vectores no especificados • http://www.adobe.com/support/security/bulletins/apsb12-26.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-5674
https://notcve.org/view.php?id=CVE-2012-5674
20 Nov 2012 — Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en Adobe ColdFusion v10 antes de Update 5, cuando los Servicios de Internet Information Server (IIS) se utilizan, permite a atacantes provocar una denegación de servicio a través de vectores desconocidos. • http://osvdb.org/87555 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2048
https://notcve.org/view.php?id=CVE-2012-2048
12 Sep 2012 — Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en Adobe ColdFusion 10 y anteriores permite a atacantes provocar una denegación de servicio a través de vectores desconocidos. • http://osvdb.org/85317 •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 0CVE-2012-2041
https://notcve.org/view.php?id=CVE-2012-2041
13 Jun 2012 — CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en el navegador de componente de Adobe ColdFusion 8.0 hasta la versión 9.0.1. Permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuestas HTTP a través de vectores sin especificar. • http://www.adobe.com/support/security/bulletins/apsb12-15.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2012-0770
https://notcve.org/view.php?id=CVE-2012-0770
13 Mar 2012 — Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Adobe ColdFusion v8.0, v8.0.1, v9.0 y v9.0.1, calcula los valores hash de los parámetros del formulario sin restringir la capacidad de desencadenar colisiones de hash predecibles, lo que permite a atacantes remotos provocar una denegación de ... • http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html •
CVSS: 6.1EPSS: 24%CPEs: 4EXPL: 0CVE-2011-4368
https://notcve.org/view.php?id=CVE-2011-4368
14 Dec 2011 — Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Remote Development Services (RDS) en Adobe ColdFusion v8.0 hasta v9.0.1. • http://www.adobe.com/support/security/bulletins/apsb11-29.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •