CVSS: 10.0EPSS: 88%CPEs: 39EXPL: 2CVE-2017-3066 – Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-3066
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution. Adobe ColdFusion 2016 Update 3 y anteriores, ColdFusion 11 update 11 y anteriores, ColdFusion 10 Update 22 y anteriores tienen una vulnerabilidad de deserialización de Java en la librería Apache BlazeDS. Una explotación exitosa podría conducir a la ejecución arbitraria de código. • https://www.exploit-db.com/exploits/43993 https://github.com/cucadili/CVE-2017-3066 http://www.securityfocus.com/bid/98003 http://www.securitytracker.com/id/1038364 https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-7887
https://notcve.org/view.php?id=CVE-2016-7887
Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure. Adobe ColdFusion Builder versión 2016 actualización 2 y versiones anteriores, 3.0.3 y versiones anteriores tienen una vulnerabilidad importante que podría conducir a la divulgación de información. • http://www.securityfocus.com/bid/94874 http://www.securitytracker.com/id/1037443 https://helpx.adobe.com/security/products/coldfusion/apsb16-44.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2016-4159
https://notcve.org/view.php?id=CVE-2016-4159
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Adobe ColdFusion 10 en versiones anteriores a Update 20, 11 en versiones anteriores a Update 9 y 2016 en versiones anteriores a Update 2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securitytracker.com/id/1036098 https://helpx.adobe.com/security/products/coldfusion/apsb16-22.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 28EXPL: 0CVE-2016-1115
https://notcve.org/view.php?id=CVE-2016-1115
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. Adobe ColdFusion 10 en versiones anteriores a Update 19, 11 en versiones anteriores a Update 8 y 2016 en versiones anteriores a Update 1 no maneja correctamente comodines en campos name de certificados X.509, lo que podría permitir a atacantes man-in-the-middle suplantar servidoresservers a través de un certificado manipulado. • http://www.securityfocus.com/bid/90514 http://www.securitytracker.com/id/1035829 https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 1%CPEs: 28EXPL: 0CVE-2016-1113
https://notcve.org/view.php?id=CVE-2016-1113
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Adobe ColdFusion 10 en versiones anteriores a Update 19, 11 en versiones anteriores a Update 8 y 2016 en versiones anteriores a Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/90507 http://www.securitytracker.com/id/1035829 https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •