CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2010-5290
https://notcve.org/view.php?id=CVE-2010-5290
20 Sep 2013 — The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861. El proceso de autenticación en Adobe ColdFusion anteriores a v10 no requiere conocimiento de la contraseña en claro si el hash de la contraseña es conocido, lo cual facilita a atacan... • http://osvdb.org/97553 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-3349
https://notcve.org/view.php?id=CVE-2013-3349
10 Jul 2013 — Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors. Vulnerabilidad sin especificar en Adobe ColdFusion 9.0 a la 9.0.2, cuando el servidor de aplicación JRun está siendo usado, permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://www.adobe.com/support/security/bulletins/apsb13-19.html •
CVSS: 10.0EPSS: 21%CPEs: 10EXPL: 0CVE-2013-1389
https://notcve.org/view.php?id=CVE-2013-1389
16 May 2013 — Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en Adobe ColdFusión v9.0 anterior a Update 11, v9.0.1 anterior a Update v10, v9.0.2 anterior a Update 5, y v10 anterior a Update 10 permite a atacantes remotos ejecutar código arbitrario mediante vectores desconocidos. • http://www.adobe.com/support/security/bulletins/apsb13-13.html •
CVSS: 7.5EPSS: 85%CPEs: 4EXPL: 3CVE-2013-3336 – ColdFusion 9-10 - Credential Disclosure
https://notcve.org/view.php?id=CVE-2013-3336
09 May 2013 — Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. Vulnerabilidad sin especificar en Adobe ColFusion v9.0, v9.0.1, v9.0.2, y v10 que permite a atacantes remotos leer ficheros arbitrarios a través de vectores sin especificar. • https://packetstorm.news/files/id/180681 •
CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0CVE-2013-1387
https://notcve.org/view.php?id=CVE-2013-1387
10 Apr 2013 — Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to impersonate users via unknown vectors. Vulnerabilidad no especificada en Adobe ColdFusion v9.0 anterior a Update v10, v9.0.1 anterior a Update v9, v9.0.2 anterior a Update v4, y v10 anterior a Update v9 permite a los atacantes suplantar a los usuarios a través de vectores desconocidos. • http://www.adobe.com/support/security/bulletins/apsb13-10.html •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2013-1388
https://notcve.org/view.php?id=CVE-2013-1388
10 Apr 2013 — Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors. Vulnerabilidad sin especificar en Adobe ColdFusion v9.0 anterior a Update v10, v9.0.1 anterior a v9, v9.0.2 anterior a Update v4, y v10 anterior a Update v9 que permite a atacantes conseguir consola de administrador a través de vectores sin especificar. • http://www.adobe.com/support/security/bulletins/apsb13-10.html •
CVSS: 10.0EPSS: 92%CPEs: 4EXPL: 5CVE-2013-0632 – Adobe ColdFusion Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-0632
17 Jan 2013 — administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. En el archivo administrator.cfc en ColdFusion de Adobe versiones 9.0, 9.0.1, 9.0.2 y 10, permite a los atacantes remotos omitir la autenticación y posiblemente ejecutar código arbit... • https://packetstorm.news/files/id/122864 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 86%CPEs: 4EXPL: 1CVE-2013-0625 – Adobe ColdFusion Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-0625
09 Jan 2013 — Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. Adobe ColdFusion v9.0, v9.0.1, v9.0.2 y v10, cuando una contraseña no está configurada, permite a atacantes remotos evitar la autenticación y posiblemente ejecutar código arbitrario a través de vectores no especificados, como se explotó en enero de 2013. Adobe Coldfusion contains an a... • https://www.exploit-db.com/exploits/24946 • CWE-255: Credentials Management Errors CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 81%CPEs: 4EXPL: 1CVE-2013-0629 – Adobe ColdFusion Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2013-0629
09 Jan 2013 — Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013. Adobe ColdFusion v9.0, v9.0.1, v9.0.2 y v10, cuando una contraseña no está configurada, permite a los atacantes acceder a directorios restringidos a través de vectores no especificados, como se explotó en enero de 2013. Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorize... • https://www.exploit-db.com/exploits/24946 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 78%CPEs: 3EXPL: 0CVE-2013-0631 – Adobe ColdFusion Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2013-0631
09 Jan 2013 — Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. Adobe ColdFusion v9.0, v9.0.1, y v9.0.2 permite a los atacantes obtener información sensible a través de vectores no especificados, como se explotó en enero de 2013. Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server. • http://www.adobe.com/support/security/advisories/apsa13-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •