CVSS: 6.8EPSS: 63%CPEs: 4EXPL: 1CVE-2013-0625 – Adobe ColdFusion Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-0625
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. Adobe ColdFusion v9.0, v9.0.1, v9.0.2 y v10, cuando una contraseña no está configurada, permite a atacantes remotos evitar la autenticación y posiblemente ejecutar código arbitrario a través de vectores no especificados, como se explotó en enero de 2013. Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access. • https://www.exploit-db.com/exploits/24946 http://www.adobe.com/support/security/advisories/apsa13-01.html http://www.adobe.com/support/security/bulletins/apsb13-03.html http://www.securityfocus.com/bid/57164 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 92%CPEs: 4EXPL: 1CVE-2013-0629 – Adobe ColdFusion Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2013-0629
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013. Adobe ColdFusion v9.0, v9.0.1, v9.0.2 y v10, cuando una contraseña no está configurada, permite a los atacantes acceder a directorios restringidos a través de vectores no especificados, como se explotó en enero de 2013. Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories. • https://www.exploit-db.com/exploits/24946 http://www.adobe.com/support/security/advisories/apsa13-01.html http://www.adobe.com/support/security/bulletins/apsb13-03.html http://www.securityfocus.com/bid/57165 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 82%CPEs: 3EXPL: 0CVE-2013-0631 – Adobe ColdFusion Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2013-0631
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. Adobe ColdFusion v9.0, v9.0.1, y v9.0.2 permite a los atacantes obtener información sensible a través de vectores no especificados, como se explotó en enero de 2013. Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server. • http://www.adobe.com/support/security/advisories/apsa13-01.html http://www.adobe.com/support/security/bulletins/apsb13-03.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2012-5675
https://notcve.org/view.php?id=CVE-2012-5675
Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors. Adobe ColdFusion v9.0 hasta v9.0.2 y v10 permite a usuarios locales evitar permisos de entorno de ejecución seguros en alojamiento compartido a través de vectores no especificados • http://www.adobe.com/support/security/bulletins/apsb12-26.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2048
https://notcve.org/view.php?id=CVE-2012-2048
Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en Adobe ColdFusion 10 y anteriores permite a atacantes provocar una denegación de servicio a través de vectores desconocidos. • http://osvdb.org/85317 http://secunia.com/advisories/50523 http://www.adobe.com/support/security/bulletins/apsb12-21.html http://www.securitytracker.com/id?1027516 https://exchange.xforce.ibmcloud.com/vulnerabilities/78410 •