CVSS: 5.0EPSS: 97%CPEs: 4EXPL: 2CVE-2013-3336 – ColdFusion 9-10 - Credential Disclosure
https://notcve.org/view.php?id=CVE-2013-3336
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. Vulnerabilidad sin especificar en Adobe ColFusion v9.0, v9.0.1, v9.0.2, y v10 que permite a atacantes remotos leer ficheros arbitrarios a través de vectores sin especificar. • https://www.exploit-db.com/exploits/25305 http://www.adobe.com/support/security/advisories/apsa13-03.html http://www.adobe.com/support/security/bulletins/apsb13-13.html http://www.exploit-db.com/exploits/25305 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-1387
https://notcve.org/view.php?id=CVE-2013-1387
Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to impersonate users via unknown vectors. Vulnerabilidad no especificada en Adobe ColdFusion v9.0 anterior a Update v10, v9.0.1 anterior a Update v9, v9.0.2 anterior a Update v4, y v10 anterior a Update v9 permite a los atacantes suplantar a los usuarios a través de vectores desconocidos. • http://www.adobe.com/support/security/bulletins/apsb13-10.html •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-1388
https://notcve.org/view.php?id=CVE-2013-1388
Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors. Vulnerabilidad sin especificar en Adobe ColdFusion v9.0 anterior a Update v10, v9.0.1 anterior a v9, v9.0.2 anterior a Update v4, y v10 anterior a Update v9 que permite a atacantes conseguir consola de administrador a través de vectores sin especificar. • http://www.adobe.com/support/security/bulletins/apsb13-10.html •
CVSS: 10.0EPSS: 97%CPEs: 4EXPL: 4CVE-2013-0632 – Adobe ColdFusion Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-0632
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. En el archivo administrator.cfc en ColdFusion de Adobe versiones 9.0, 9.0.1, 9.0.2 y 10, permite a los atacantes remotos omitir la autenticación y posiblemente ejecutar código arbitrario mediante el inicio de sesión en el componente RDS con el valor de contraseña vacía por defecto y aprovechando esta sesión para acceder a la interfaz web administrativa, como se explotó “in the wild” en Enero de 2013. An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access. • https://www.exploit-db.com/exploits/30210 https://www.exploit-db.com/exploits/24946 https://www.exploit-db.com/exploits/27755 http://www.adobe.com/support/security/advisories/apsa13-01.html http://www.adobe.com/support/security/bulletins/apsb13-03.html http://www.exploit-db.com/exploits/30210 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 63%CPEs: 4EXPL: 1CVE-2013-0625 – Adobe ColdFusion Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-0625
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. Adobe ColdFusion v9.0, v9.0.1, v9.0.2 y v10, cuando una contraseña no está configurada, permite a atacantes remotos evitar la autenticación y posiblemente ejecutar código arbitrario a través de vectores no especificados, como se explotó en enero de 2013. Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access. • https://www.exploit-db.com/exploits/24946 http://www.adobe.com/support/security/advisories/apsa13-01.html http://www.adobe.com/support/security/bulletins/apsb13-03.html http://www.securityfocus.com/bid/57164 • CWE-255: Credentials Management Errors •