Adobe Coldfusion vulnerabilities
207 known vulnerabilities affecting adobe/coldfusion.
Total CVEs
207
CISA KEV
16
actively exploited
Public exploits
21
Exploited in wild
17
Severity breakdown
CRITICAL55HIGH59MEDIUM85LOW8
Vulnerabilities
Page 11 of 11
CVE-2006-5858MEDIUMCVSS 5.0≥ 7.0, ≤ 7.0.22006-12-31
CVE-2006-5858 [MEDIUM] CWE-200 CVE-2006-5858: Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.
nvd
CVE-2006-6482MEDIUMCVSS 5.0v7.02006-12-12
CVE-2006-6482 [MEDIUM] CVE-2006-6482: Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) f
Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag.
nvd
CVE-2006-6483LOWCVSS 2.6v7.0v7.0.12006-12-12
CVE-2006-6483 [LOW] CVE-2006-6483: Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cros
Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.
nvd
CVE-2006-3978MEDIUMCVSS 4.6v7.0v7.0.1+1 more2006-10-10
CVE-2006-3978 [MEDIUM] CVE-2006-3978: Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through
Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors.
nvd
CVE-2006-4725MEDIUMCVSS 4.6v7.0v7.0.12006-09-14
CVE-2006-4725 [MEDIUM] CVE-2006-4725: Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call component
Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.
nvd
CVE-2006-4724MEDIUMCVSS 5.0v7.0v7.0.12006-09-14
CVE-2006-4724 [MEDIUM] CVE-2006-4724: Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command.
nvd
CVE-2006-4726LOWCVSS 2.6v6.1v7.0+1 more2006-09-14
CVE-2006-4726 [LOW] CVE-2006-4726: Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attac
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.
nvd
← Previous11 / 11