Vulnerabilities > Adobe > Coldfusion > 7.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-20 | CVE-2010-5290 | Credentials Management vulnerability in Adobe Coldfusion The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861. | 10.0 |
| 2012-09-12 | CVE-2012-2048 | Local Denial of Service vulnerability in Adobe ColdFusion Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors. | 5.0 |
| 2010-08-11 | CVE-2010-2861 | Path Traversal vulnerability in Adobe Coldfusion Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/. | 7.5 |
| 2010-05-13 | CVE-2010-1294 | Information Exposure vulnerability in Adobe Coldfusion Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors. | 2.1 |
| 2010-05-13 | CVE-2010-1293 | Cross-Site Scripting vulnerability in Adobe Coldfusion Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-05-13 | CVE-2009-3467 | Cross-Site Scripting vulnerability in Adobe Coldfusion Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2009-08-18 | CVE-2009-1878 | Improper Authentication vulnerability in Adobe Coldfusion Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | 5.8 |
| 2009-08-18 | CVE-2009-1877 | Cross-Site Scripting vulnerability in Adobe Coldfusion Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875. | 4.3 |
| 2009-08-18 | CVE-2009-1876 | Unspecified vulnerability in Adobe Coldfusion Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability." | 5.0 |
| 2009-08-18 | CVE-2009-1875 | Cross-Site Scripting vulnerability in Adobe Coldfusion Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877. | 4.3 |