Vulnerabilities > Adobe > Coldfusion

DATE CVE VULNERABILITY TITLE RISK
2013-01-17 CVE-2013-0632 Incorrect Default Permissions vulnerability in Adobe Coldfusion
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
network
low complexity
adobe CWE-276
critical
 9.8
9.8
2013-01-09 CVE-2013-0631 Unspecified vulnerability in Adobe Coldfusion 9.0/9.0.1/9.0.2
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.
network
low complexity
adobe
7.5
7.5
2013-01-09 CVE-2013-0629 Unspecified vulnerability in Adobe Coldfusion
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
network
low complexity
adobe
7.5
7.5
2013-01-09 CVE-2013-0625 Improper Authentication vulnerability in Adobe Coldfusion 9.0/9.0.1/9.0.2
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
network
low complexity
adobe CWE-287
critical
 9.8
9.8
2010-08-11 CVE-2010-2861 Path Traversal vulnerability in Adobe Coldfusion
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
network
low complexity
adobe CWE-22
critical
 9.8
9.8
2010-02-15 CVE-2009-3960 Unspecified vulnerability in Adobe products
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
network
low complexity
adobe
6.5
6.5