Weekly Vulnerabilities Reports > January 7 to 13, 2013

Overview

3 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 1 products from 1 vendors including and Adobe. Vulnerabilities are notably categorized as and "Improper Authentication".

  • 3 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 3 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 3 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-09 CVE-2013-0625 Adobe Improper Authentication vulnerability in Adobe Coldfusion 9.0/9.0.1/9.0.2

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.

9.8

2 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-09 CVE-2013-0631 Adobe Unspecified vulnerability in Adobe Coldfusion 9.0/9.0.1/9.0.2

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.

7.5
2013-01-09 CVE-2013-0629 Adobe Unspecified vulnerability in Adobe Coldfusion

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.

7.5

0 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS