Filtered by vendor Adobe
Subscriptions
Filtered by product Coldfusion
Subscriptions
Total
190 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3467 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2010-1293 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-1294 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors. | ||||
| CVE-2011-0580 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2011-0581 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags. | ||||
| CVE-2011-0582 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Unspecified vulnerability in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allows attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2011-0583 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag. | ||||
| CVE-2011-0584 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2011-0629 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2011-0735 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script." | ||||
| CVE-2011-0733 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file. | ||||
| CVE-2011-0734 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier. | ||||
| CVE-2011-0737 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 5.3 Medium |
| Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure | ||||
| CVE-2011-2091 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2011-2463 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag. | ||||
| CVE-2011-4368 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-0770 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | ||||
| CVE-2012-2041 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2012-2048 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2012-5674 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors. | ||||