exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 97 RSS Feed

Files

Adobe ColdFusion 7 Cross Site Scripting
Posted Sep 27, 2011
Authored by MustLive

Adobe ColdFusion versions 7 and below suffer from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 2ccd4259b49d3c5a585be5893ffc080df3ab2abf68b634f4feb4cf7bb5aaa8f4

Related Files

Adobe ColdFusion 11 Remote Code Execution
Posted Feb 23, 2022
Authored by Amel Bouziane-Leblond

Adobe ColdFusion version 11.0.03.292866 suffers from an LDAP Java object deserialization remote code execution vulnerability.

tags | exploit, java, remote, code execution
SHA-256 | 9d45f7b3775110c52e0ff7ea7328e525f75a0d7067c029a47386e51894bfa08f
Adobe ColdFusion 8 Remote Command Execution
Posted Jun 24, 2021
Authored by Pergyz

Adobe ColdFusion 8 remote command execution exploit.

tags | exploit, remote
advisories | CVE-2009-2265
SHA-256 | 2641dc8dea746f5bc8e25940e7ce8a00223a7fa63b29a5e18fae874ce86d1220
Adobe ColdFusion RDS Authentication Bypass
Posted Nov 7, 2019
Authored by Scott Buckel | Site metasploit.com

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Due to default settings or misconfiguration, its password can be set to an empty value. This allows an attacker to create a session via the RDS login that can be carried over to the admin web interface even though the passwords might be different, and therefore bypassing authentication on the admin web interface leading to arbitrary code execution. Tested on Windows and Linux with ColdFusion 9.

tags | exploit, remote, web, arbitrary, code execution
systems | linux, windows
SHA-256 | 3d52780df4fd657f5edbff4f1d8f4865fab5e58f3cd48af4352aa3aafdd16a32
Coldfusion / JNBridge Remote Code Execution
Posted Jun 26, 2019
Authored by Moritz Bechler | Site syss.de

Coldfusion versions 2016 and 2018 along with all current versions of JNBridge suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2019-7839
SHA-256 | f87b353777ae773d0c72b225ac02ae458075bc752b4b21bb6aaa070c2db3e58d
Adobe Coldfusion 11 CKEditor Arbitrary File Upload
Posted Jan 10, 2019
Authored by Vahagn Vardanian, Pete Freitag de Foundeo, Qazeer | Site metasploit.com

A file upload vulnerability exists in the CKEditor of Adobe ColdFusion 11 (Update 14 and earlier).

tags | exploit, file upload
advisories | CVE-2018-15961
SHA-256 | 0d365afb0d6b2a324a2e6192d6ce6443105fada13d13da91a9c3b3c7c50905bc
Adobe ColdFusion 2018 Shell Upload
Posted Dec 12, 2018
Authored by Pete Freitag

Adobe ColdFusion 2018 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2018-15961
SHA-256 | 6d9b1d1741c77f9c05d013bc913c530aed0fc116578b9cea6fe2208f752cbb54
Adobe Coldfusion 11.0.03.292866 Remote Code Execution
Posted Feb 7, 2018
Authored by Faisal Tameesh

Adobe Coldfusion version 11.0.03.292866 BlazeDS java object deserialization remote code execution exploit.

tags | exploit, java, remote, code execution
advisories | CVE-2017-3066
SHA-256 | 9f43954491b5424ac6ee32a1cc680c100107de9af5a045c39dae3bcff46fe242
Adobe ColdFusion 11 XML External Entity Injection
Posted Sep 7, 2016
Authored by Dawid Golunski

Adobe ColdFusion versions 11 and below suffer from an XML external entity (XXE) injection vulnerability.

tags | exploit, xxe
advisories | CVE-2016-4264
SHA-256 | a212b04a6debb5df2b3e137824d36dd10c3fdf16684e40ee63a9ffdcf54319c3
Adobe ColdFusion MX6 Password Decryptor
Posted Aug 4, 2014
Authored by Mr.Un1k0d3r

This tool enables you to retrieve the plain text password for ColdFusion MX6.

tags | tool, cracker
systems | linux
SHA-256 | 543692f3fd74edd0b41e614f6085c612d94532ddc074cb70c223cfe91e09049e
Adobe ColdFusion 9 Administrative Login Bypass
Posted Dec 11, 2013
Authored by Scott Buckel | Site metasploit.com

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Its password can by default or by misconfiguration be set to an empty value. This allows you to create a session via the RDS login that can be carried over to the admin web interface even though the passwords might be different. Therefore bypassing authentication on the admin web interface which then could lead to arbitrary code execution. Tested on Windows and Linux with ColdFusion 9.

tags | exploit, remote, web, arbitrary, code execution
systems | linux, windows
SHA-256 | 09ebd63c7a46949c50bf462317ac70d7ecfe31f97bac6c746f870def7e83e007
Packet Storm Advisory 2013-0819-2 - Adobe ColdFusion 9 Administrative Login Bypass
Posted Aug 19, 2013
Authored by Scott Buckel | Site packetstormsecurity.com

Adobe ColdFusion versions 9.0, 9.0.1, and 9.0.2 do not properly check the "rdsPasswordAllowed" field when accessing the Administrator API CFC that is used for logging in. The login function never checks if RDS is enabled when rdsPasswordAllowed="true". This means that if RDS was not configured, the RDS user does not have a password associated with their username. This means by setting rdsPasswordAllowed to "true", we can bypass the admin login to use the rdsPassword, which in most cases, is blank. These details were purchased through the Packet Storm Bug Bounty program and are being released to the community.

tags | exploit, remote, bug bounty, packet storm
advisories | CVE-2013-0632
SHA-256 | 8267635397115a7b25f386e8ba0802efb22e55b7e7adf3d4e3cdb5c91b1eb2f6
ColdFusion 9 / 10 Remote Root
Posted May 7, 2013
Authored by HTP

ColdFusion version 9 and 10 remote root zero day exploit as released in HTP version 5.

tags | exploit, remote, root
SHA-256 | 7ca7d0dbbf03c4e7f09cce36a6785fc2d64fa398061c3b4afd5d406f11f33c4e
Adobe ColdFusion APSB13-03 Command Execution
Posted Apr 10, 2013
Authored by Jon Hart | Site metasploit.com

This Metasploit module exploits a pile of vulnerabilities in Adobe ColdFusion APSB13-03 including arbitrary command execution in scheduleedit.cfm (9.x only), directory traversal, and authentication bypass issues.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632
SHA-256 | fc81458d632a151d75dbee734ef554512dc7bbdc7f0bfbae5d6c44fcafa675bf
Secunia Security Advisory 51551
Posted Dec 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 58ad1d5809365dedc01e3145ecae12692486cb2202735057875535e42298bdc3
Secunia Security Advisory 51335
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 135426d29a0c4837e2d882f49e72bf45f6de288695a3cdc81b64dd7b0d73b468
Secunia Security Advisory 50523
Posted Sep 11, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ColdFusion, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | f3071207e7f8e86e85d6f2836a32c0cc0b5f4b33bce46970540f89454d37d3f9
Secunia Security Advisory 49517
Posted Jun 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious people to conduct HTTP response splitting attacks.

tags | advisory, web
SHA-256 | a6eb8904fd5587681f32bb5352dfd166fbb78eedca4aa0ab7c3797bb8797a7df
Secunia Security Advisory 48393
Posted Mar 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | cab1aa7969bd3e1c2f57c1d7f934eccdaf3e1adcf27b4da64c66a218a07f94d9
Secunia Security Advisory 47251
Posted Dec 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Adobe ColdFusion, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 08d063e7a613b265be263725663d390b85d570170f85c4c8d864e0ad7817ba54
Adobe ColdFusion 9 Denial Of Service
Posted Nov 16, 2011
Authored by MustLive

Adobe ColdFusion 9 suffers from denial of service and path disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure
SHA-256 | c762cc8de72a8791139ab35b5a17100c35a7cd95e037d72f1b167b6f20fde5eb
Top Seven ColdFusion Security Issues
Posted Sep 14, 2011
Authored by Sysmox

This whitepaper discusses the most prevalent security issues with server configurations and application implementations for ColdFusion.

tags | paper
SHA-256 | 88b4ae6ec50477ea59f03c75c24ad0e58dfd2ff3ab41d93aa6d23e371ea194da
Secunia Security Advisory 45620
Posted Aug 19, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - G.R0b1n has discovered a vulnerability in Adobe ColdFusion, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 81527c66d7dd0733b0c803a3f1e599dc0d65fc2b7d914ad531d54629bba702dc
ColdFusion probe.cfm Cross Site Scripting
Posted Aug 19, 2011
Authored by Rem7ter

ColdFusion suffers from a cross site scripting vulnerability in probe.cfm.

tags | exploit, xss
SHA-256 | 614864fce2758c58847e6cee347db6486646f9a32bbeb09bdd13ab33ee47032c
Secunia Security Advisory 43013
Posted Jun 16, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe ColdFusion, which can be exploited by malicious people to conduct cross-site request forgery attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability, csrf
SHA-256 | 5e9a9908fcdaa8e9e907e36db113e96092138b98c301a663956812c39f7d62a4
Adobe ColdFusion - Directory Traversal
Posted Mar 16, 2011
Authored by webDEViL | Site metasploit.com

This Metasploit module exploits a directory traversal bug in Adobe ColdFusion. By reading the password.properties a user can login using the encrypted password itself. This should work on version 8 and below.

tags | exploit
advisories | CVE-2010-2861, OSVDB-67047
SHA-256 | 30d24479f36de7b6cb78e0669b676ca8ad8705ff92ec0b9d808502f823261cc0
Page 1 of 4
Back1234Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close