what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files

Adobe ColdFusion 8 Remote Command Execution
Posted Jun 24, 2021
Authored by Pergyz

Adobe ColdFusion 8 remote command execution exploit.

tags | exploit, remote
advisories | CVE-2009-2265
SHA-256 | 2641dc8dea746f5bc8e25940e7ce8a00223a7fa63b29a5e18fae874ce86d1220

Related Files

Adobe ColdFusion 11 Remote Code Execution
Posted Feb 23, 2022
Authored by Amel Bouziane-Leblond

Adobe ColdFusion version 11.0.03.292866 suffers from an LDAP Java object deserialization remote code execution vulnerability.

tags | exploit, java, remote, code execution
SHA-256 | 9d45f7b3775110c52e0ff7ea7328e525f75a0d7067c029a47386e51894bfa08f
Adobe ColdFusion RDS Authentication Bypass
Posted Nov 7, 2019
Authored by Scott Buckel | Site metasploit.com

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Due to default settings or misconfiguration, its password can be set to an empty value. This allows an attacker to create a session via the RDS login that can be carried over to the admin web interface even though the passwords might be different, and therefore bypassing authentication on the admin web interface leading to arbitrary code execution. Tested on Windows and Linux with ColdFusion 9.

tags | exploit, remote, web, arbitrary, code execution
systems | linux, windows
SHA-256 | 3d52780df4fd657f5edbff4f1d8f4865fab5e58f3cd48af4352aa3aafdd16a32
Adobe Coldfusion 11 CKEditor Arbitrary File Upload
Posted Jan 10, 2019
Authored by Vahagn Vardanian, Pete Freitag de Foundeo, Qazeer | Site metasploit.com

A file upload vulnerability exists in the CKEditor of Adobe ColdFusion 11 (Update 14 and earlier).

tags | exploit, file upload
advisories | CVE-2018-15961
SHA-256 | 0d365afb0d6b2a324a2e6192d6ce6443105fada13d13da91a9c3b3c7c50905bc
Adobe ColdFusion 2018 Shell Upload
Posted Dec 12, 2018
Authored by Pete Freitag

Adobe ColdFusion 2018 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2018-15961
SHA-256 | 6d9b1d1741c77f9c05d013bc913c530aed0fc116578b9cea6fe2208f752cbb54
Adobe Coldfusion 11.0.03.292866 Remote Code Execution
Posted Feb 7, 2018
Authored by Faisal Tameesh

Adobe Coldfusion version 11.0.03.292866 BlazeDS java object deserialization remote code execution exploit.

tags | exploit, java, remote, code execution
advisories | CVE-2017-3066
SHA-256 | 9f43954491b5424ac6ee32a1cc680c100107de9af5a045c39dae3bcff46fe242
Adobe ColdFusion 11 XML External Entity Injection
Posted Sep 7, 2016
Authored by Dawid Golunski

Adobe ColdFusion versions 11 and below suffer from an XML external entity (XXE) injection vulnerability.

tags | exploit, xxe
advisories | CVE-2016-4264
SHA-256 | a212b04a6debb5df2b3e137824d36dd10c3fdf16684e40ee63a9ffdcf54319c3
Adobe ColdFusion 9 Administrative Login Bypass
Posted Dec 11, 2013
Authored by Scott Buckel | Site metasploit.com

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Its password can by default or by misconfiguration be set to an empty value. This allows you to create a session via the RDS login that can be carried over to the admin web interface even though the passwords might be different. Therefore bypassing authentication on the admin web interface which then could lead to arbitrary code execution. Tested on Windows and Linux with ColdFusion 9.

tags | exploit, remote, web, arbitrary, code execution
systems | linux, windows
SHA-256 | 09ebd63c7a46949c50bf462317ac70d7ecfe31f97bac6c746f870def7e83e007
Packet Storm Advisory 2013-0819-2 - Adobe ColdFusion 9 Administrative Login Bypass
Posted Aug 19, 2013
Authored by Scott Buckel | Site packetstormsecurity.com

Adobe ColdFusion versions 9.0, 9.0.1, and 9.0.2 do not properly check the "rdsPasswordAllowed" field when accessing the Administrator API CFC that is used for logging in. The login function never checks if RDS is enabled when rdsPasswordAllowed="true". This means that if RDS was not configured, the RDS user does not have a password associated with their username. This means by setting rdsPasswordAllowed to "true", we can bypass the admin login to use the rdsPassword, which in most cases, is blank. These details were purchased through the Packet Storm Bug Bounty program and are being released to the community.

tags | exploit, remote, bug bounty, packet storm
advisories | CVE-2013-0632
SHA-256 | 8267635397115a7b25f386e8ba0802efb22e55b7e7adf3d4e3cdb5c91b1eb2f6
Adobe ColdFusion APSB13-03 Command Execution
Posted Apr 10, 2013
Authored by Jon Hart | Site metasploit.com

This Metasploit module exploits a pile of vulnerabilities in Adobe ColdFusion APSB13-03 including arbitrary command execution in scheduleedit.cfm (9.x only), directory traversal, and authentication bypass issues.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632
SHA-256 | fc81458d632a151d75dbee734ef554512dc7bbdc7f0bfbae5d6c44fcafa675bf
Secunia Security Advisory 51551
Posted Dec 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 58ad1d5809365dedc01e3145ecae12692486cb2202735057875535e42298bdc3
Secunia Security Advisory 51335
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 135426d29a0c4837e2d882f49e72bf45f6de288695a3cdc81b64dd7b0d73b468
Secunia Security Advisory 49517
Posted Jun 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious people to conduct HTTP response splitting attacks.

tags | advisory, web
SHA-256 | a6eb8904fd5587681f32bb5352dfd166fbb78eedca4aa0ab7c3797bb8797a7df
Secunia Security Advisory 48393
Posted Mar 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | cab1aa7969bd3e1c2f57c1d7f934eccdaf3e1adcf27b4da64c66a218a07f94d9
Secunia Security Advisory 47251
Posted Dec 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Adobe ColdFusion, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 08d063e7a613b265be263725663d390b85d570170f85c4c8d864e0ad7817ba54
Adobe ColdFusion 9 Denial Of Service
Posted Nov 16, 2011
Authored by MustLive

Adobe ColdFusion 9 suffers from denial of service and path disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure
SHA-256 | c762cc8de72a8791139ab35b5a17100c35a7cd95e037d72f1b167b6f20fde5eb
Adobe ColdFusion 7 Cross Site Scripting
Posted Sep 27, 2011
Authored by MustLive

Adobe ColdFusion versions 7 and below suffer from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 2ccd4259b49d3c5a585be5893ffc080df3ab2abf68b634f4feb4cf7bb5aaa8f4
Secunia Security Advisory 45620
Posted Aug 19, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - G.R0b1n has discovered a vulnerability in Adobe ColdFusion, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 81527c66d7dd0733b0c803a3f1e599dc0d65fc2b7d914ad531d54629bba702dc
Secunia Security Advisory 43013
Posted Jun 16, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe ColdFusion, which can be exploited by malicious people to conduct cross-site request forgery attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability, csrf
SHA-256 | 5e9a9908fcdaa8e9e907e36db113e96092138b98c301a663956812c39f7d62a4
Adobe ColdFusion - Directory Traversal
Posted Mar 16, 2011
Authored by webDEViL | Site metasploit.com

This Metasploit module exploits a directory traversal bug in Adobe ColdFusion. By reading the password.properties a user can login using the encrypted password itself. This should work on version 8 and below.

tags | exploit
advisories | CVE-2010-2861, OSVDB-67047
SHA-256 | 30d24479f36de7b6cb78e0669b676ca8ad8705ff92ec0b9d808502f823261cc0
Adobe ColdFusion Cross Site Scripting
Posted Mar 16, 2011
Authored by ProCheckUp, Richard Brain | Site procheckup.com

Adobe ColdFusion suffers from multiple cross site scripting and information disclosure vulnerabilities in the administration console.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | d873c49e2d5b51031c48ef05bac08618d85d900ad26132a94d2342aa6e42ee80
Secunia Security Advisory 43264
Posted Feb 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Adobe ColdFusion, which can be exploited by malicious people to disclose certain information, conduct cross-site scripting, HTTP header injection, and session fixation attacks.

tags | advisory, web, vulnerability, xss
SHA-256 | 2ffb345772e0fcd4abe3bbce379138ab0d2e0e7a921f329f9c1d3043dd5de1f9
Adobe ColdFusion Cross Site Scripting / Disclosure
Posted Jan 28, 2011
Authored by MustLive

Adobe ColdFusion suffers from cross site scripting and disclosure vulnerabilities.

tags | exploit, vulnerability, xss, sql injection, info disclosure
SHA-256 | 7c7ad4468042f3270eec5cd9989f3673a89812a25841b893851bef7513bdfbda
ColdFusion 8.0.1 Arbitrary File Upload And Execute
Posted Nov 3, 2010
Authored by MC | Site metasploit.com

This Metasploit module exploits the Adobe ColdFusion 8.0.1 FCKeditor 'CurrentFolder' File Upload and Execute vulnerability.

tags | exploit, file upload
advisories | CVE-2009-2265
SHA-256 | ed8d1ef04d8a010a5d9547040860e7779a809135357782fe9bb61bda538a7295
Adobe ColdFusion Directory Traversal
Posted Aug 17, 2010
Authored by carnal0wnage

Proof of concept code that demonstrates the directory traversal vulnerability in Adobe ColdFusion.

tags | exploit, proof of concept, file inclusion
advisories | CVE-2010-2861
SHA-256 | 43a65b1faaaafe5a54c3c852dafbcac5359c61b1c91fa19f9753a464f80ddc3b
ProCheckUp Security Advisory 2010.7
Posted Aug 13, 2010
Authored by ProCheckUp, Richard Brain | Site procheckup.com

The Adobe Coldfusion administration console suffers from a traversal vulnerability that allows for unauthenticated file retrieval.

tags | advisory
advisories | CVE-2010-2861
SHA-256 | 59cbe441b1cfdd493b736961317513e747a4567e06054074f35b525e6cd63aed
Page 1 of 2
Back12Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close