Every CVE whose affected-product data names Macromedia Coldfusion, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2004-0646 — CVSS 10.0 (critical): Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for…
CVE-2001-1514 — CVSS 10.0 (critical): ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass…
CVE-2002-1309 — CVSS 7.5 (high): Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers…
CVE-2001-1427 — CVSS 7.5 (high): Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via…
CVE-2005-4342 — CVSS 7.5 (high): ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the…
CVE-2004-1478 — CVSS 7.5 (high): JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and…
CVE-2006-3979 — CVSS 7.2 (high): The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the…
CVE-2004-2204 — CVSS 7.2 (high): Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local…
CVE-2005-4345 — CVSS 7.2 (high): Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers…
CVE-2006-2364 — CVSS 5.8 (medium): Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject…
CVE-2004-2331 — CVSS 5.5 (medium): ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java…
CVE-2004-2330 — CVSS 5.0 (medium): ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form…
CVE-2004-2505 — CVSS 5.0 (medium): Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of…
CVE-2005-1022 — CVSS 5.0 (medium): ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to…
CVE-2003-1469 — CVSS 5.0 (medium): The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to…
CVE-2004-1815 — CVSS 5.0 (medium): Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument…
CVE-2002-1992 — CVSS 5.0 (medium): Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via…
CVE-2005-4343 — CVSS 5.0 (medium): Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail…
CVE-2004-0928 — CVSS 5.0 (medium): The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass…
CVE-2005-1555 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or…
CVE-2002-1700 — CVSS 4.3 (medium): Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute…
CVE-2005-2306 — CVSS 3.7 (low): Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication…
CVE-2004-0407 — CVSS 2.6 (low): The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers…
CVE-2005-4344 — CVSS 2.1 (low): Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local…