Posts Tagged ‘ColdFusion’

Security Patches

Security Patches

Adobe and Microsoft on Tuesday released monthly updates for its software, eliminating  a number of critical vulnerabilities and bugs in the code for the their popular products.

Adobe Systems eliminated vulnerabilities in their three popular sets – Coldfusion, Flash and Shockwave. For Flash update is available for operating systems Windows, Mac OS X and Linux, mobile version of the updated player was also released for the operating system Android. According to Adobe, update fixes vulnerabilities in the four points of the product. (more…)

Adobe Logo

Vulnerabilities in Adobe ColdFusion

Company Adobe released a security update for its scripting language ColdFusion.

According to the message of developers, at the time of emergence of updatings the corrected vulnerabilities actively were operated by malicious software in such versions of the program, as 10, 9.0.2, 9.0.1 and 9 for the Windows, Mac OS X and UNIX operating systems.

Let’s remind, earlier the company already reported that these gaps allow the removed malefactor to bypass the authentication mechanism, to get access to the protected directories, and also complete control over system. All eliminated Adobe of vulnerability contain in ColdFusion of versions 9.x. Thus two gaps are present also at version 10 ColdFusion. (more…)

Vulnerability

Vulnerabilities in Adobe ColdFusion

Vulnerability: Multiple Vulnerabilities Adobe ColdFusion

Danger level: Critical
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2013-0625
CVE-2013-0629
CVE-2013-0631

Affected Products: Adobe ColdFusion 9.x
Adobe ColdFusion 10.x

Affected versions: ColdFusion 10, ColdFusion 9.0.2, ColdFusion 9.0.1, ColdFusion 9.0 (more…)

Adobe Logo

Vulnerabilities in Adobe ColdFusion

Vulnerability: Multiple Vulnerabilities in Adobe ColdFusion

Danger level: Critical
Availability of fixes: Instructions on elimination
Number of vulnerabilities: 3

Affected Products: Adobe ColdFusion 9.x
Adobe ColdFusion 10.x

Affected versions: ColdFusion 10, ColdFusion 9.0.2, ColdFusion 9.0.1, ColdFusion 9.0

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

1. The vulnerability is caused due to an unspecified error. This can be exploited to bypass the authentication functionality and gain full control over the target system. (more…)