One Reason Why Your ColdFusion Server May Still Be Vulnerable Even With the Latest Security Updates Installed
Next Tuesday is Adobe Patch Tuesday.
3/5/24, 12:03 AM
Coldfusion
One Reason Why Your ColdFusion Server May Still Be Vulnerable Even With the Latest Security Updates Installed
Next Tuesday is Adobe Patch Tuesday.
3/5/24, 12:03 AM
Coldfusion
What Does ColdFusion's verifyClient() Do?
I recently saw a ColdFusion question about verifyClient and remote CFC functions.
2/27/24, 1:34 AM
Coldfusion
What Does ColdFusion's verifyClient() Do?
I recently saw a ColdFusion question about verifyClient and remote CFC functions.
2/27/24, 1:34 AM
Coldfusion
What Does ColdFusion's verifyClient() Do?
I recently saw a ColdFusion question about verifyClient and remote CFC functions.
2/27/24, 1:34 AM
Coldfusion
Thinking Defensively About Three Recent Lucee Vulnerabilities
Last week, Harsh Jaiswal and Rahul Maini from ProjectDiscovery released some impressive security research on multiple vulnerabilities in Lucee (and Mura CMS and Masa CMS).
2/21/24, 1:23 PM
Coldfusion
Thinking Defensively About Three Recent Lucee Vulnerabilities
Last week, Harsh Jaiswal and Rahul Maini from ProjectDiscovery released some impressive security research on multiple vulnerabilities in Lucee (and Mura CMS and Masa CMS).
2/21/24, 1:23 PM
Coldfusion
Thinking Defensively About Three Recent Lucee Vulnerabilities
Last week, Harsh Jaiswal and Rahul Maini from ProjectDiscovery released some impressive security research on multiple vulnerabilities in Lucee (and Mura CMS and Masa CMS).
2/21/24, 1:23 PM
Coldfusion
A Christmas Post: Beer and Bounties
Christmas came early this year in Potrero Hill and it was sad news for craft beer drinkers.
12/23/23, 5:24 PM
Coldfusion
A Christmas Post: Beer and Bounties
Christmas came early this year in Potrero Hill and it was sad news for craft beer drinkers.
12/23/23, 5:24 PM
Coldfusion
A Christmas Post: Beer and Bounties
Christmas came early this year in Potrero Hill and it was sad news for craft beer drinkers.
12/23/23, 5:24 PM
Coldfusion
Critical Variable Mass Assignment Vulnerability in Adobe ColdFusion (CVE-2023-44350)
BackgroundAdobe ColdFusion is vulnerable to a Mass Assignment vulnerability that can result in an attacker being able to modify the value of any variable in any scope within the context of remote CFC methods.
11/15/23, 12:01 PM
Coldfusion
Critical Variable Mass Assignment Vulnerability in Adobe ColdFusion (CVE-2023-44350)
BackgroundAdobe ColdFusion is vulnerable to a Mass Assignment vulnerability that can result in an attacker being able to modify the value of any variable in any scope within the context of remote CFC methods.
11/15/23, 12:01 PM
Coldfusion
Critical Variable Mass Assignment Vulnerability in Adobe ColdFusion (CVE-2023-44350)
BackgroundAdobe ColdFusion is vulnerable to a Mass Assignment vulnerability that can result in an attacker being able to modify the value of any variable in any scope within the context of remote CFC methods.
11/15/23, 12:01 PM
Coldfusion
New Blog Domain - www.hoyahaxa.com
I recently moved my blog over to a custom domain -- https://www.
10/19/23, 12:00 PM
Coldfusion
New Blog Domain - www.hoyahaxa.com
I recently moved my blog over to a custom domain -- https://www.
10/19/23, 12:00 PM
Coldfusion
New Blog Domain - www.hoyahaxa.com
I recently moved my blog over to a custom domain -- https://www.
10/19/23, 12:00 PM
Coldfusion
ColdFusion, Connectors, and CFAdmin Security (for more than just ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11)
IntroductionThis post is about ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11, but it's also about more than just those versions.
10/18/23, 4:37 PM
Coldfusion
ColdFusion, Connectors, and CFAdmin Security (for more than just ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11)
IntroductionThis post is about ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11, but it's also about more than just those versions.
10/18/23, 4:37 PM
Coldfusion
ColdFusion, Connectors, and CFAdmin Security (for more than just ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11)
IntroductionThis post is about ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11, but it's also about more than just those versions.
10/18/23, 4:37 PM
Coldfusion
Exploiting CVE-2017-11286 Six Years Later: XXE in ColdFusion via WDDX Packet
Introduction🎈🎂🎂🎂🎂🎂🎂🎈Six years ago today, on September 12, 2017, Adobe released APSB17-30.
9/12/23, 3:30 AM
Coldfusion
Exploiting CVE-2017-11286 Six Years Later: XXE in ColdFusion via WDDX Packet
Introduction🎈🎂🎂🎂🎂🎂🎂🎈Six years ago today, on September 12, 2017, Adobe released APSB17-30.
9/12/23, 3:30 AM
Coldfusion
Exploiting CVE-2017-11286 Six Years Later: XXE in ColdFusion via WDDX Packet
Introduction🎈🎂🎂🎂🎂🎂🎂🎈Six years ago today, on September 12, 2017, Adobe released APSB17-30.
9/12/23, 3:30 AM
Coldfusion
Technical Details for CVE-2023-29301: Adobe ColdFusion Access Control Bypass for a CFAdmin Authentication Component
BackgroundIn this post I'll be walking though CVE-2023-29301, which is an access control bypass / password brute force vulnerability in Adobe ColdFusion that I reported to Adobe and was fixed on July 11, 2023 in Adobe Product Security Bulletin APSB23-40.
8/30/23, 9:09 AM
Coldfusion
Technical Details for CVE-2023-29301: Adobe ColdFusion Access Control Bypass for a CFAdmin Authentication Component
BackgroundIn this post I'll be walking though CVE-2023-29301, which is an access control bypass / password brute force vulnerability in Adobe ColdFusion that I reported to Adobe and was fixed on July 11, 2023 in Adobe Product Security Bulletin APSB23-40.
8/30/23, 9:09 AM
Coldfusion
Technical Details for CVE-2023-29301: Adobe ColdFusion Access Control Bypass for a CFAdmin Authentication Component
BackgroundIn this post I'll be walking though CVE-2023-29301, which is an access control bypass / password brute force vulnerability in Adobe ColdFusion that I reported to Adobe and was fixed on July 11, 2023 in Adobe Product Security Bulletin APSB23-40.
8/30/23, 9:09 AM
Coldfusion