Adobe has just released hotfix updates to address recently discovered cross site scripting vulnerabilities in ColdFusion 7 / 8 & JRun 4.0 servers. Some of which would allow an attacker to retreive CF admin login details from an unsuspecting administrator. Details of some of these ColdFusion vulnerabilities have been posted here by Digital Security Research Group which include XSS vulnerabilities in the following CFIDE scripts:

Read more...

Adobe today release a security bulletin detailing vulnerabilities in the fckeditor that ships with CF 8 with a hot fix and directions.

Read more...

The popular ColdFusion shopping cart application CFWebstore has become the target of recent hacking attacks using the cffile upload mime type accept vulnerability.

Read more...