Reversing JNBridge to Build an n-day Exploit for CVE-2019-7839

I was chatting to @Random_Robbie at the inaugural BSides Liverpool (@BSidesLivrpool), when he mentioned a new Adobe ColdFusion RCE and then said… “There’s no public exploit.” I’ve dabbled a bit…

Another ColdFusion RCE – CVE-2018-4939

In October 2017 I published an overview and video proof-of-concept of a Java RMI/deserialization vulnerability affecting the Flex Integration service of Adobe ColdFusion. I held off on publishing all of…

October 13, 2017

Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11284)

During my research into the Java Remote Method Invocation (RMI) protocol, the most common RMI service that I came across was Adobe ColdFusion’s Flex integration service which is used to…

NickstaDB

Infosec, making, breaking, hacking.

Posts filed under ColdFusion

October 12, 2019

Reversing JNBridge to Build an n-day Exploit for CVE-2019-7839

June 18, 2018

Another ColdFusion RCE – CVE-2018-4939

October 13, 2017

Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11284)