Monday, January 26, 2026

More Scope Injection for Fun and Profit (or, why those security updates broke your functions)

Introduction  Like "Big Two-Hearted River," my last post also has a Part II.  I had previously spent countless hours trying to cr...
1 comment:

Districton 1 Slides - Control the Variables and You Control the Code: Language-Level Vulnerabilities in Adobe ColdFusion

It was an honor to speak at DistrictCon Year 1 (which is its second year.  Unlike ColdFusion, DistrictCon counts from 0. ðŸ˜€ ) I got some g...
Thursday, January 22, 2026

Dead Ends, Red Herrings, and Failures In Our Time

On the good days in security research, you get to channel equal parts Archimedes and Ric Ocasek  in your successes. The pieces all come tog...
Monday, January 5, 2026

RCE via ColdFusion ARchive (CAR) Deployment: One Example of an Authenticated Attack Path in CFAdmin (CVE-2025-61808)

Introduction In this post we'll be looking at one way that an authenticated user with only  ColdFusion Administration (CFAdmin) access...
Monday, December 22, 2025

Digging Through Six Old Sandbox Escapes in ColdFusion (ca. 2001 through 2012)

Time for some vulnerability archaeology!  I'm sure you're as excited as I am.  In a previous post I covered a technique to generate...
Wednesday, November 12, 2025

Speaking at DistrictCon in January 2026 on Language-Level Vulnerabilities in Adobe ColdFusion

  I'm thrilled to be speaking at DistrictCon in late January 2026.  My talk will cover some recent language-level vulnerabilities in Co...
2 comments:
Wednesday, June 25, 2025

Sandbox Security Escapes in ColdFusion and Lucee (CVE-2025-30288 and CVE-2024-55354)

Introduction In this post I'm going to cover the technical details of a security sandbox escape technique that affects Adobe ColdFusion ...
2 comments:
Tuesday, June 24, 2025

CFCamp 2025 Slides - Understanding CFML Vulnerabilities, Exploits, and Attack Paths

 In May I had the pleasure of attending my first CFCamp , where I spoke about CFML security. The slides from my talk --  Understanding CFML ...