Security experts advise security teams to keep current on how attackers have been hacking their latest victims. Attackers exploited two publicly known flaws – CVE-2010-2861 and then CVE-2009-3960 – in the victim’s 11-year-old installation of Adobe ColdFusion 9. The first flaw is a directory transversal vulnerability, while the second allows for XML injection. The open-source Metasploit penetration-testing framework added exploits for the former in 2011 and the latter in 2010.”]

