Adobe has released security bulletins for Cold Fusion related to CVE-2013-0625 and CVE-2013-0629. These software flaws only affect Cold Fusion deployments with no password set or password protection disabled for Remote Development Services (RDS). The password for RDS should never be the same as the server or system administratve account. The software flaws are being exploited in the wild.