Vulnerabilities for Coldfusion server (...) - CXSECURITY.COM

Vulnerabilities for 'Coldfusion server'

2002-06-18

CVE-2002-0576

ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.

2001-07-11

CVE-2001-1120

CWE-Other

Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.

2000-06-07

CVE-2000-0538

ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.

2000-05-10

CVE-2000-0410

ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.

2000-03-01

CVE-2000-0189

ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.

2000-01-04

CVE-2000-0057

Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.

2001-03-12

CVE-1999-0924

The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.

CVE-1999-0923

Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.

CVE-1999-0922

An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.

CVE-1999-0760

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.

Copyright 2024, cxsecurity.com