RSS   Podatności dla 'Coldfusion server'   RSS

2002-06-18
 
CVE-2002-0576

 

 
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.

 
2001-07-11
 
CVE-2001-1120

CWE-Other
 

 
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.

 
2000-06-07
 
CVE-2000-0538

 

 
ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.

 
2000-05-10
 
CVE-2000-0410

 

 
ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.

 
2000-03-01
 
CVE-2000-0189

 

 
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.

 
2000-01-04
 
CVE-2000-0057

 

 
Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.

 
2001-03-12
 
CVE-1999-0924

 

 
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.

 
 
CVE-1999-0923

 

 
Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.

 
 
CVE-1999-0922

 

 
An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.

 
 
CVE-1999-0760

 

 
Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.

 


Copyright 2022, cxsecurity.com

 

Back to Top