Total
14 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0757 | 1 Allaire | 1 Coldfusion Server | 2017-12-18 | 2.1 LOW | N/A |
The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates. | |||||
CVE-2001-1120 | 1 Allaire | 1 Coldfusion Server | 2017-12-18 | 6.4 MEDIUM | N/A |
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates. | |||||
CVE-1999-0756 | 1 Allaire | 1 Coldfusion Server | 2017-10-09 | 5.0 MEDIUM | N/A |
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. | |||||
CVE-1999-0924 | 1 Allaire | 1 Coldfusion Server | 2017-10-09 | 5.0 MEDIUM | N/A |
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. | |||||
CVE-1999-0760 | 1 Allaire | 1 Coldfusion Server | 2017-10-09 | 10.0 HIGH | N/A |
Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. | |||||
CVE-2000-0538 | 1 Allaire | 1 Coldfusion Server | 2017-10-09 | 5.0 MEDIUM | N/A |
ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password. | |||||
CVE-2000-0410 | 1 Allaire | 1 Coldfusion Server | 2008-09-10 | 5.0 MEDIUM | N/A |
ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory. | |||||
CVE-2000-0189 | 1 Allaire | 1 Coldfusion Server | 2008-09-10 | 5.0 MEDIUM | N/A |
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. | |||||
CVE-2000-0057 | 1 Allaire | 1 Coldfusion Server | 2008-09-10 | 7.5 HIGH | N/A |
Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. | |||||
CVE-1999-0922 | 1 Allaire | 1 Coldfusion Server | 2008-09-09 | 5.0 MEDIUM | N/A |
An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. | |||||
CVE-1999-0455 | 1 Allaire | 1 Coldfusion Server | 2008-09-09 | 7.5 HIGH | N/A |
The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. | |||||
CVE-2002-0576 | 1 Allaire | 1 Coldfusion Server | 2008-09-05 | 5.0 MEDIUM | N/A |
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. | |||||
CVE-1999-0923 | 1 Allaire | 1 Coldfusion Server | 2008-09-05 | 7.5 HIGH | N/A |
Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls. | |||||
CVE-1999-0477 | 1 Allaire | 1 Coldfusion Server | 2008-09-05 | 7.5 HIGH | N/A |
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. |