4 matches found
Allaire ColdFusion Server <= 4.0 - Remote File Display, Deletion, Upload and Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/115/info To display and delete any file on the system use an URL of the following form: http://www.victim.test/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:\the\target\file To upload files to the sever first find out the...
ColdFusion Server 2.0/3.x/4.x Administrator Login Password DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1314/info Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire ColdFusion 4.5.1 or previous by inputting a string...
Allaire ColdFusion 4.0x CFCACHE功能泄露信息漏洞
BUGTRAQ ID: 917 CVECAN ID: CVE-2000-0057 Allaire ColdFusion是一个用来增强Web交互功能的组件。 ColdFusion 4.x包含一个叫做CFCACHE的功能,它通过储存HTML处理CFM页的输出来提高服务器的性能。 当CFCACHE标签处理CFM页面时,它创建一些临时文件,其中一些文件是.tmp文件,其中包含了当前的HTML输出。同时它也创建一个名为cfcache.map的文件,其中包含了到.tmp文件的指针,内容有绝对路径、时间信息和其他URL信息。这些信息如果暴露出来可以造成潜在的危害。...
Allaire ColdFusion Server contains vulnerability allowing unauthorized user read/delete access to files
Overview A vulnerability exists in Allaire ColdFusion Server which allows an attacker to have unauthorized read and delete access to files on the target host. Description A remotely exploitable vulnerability exists in the Allaire ColdFusion Server which could allow an attacker to have unauthorize...