20 matches found
CVE-1999-0800
The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm...
EUVD-1999-0781
Malware in sbrugna...
EUVD-2000-0296
Malware in sbrugna...
Allaire Forums 2.0.4 Getfile Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/229/info An Allaire Forums file GetFile.cfm in the root of the application directory allows anyone to access any file on the Forums server. This vulnerability affects Forums 2.0.4 and earlier. Type the URL...
Allaire Forums GetFile.cfm远程读取任意文件漏洞
BugCVE: CVE-1999-0800 BUGTRAQ: 229 Allaire Forums 是Allaire出品的一个论坛,运行在Coldfusion环境下。Allaire Forums 2.0.4版及其以前版本的一个文件存在安全问题。可以被远程入侵者用来获取服务器上的任意文件。 文件“GetFile.cfm”通常在Web应用程序的根目录下,由于这一行代码的问题: CFCONTENT TYPE= FT/FST FILE= FilePath 可以在指定绝对路径的情况下获取服务器上的任意文件,只要发出如下请求:...
Allaire Forums does not verify user information stored in hidden form fields
Overview Allaire Forums does not verify user information submitted in hidden fields on a web form, allowing attackers to impersonate other users. Description Allaire Forums is a web-based bulletin board system that runs on Cold Fusion. When a user wishes to post a message, Allaire Forums...
CVE-2002-0108
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address...
CVE-2002-0108
Allaire Forums 2.0.4/2.0.5 and Forums! 3.0/3.1 allow remote authenticated users to spoof messages by modifying hidden form fields that carry the name and e-mail address. The root cause is lack of verification of user information submitted via hidden fields, enabling impersonation of other users w...
CVE-2002-0108
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address...
CVE-1999-0800
The CVE-1999-0800 issue affects Allaire Forums (2.0.4 and earlier) running in ColdFusion, where GetFile.cfm exposes a FilePath parameter that allows remote attackers to read arbitrary server files (e.g., via http://target/GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\boot.ini). Root cause: GetFile.cf...
CVE-1999-0800
The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm...
CVE-1999-0800
The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm...
CVE-2000-0297
Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables...
CVE-2000-0297
Allaire Forums 2.0.5 contains a vulnerability that allows remote attackers to bypass access restrictions to secure conferences by manipulating the rightAccessAllForums or rightModerateAllForums variables. The description does not specify affected versions beyond 2.0.5 and does not provide remedia...
Allaire Forums позволяет получить доступ к любой конференции
Пользователь может установить переменную rightAccessAllForums, которая позволяет получить доступ к любой конференции...
CVE-2000-0297
Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables...
Allaire Security Bulletin (ASB00-06)
Allaire Security Bulletin ASB00-06 Patch Available for Allaire Forums 2.0.5 security issue. Originally Posted: April 3, 2000 Last Updated: April 3, 2000 Summary Allaire has recently been notified of a security issue in the Allaire Forums 2.0.5 software. This behavior allows users to view and post...
allaire.getfile.cfm.txt
Date: Thu, 11 Feb 1999 11:36:57 -0500 From: Cameron Childress To: [email protected] Subject: ACFUG List: Alert: Allaire Forums GetFile bug The problem outlined below seems to effect all Allaire Forums 2.0.x versions. Allaire has confirmed that the bug exists, and will be issuing a...
Allaire Forums 2.0.4 - Getfile
source: https://www.securityfocus.com/bid/229/info An Allaire Forums file "GetFile.cfm" in the root of the application directory allows anyone to access any file on the Forums server. This vulnerability affects Forums 2.0.4 and earlier. Type the URL...
Allaire Forums 2.0.4 - Getfile
Allaire Forums 2.0.4 - Getfile source: https://www.securityfocus.com/bid/229/info An Allaire Forums file "GetFile.cfm" in the root of the application directory allows anyone to access any file on the Forums server. This vulnerability affects Forums 2.0.4 and earlier. Type the URL...