36 matches found
EUVD-1999-0904
Malware in sbrugna...
EUVD-1999-0903
Malware in sbrugna...
EUVD-1999-0905
Malware in sbrugna...
EUVD-2000-0188
Malware in sbrugna...
EUVD-2001-1407
Malware in sbrugna...
EUVD-2000-0409
Malware in sbrugna...
EUVD-2001-0528
Malware in sbrugna...
CVE-2025-49545 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation...
ColdFusion Server 2.0/3.x/4.x Administrator Login Password DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1314/info Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire ColdFusion 4.5.1 or previous by inputting a string...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to 2 wizards/common/logintowizard.cfm, 3...
CVE-2009-1872
Adobe ColdFusion Server 8.0.1 and earlier are affected by multiple XSS vulnerabilities. The issues allow remote attackers to inject arbitrary script/HTML via: (1) the startRow parameter in administrator/logviewer/searchlog.cfm, and (2) the query string to wizards/common/_logintowizard.cfm, (3) wi...
CVE-2001-1427
Technical details of CVE-2001-1427 are not publicly available in the provided documents. Please monitor for updates from official advisories; current sources describe an unknown vulnerability in ColdFusion Server 2.0–4.5.1 SP2 without specifics.
CVE-2001-0535
Example applications Exampleapps in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" CGI.Host variable in 1 the "Web Publish" example script, and ...
CVE-2001-0535
Example applications Exampleapps in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" CGI.Host variable in 1 the "Web Publish" example script, and ...
CVE-2001-0535
The CVE-2001-0535 issue affects ColdFusion Server 4.x Exampleapps, where access checks do not correctly limit requests from outside the local host domain. This enables remote attackers to spoof the HTTP Host (CGI.Host) to the Web Publish and Email example scripts, allowing upload, read, or execut...
Allaire ColdFusion Server contains vulnerability allowing templates to be overwritten by zero byte file of the same name
Overview A vulnerability exists in Allaire ColdFusion Server which allows an attacker to overwrite ColdFusion Server templates with zero byte files. Description A remotely exploitable vulnerability exists in the Allaire ColdFusion Server which could allow an attacker to overwrite ColdFusion Serve...
Allaire ColdFusion Server contains vulnerability allowing unauthorized user read/delete access to files
Overview A vulnerability exists in Allaire ColdFusion Server which allows an attacker to have unauthorized read and delete access to files on the target host. Description A remotely exploitable vulnerability exists in the Allaire ColdFusion Server which could allow an attacker to have unauthorize...
Product Security Bulletin (MPSB01-07)
Macromedia Product Security Bulletin MPSB01-07 Macromedia releases patch that addresses ColdFusion Server security issues. Originally Posted: July 11, 2001 Summary Macromedia has released a patch that addresses two ColdFusion Server security issues which affect all server versions from 2.0 throug...
CVE-2001-1427
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors...
CVE-1999-0924
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service...