allaire coldfusion server 4.5 vulnerabilities and exploits

(subscribe to this query)

ColdFusion Server 4.x allows remote malicious users to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.

Allaire Coldfusion Server 4.0 Allaire Coldfusion Server 4.0.1 Allaire Coldfusion Server 4.5

ColdFusion 5.0 and previous versions on Windows systems allows remote malicious users to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.

Allaire Coldfusion Server 5.0 Allaire Coldfusion Server 4.0 Allaire Coldfusion Server 4.5

ColdFusion Administrator for ColdFusion 4.5.1 and previous versions allows remote malicious users to cause a denial of service via a long login password.

Allaire Coldfusion Server 3.01 Allaire Coldfusion Server 3.1 Allaire Coldfusion Server 4.0 Allaire Coldfusion Server 4.0.1 Allaire Coldfusion Server 3.11 Allaire Coldfusion Server 3.12 Allaire Coldfusion Server 2.0 Allaire Coldfusion Server 3.0 Allaire Coldfusion Server 4.5 Allaire Coldfusion Server 4.5.1

1 EDB exploit

Vulnerabilities in ColdFusion 2.0 up to and including 4.5.1 SP 2 allow remote malicious users to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.

Allaire Coldfusion Server 3.1 Allaire Coldfusion Server 3.1.1 Allaire Coldfusion Server 2.0 Allaire Coldfusion Server 4.0.1 Allaire Coldfusion Server 4.5 Allaire Coldfusion Server 3.1.2 Allaire Coldfusion Server 4.0 Allaire Coldfusion Server 3.0 Allaire Coldfusion Server 3.0.1 Allaire Coldfusion Server 4.5.1 Allaire Coldfusion Server 4.5.1 Sp1 Allaire Coldfusion Server 4.5.1 Sp2

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook