Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1992 | 1 Macromedia | 2 Coldfusion, Coldfusion Professional | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header. | |||||
CVE-2002-1700 | 2 Macromedia, Microsoft | 3 Coldfusion, Internet Information Services, Windows 2000 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. | |||||
CVE-2002-1309 | 1 Macromedia | 1 Coldfusion | 2023-12-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name. | |||||
CVE-2004-2204 | 1 Macromedia | 1 Coldfusion | 2023-12-10 | 7.2 HIGH | N/A |
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. | |||||
CVE-2004-0407 | 1 Macromedia | 1 Coldfusion | 2023-12-10 | 2.6 LOW | N/A |
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish. |