CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1022
https://notcve.org/view.php?id=CVE-2005-1022
09 Apr 2005 — ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. • http://marc.info/?l=bugtraq&m=111290407411801&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2004-2505 – Macromedia ColdFusion MX 6.0 - Oversized Error Message Denial of Service
https://notcve.org/view.php?id=CVE-2004-2505
31 Dec 2004 — Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. • https://www.exploit-db.com/exploits/24013 •
CVSS: 8.1EPSS: 1%CPEs: 12EXPL: 0CVE-2004-1478
https://notcve.org/view.php?id=CVE-2004-1478
31 Dec 2004 — JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109621995623823&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2204
https://notcve.org/view.php?id=CVE-2004-2204
31 Dec 2004 — Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. • http://secunia.com/advisories/12693 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2331
https://notcve.org/view.php?id=CVE-2004-2331
31 Dec 2004 — ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. • http://secunia.com/advisories/10743 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2004-2330
https://notcve.org/view.php?id=CVE-2004-2330
31 Dec 2004 — ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. • http://secunia.com/advisories/10743 •
CVSS: 10.0EPSS: 7%CPEs: 5EXPL: 0CVE-2004-0646
https://notcve.org/view.php?id=CVE-2004-0646
19 Nov 2004 — Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields. Desbordamiento de búfer en la función WriteToLog de los conectores web JRun 3.0 a 4.0, como mod_jrun y mod_jrun20 para Apache con registro verboso activado, permite a atacantes remotos ejecutar código de su elección mediante una u... • http://secunia.com/advisories/12647 •
CVSS: 9.1EPSS: 10%CPEs: 11EXPL: 0CVE-2004-0928
https://notcve.org/view.php?id=CVE-2004-0928
05 Oct 2004 — The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". • http://marc.info/?l=bugtraq&m=109621995623823&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0407
https://notcve.org/view.php?id=CVE-2004-0407
17 Apr 2004 — The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish. • http://marc.info/?l=bugtraq&m=108213782629001&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2004-1816
https://notcve.org/view.php?id=CVE-2004-1816
15 Mar 2004 — Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). • http://marc.info/?l=bugtraq&m=107936690702515&w=2 •