CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0535
https://notcve.org/view.php?id=CVE-2001-0535
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. • http://www.allaire.com/Handlers/index.cfm?ID=21700 http://xforce.iss.net/alerts/advise92.php •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2001-1427
https://notcve.org/view.php?id=CVE-2001-1427
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. • http://www.kb.cert.org/vuls/id/321475 http://www.macromedia.com/devnet/security/security_zone/mpsb01-07.html http://www.securityfocus.com/bid/3023 https://exchange.xforce.ibmcloud.com/vulnerabilities/6840 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2001-1084
https://notcve.org/view.php?id=CVE-2001-1084
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html http://www.kb.cert.org/vuls/id/654643 http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full http://www.osvdb.org/1891 http://www.securityfocus.com/bid/2983 https://exchange.xforce.ibmcloud.com/vulnerabilities/6793 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0179
https://notcve.org/view.php?id=CVE-2001-0179
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." • http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full https://exchange.xforce.ibmcloud.com/vulnerabilities/6008 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0166
https://notcve.org/view.php?id=CVE-2001-0166
Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file. • http://archives.neohapsis.com/archives/bugtraq/2000-12/0491.html https://exchange.xforce.ibmcloud.com/vulnerabilities/5826 •