CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2002-1309
https://notcve.org/view.php?id=CVE-2002-1309
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name. Desbordamiento de búfer en el mecanismo de manejo de errores del manejador de IIS ISAPI en Macromedia ColdFusion 6.0 permite a atacantes remotos ejecutar código arbitrario mediante una petición HTTP GET con un nombre de fichero .cfm largo. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html http://marc.info/?l=bugtraq&r=1&b=200211&w=2 http://www.eeye.com/html/Research/Advisories/AD20021112.html •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2001-1514
https://notcve.org/view.php?id=CVE-2001-1514
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. • http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263 •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2001-1427
https://notcve.org/view.php?id=CVE-2001-1427
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. • http://www.kb.cert.org/vuls/id/321475 http://www.macromedia.com/devnet/security/security_zone/mpsb01-07.html http://www.securityfocus.com/bid/3023 https://exchange.xforce.ibmcloud.com/vulnerabilities/6840 •