CVE-2000-0189
https://notcve.org/view.php?id=CVE-2000-0189
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. • http://www.securityfocus.com/bid/1021 •
CVE-2000-0057 – Allaire ColdFusion Server 4.0/4.0.1 - 'CFCACHE' Information Disclosure
https://notcve.org/view.php?id=CVE-2000-0057
Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. • https://www.exploit-db.com/exploits/19712 http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full http://www.securityfocus.com/bid/917 •
CVE-1999-0455 – Allaire ColdFusion Server 4.0 - Remote File Display / Deletion / Upload / Execution
https://notcve.org/view.php?id=CVE-1999-0455
The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. • https://www.exploit-db.com/exploits/19093 http://www.securityfocus.com/bid/115 •
CVE-1999-0477 – Allaire ColdFusion Server 4.0 - Remote File Display / Deletion / Upload / Execution
https://notcve.org/view.php?id=CVE-1999-0477
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. • https://www.exploit-db.com/exploits/19093 http://www.securityfocus.com/bid/115 •