Page 3 of 14 results (0.007 seconds)

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0

ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. • http://www.securityfocus.com/bid/1021 •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1

Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. • https://www.exploit-db.com/exploits/19712 http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full http://www.securityfocus.com/bid/917 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. • https://www.exploit-db.com/exploits/19093 http://www.securityfocus.com/bid/115 •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. • https://www.exploit-db.com/exploits/19093 http://www.securityfocus.com/bid/115 •