CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2002-0576
https://notcve.org/view.php?id=CVE-2002-0576
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html http://online.securityfocus.com/archive/1/268263 http://www.iss.net/security_center/static/8866.php http://www.macromedia.com/v1/handlers/index.cfm?ID=22906 http://www.osvdb.org/3337 http://www.securityfocus.com/bid/4542 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0535
https://notcve.org/view.php?id=CVE-2001-0535
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. • http://www.allaire.com/Handlers/index.cfm?ID=21700 http://xforce.iss.net/alerts/advise92.php •
CVSS: 6.4EPSS: 1%CPEs: 12EXPL: 0CVE-2001-1120
https://notcve.org/view.php?id=CVE-2001-1120
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates. • http://www.allaire.com/handlers/index.cfm?id=21566 http://www.kb.cert.org/vuls/id/135531 http://www.securityfocus.com/archive/1/196452 http://www.securityfocus.com/bid/3018 https://exchange.xforce.ibmcloud.com/vulnerabilities/6839 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-1999-0756
https://notcve.org/view.php?id=CVE-1999-0756
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. • http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full https://exchange.xforce.ibmcloud.com/vulnerabilities/2207 •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-1999-0760
https://notcve.org/view.php?id=CVE-1999-0760
Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. • http://www.allaire.com/handlers/index.cfm?ID=11714&Method=Full http://www.securityfocus.com/bid/550 https://exchange.xforce.ibmcloud.com/vulnerabilities/3288 •