CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2002-0576
https://notcve.org/view.php?id=CVE-2002-0576
18 Jun 2002 — ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0535
https://notcve.org/view.php?id=CVE-2001-0535
12 Oct 2001 — Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. • http://www.allaire.com/Handlers/index.cfm?ID=21700 •
CVSS: 7.5EPSS: 3%CPEs: 12EXPL: 0CVE-2001-1120
https://notcve.org/view.php?id=CVE-2001-1120
11 Jul 2001 — Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates. • http://www.allaire.com/handlers/index.cfm?id=21566 •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-1999-0756
https://notcve.org/view.php?id=CVE-1999-0756
12 Mar 2001 — ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. • http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-1999-0760
https://notcve.org/view.php?id=CVE-1999-0760
12 Mar 2001 — Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. • http://www.allaire.com/handlers/index.cfm?ID=11714&Method=Full •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0922
https://notcve.org/view.php?id=CVE-1999-0922
12 Mar 2001 — An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. • http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0924
https://notcve.org/view.php?id=CVE-1999-0924
12 Mar 2001 — The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. • http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0923
https://notcve.org/view.php?id=CVE-1999-0923
14 Feb 2001 — Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls. • http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 1CVE-2000-0538 – ColdFusion Server 2.0/3.x/4.x - Administrator Login Password Denial of Service
https://notcve.org/view.php?id=CVE-2000-0538
07 Jun 2000 — ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password. • https://www.exploit-db.com/exploits/19996 •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2000-0189
https://notcve.org/view.php?id=CVE-2000-0189
01 Mar 2000 — ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. • http://www.securityfocus.com/bid/1021 •