Vulnerabilities > Macromedia > Coldfusion
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1992 | Buffer Overrun vulnerability in Macromedia Coldfusion and Coldfusion Professional Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header. | 5.0 |
| 2002-12-31 | CVE-2002-1700 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. | 4.3 |
| 2002-11-29 | CVE-2002-1309 | Remote Security vulnerability in Macromedia Coldfusion 6.0 Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name. | 7.5 |
| 2001-12-31 | CVE-2001-1514 | Unspecified vulnerability in Macromedia Coldfusion 4.5/5.0 ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. | 10.0 |
| 2001-07-11 | CVE-2001-1427 | Unspecified vulnerability in Macromedia Coldfusion Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. | 7.5 |