Show filters
59 Total Results
Displaying 41-50 of 59
Sort by:
Attacker Value
Unknown

CVE-2004-1723

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.
0
0
Attacker Value
Unknown

CVE-2004-2437

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.
0
0
Attacker Value
Unknown

CVE-2004-0646

Disclosure Date: December 23, 2004 (last updated February 22, 2025)
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
0
0
Attacker Value
Unknown

CVE-2004-0928

Disclosure Date: October 05, 2004 (last updated February 22, 2025)
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
0
0
Attacker Value
Unknown

CVE-2004-1724

Disclosure Date: August 18, 2004 (last updated February 22, 2025)
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
0
0
Attacker Value
Unknown

CVE-2004-1815

Disclosure Date: March 15, 2004 (last updated February 22, 2025)
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
0
0
Attacker Value
Unknown

CVE-2002-0576

Disclosure Date: June 18, 2002 (last updated February 22, 2025)
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
0
0
Attacker Value
Unknown

CVE-2001-1120

Disclosure Date: July 11, 2001 (last updated February 22, 2025)
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
0
0
Attacker Value
Unknown

CVE-2001-1427

Disclosure Date: July 11, 2001 (last updated February 22, 2025)
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
0
0
Attacker Value
Unknown

CVE-1999-0924

Disclosure Date: March 12, 2001 (last updated February 22, 2025)
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.
0
0
View More Topics  < Previous  Next >