CVE-2002-1700
- EPSS 16.34%
- Published 31.12.2002 05:00:00
- Last modified 03.04.2025 01:03:51
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not...
CVE-2002-1309
- EPSS 1.69%
- Published 29.11.2002 05:00:00
- Last modified 03.04.2025 01:03:51
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.
- EPSS 0.08%
- Published 31.12.2001 05:00:00
- Last modified 03.04.2025 01:03:51
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProce...
CVE-2001-1427
- EPSS 7.61%
- Published 11.07.2001 04:00:00
- Last modified 03.04.2025 01:03:51
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.