This page aggregates publicly disclosed CVE and security risk information related to allaire, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2002-0576 | ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. | [email protected] | 5.0 | 2.32% | 2002-06-18 | 2026-04-16 |
| CVE-2002-0108 | Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address. | [email protected] | 7.5 | 0.81% | 2002-03-25 | 2026-04-16 |
| CVE-2001-1120 | Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates. | [email protected] | 6.4 | 3.18% | 2001-07-11 | 2026-04-16 |
| CVE-1999-0924 | The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. | [email protected] | 5.0 | 0.74% | 2001-03-12 | 2026-04-16 |
| CVE-1999-0923 | Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls. | [email protected] | 7.5 | 0.64% | 2001-03-12 | 2026-04-16 |
| CVE-1999-0922 | An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. | [email protected] | 5.0 | 0.65% | 2001-03-12 | 2026-04-16 |
| CVE-1999-0800 | The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm. | [email protected] | 5.0 | 6.96% | 2001-03-12 | 2026-04-16 |
| CVE-1999-0760 | Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. | [email protected] | 10.0 | 0.45% | 2001-03-12 | 2026-04-16 |
| CVE-1999-0757 | The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates. | [email protected] | 2.1 | 0.51% | 2001-03-12 | 2026-04-16 |
| CVE-1999-0756 | ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. | [email protected] | 5.0 | 0.66% | 2001-03-12 | 2026-04-16 |
| CVE-2000-0862 | Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information. | [email protected] | 6.4 | 0.43% | 2000-11-14 | 2026-04-16 |
| CVE-2000-0538 | ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password. | [email protected] | 5.0 | 9.01% | 2000-06-07 | 2026-04-16 |
| CVE-2000-0410 | ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory. | [email protected] | 5.0 | 0.79% | 2000-05-10 | 2026-04-16 |
| CVE-2000-0382 | ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site. | [email protected] | 2.6 | 0.37% | 2000-05-08 | 2026-04-16 |
| CVE-2000-0334 | The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule. | [email protected] | 2.1 | 0.10% | 2000-04-24 | 2026-04-16 |
| CVE-2000-0297 | Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables. | [email protected] | 6.4 | 0.40% | 2000-04-03 | 2026-04-16 |
| CVE-2000-0189 | ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. | [email protected] | 5.0 | 0.65% | 2000-03-01 | 2026-04-16 |
| CVE-2000-0057 | Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. | [email protected] | 7.5 | 3.22% | 2000-01-04 | 2026-04-16 |
| CVE-2000-0051 | The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL. | [email protected] | 5.0 | 0.66% | 2000-01-04 | 2026-04-16 |
| CVE-2000-0050 | The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. | [email protected] | 4.6 | 0.07% | 2000-01-04 | 2026-04-16 |