Security
Web Services Interoperability Organization Releases a Basic Security Profile
The Web Services Interoperability Organization has released their recommendations for web services security standards and best practices in their Basic Security Profile. Read Russel Madere's report to find out more!
Microsoft Releases Patch for WMF Flaw
What is the WMF security hole and why should you be nervous about it? Find out more right here.
Adobe Releases Cumulative Security Patches for ColdFusion and JRun
These cumulative security updates are highly recommended if you're running ColdFusion version 6 or higher...
Administrator Interface DOS Vulnerability in Flash Media Server
A vulnerability in the Flash Media Server could expose the server to a Denial of Service attack. Read about it in Adobe's Security Zone report.
Exploit Code Kicks Old Microsoft Vulnerability into High Gear
A hole in Microsoft's Windows kernel can let in a malicious intruder ... and a newly released exploit makes it that much easier!
New MSDDS Vulnerability in Microsoft Office and Microsoft Visual Studio
This new Microsoft vulnerability has to do with the MSDDS.dll, a memory corruption error and ActiveX controls.
Zotob Worm and Variants Hit Net
This overview of the Zotob worm attack will tell you what it is and how to protect your systems.
Microsoft Releases Patch for WMF Flaw (Jan 6, 2006)Adobe Releases Cumulative Security Patches for ColdFusion and JRun (Dec 23, 2005)
Administrator Interface DOS Vulnerability in Flash Media Server (Dec 22, 2005)
Exploit Code Kicks Old Microsoft Vulnerability into High Gear (Aug 13, 2005)
New MSDDS Vulnerability in Microsoft Office and Microsoft Visual Studio (Jul 30, 2005)
Zotob Worm and Variants Hit Net (Jul 30, 2005)
USB Presents Security Hole (Jul 30, 2005)
Security Patch Available for JRun 4.0 Token Collision (Jul 20, 2005)
Bug in Microsoft JVM (Jul 10, 2005)
Google Patches New Desktop Search Holes (Dec 15, 2004)
Google Desktop Finds Holes (Dec 15, 2004)
Enemies in Disguise (Dec 1, 2004)
New Security Hole Found in Mozilla Browser (Jul 3, 2004)
Security Experts Identify New Exploit on Email Servers (May 15, 2004)
New Security Patch Available for ColdFusion MX Sandbox Security (Jan 27, 2004)
New Security Patch Available for ColdFusion MX Sandbox Security (Dec 27, 2003)
Macromedia Releases Form Fields Denial of Service Patch (Jan 27, 2004)
Secunia Reports Cross-Site Scripting Vulnerability in JRun (Dec 2, 2003)
Update to Flash Player Addressing Local Shared Object Security (Dec 2, 2003)
The Tide (of Spam) is High (Aug 13, 2003)
Are Bug Reports Against the Law? (Aug 13, 2003)
ColdFusion Security Part One: Understanding Sandbox/Resource Security (Jul 19, 2003)
Software Security at Macromedia (Jul 19, 2003)
Macromedia Policy Statement on Best Practices for Flash Security (May 29, 2003)
Patch for Apache 1.3.x, 2.0 View Source Vulnerability in ColdFusion MX and JRun 4.0 on Windows (May 29, 2003)
Security Links in Light of July 6th Hack Attack Contest (May 29, 2003)
Path Disclosure Vulnerability in ColdFusion MX Server (May 2, 2003)
Macromedia Flash Malformed Header Vulnerability Issue (Jul 20, 2002)
Macromedia Flash URL Modification Issue (Jul 20, 2002)
Flaw in Macromedia JRun Could Let Attacker Take Over (May 22, 2002)
Update to Macromedia Flash Player 6 Streaming Issue (May 8, 2002)
Website Security Hole Found and Patched (May 8, 2002)
SQLSnake Worm Spreads Like Crazy off of SQL Server Vulnerability (May 8, 2002)
Microsoft Supplies 'Critical' Patch for IE (May 8, 2002)
Macromedia Flash Player 6 Streaming Issue (May 1, 2002)
Macromedia Flash Activex Buffer Overflow (May 1, 2002)
Cumulative Patch for Internet Information Services (Apr 12, 2002)
Macromedia Flash Undocumented Command Arbitrary File Write Vulnerability (Mar 8, 2002)
Macromedia Flash Undocumented Action File Access Vulnerability (Mar 8, 2002)
Some Good Security Articles for Fusebox (Mar 8, 2002)
Webmasters Urged To Plug PHP Security Hole (Feb 19, 2002)
Another Security Hole Found In Macromedia Flash (Feb 19, 2002)
Guarding Against Privilege Elevation on WIN2K and NT (Feb 19, 2002)
Upcoming Gathering of Windows Top Security Pros! (Feb 19, 2002)
Unchecked Buffer in Microsoft SQL Server 2000 and 7.0 (Feb 19, 2002)
Information Disclosure Vulnerability in Microsoft IE (Feb 19, 2002)
Information Disclosure Vulnerability in Microsoft XML Core Services (Feb 19, 2002)
First Flash Virus Discovered (Jan 1, 2002)
Allaire Security Bulletin ASB00-15: Workaround for JRun 2.3.x Code Sample Vulnerabilities (Jun 19, 2000)
ColdFusion Advanced Security: Setting Up Netscape Directory Server 4.1 as a User Directory Fails (Jun 12, 2000)
Allaire Security Bulletin (ASB00-14): Workaround for Denial of Service Attack Against ColdFusion Administrator (May 29, 2000)
Allaire Security Bulletin (ASB00-13)/Microsoft (MS00-031): Patch Available for 'Undelimited HTR Request' and 'File Fragment Reading via HTR' Vulnerabi (May 15, 2000)
Allaire's Response to ColdFusion Server 4.5.1 DoS Vulnerability (May 15, 2000)
Security Zone Alert: ClusterCATS Appends Stale Query String to URL Line During HTML Redirection (May 1, 2000)
Security Zone Alert: Microsoft Procedure Available to Eliminate Server-Side Image Map Components Vulnerability (May 1, 2000)
ColdFusion Server 4.5.1 Denial of Service Attack Using CFCACHE (May 1, 2000)
Security Zone Alert: Patch Available for Spectra Container Editor Preview Object Security Issue (Apr 24, 2000)
Security Zone Alert: Microsoft Internet Information Server Procedure Available to Eliminate 'Link View Server-Side Component' Vulnerability (Apr 24, 2000)
Security Zone Alert: Microsoft Internet Information Server Patch Available for 'Myriad Escaped Characters' Vulnerability (Apr 24, 2000)
Allaire Security Bulletin (ASB00-07): 'Microsoft Internet Information Server Exposure of Source Code with Malformed Hit Highlighting Arguments' (Apr 3, 2000)
Allaire Security Bulletin (ASB99-11): Solutions to Issues that Allow Users to Execute Commands on NT Servers Through MDAC RDS (Mar 27, 2000)
Allaire Security Bulletin (ASB00-06): Patch Available for Allaire Forums 2.0.5 Security Issue (Mar 27, 2000)
SecurityFocus Takes Note of Known CF Information Hole (Feb 28, 2000)
Password Capture on NT Intranets Using Basic Authentication (Feb 28, 2000)
Cross-Site Scripting Vulnerability (Feb 14, 2000)
Clustered (4.5) Server May Lock into Busy State (Jan 3, 2000)
Upgrade Installation Problems with HomeSite 4.5 or Studio 4.5 (Jan 3, 2000)
Patch Available for CFCACHE Tag Potential Exploit (Jan 3, 2000)
Potential Denial of Service Problem in Allaire Spectra 1.0 (Jan 3, 2000)
Authenticated Webtop User Security in Allaire Spectra 1.0 (Jan 3, 2000)
Patches Released for ColdFusion 4.5 Bugs (Jan 3, 2000)
CF_BugTraq: CFTextApplet and Netscape 4.71 (Dec 27, 1999)
CF_BugTraq: CFHHTPPARAM Doesn't Pass Form Field Variables (Dec 27, 1999)
CF_BugTraq: CFMail Query Operations (in CF 4.5) (Dec 27, 1999)
Security Alert: Overloading CFINCLUDE in CF 4.0 & 4.5 (Dec 20, 1999)
CFStudio 4.5: Zero-Byte Bug Fixed (Dec 20, 1999)
Y2K Patch for Oracle Stored Procedures Released (Dec 20, 1999)
FuseTalk Hole Considered High Risk (Nov 5, 2001)
New Worm: W32.Goner.A@mm (Oct 29, 2001)
Linux Servers at Risk From Serious Flaw (Oct 29, 2001)
Security Hole Found in Older Versions of Symantec Antivirus Software (Oct 8, 2001)
Malformed Microsoft Excel or PowerPoint Documents Exploit (Oct 8, 2001)
MS Security Plan: OK, Kind Of (Oct 8, 2001)
More Security Problems for Microsoft (Oct 8, 2001)
How to Protect Your Network Against the Nimda Virus (Oct 1, 2001)
Top Security Holes: A Rundown (Oct 1, 2001)
Microsoft Warns of PowerPoint, Excel Vulnerabilities (Oct 1, 2001)
HFNetChk 3.2 Beta Build (Oct 1, 2001)
Customer Security Bulletin (CSB01-11): Nimda Worm (a.k.a. W32.Nimda) Vulnerability using Microsoft IIS/Internet Explorer products (Sep 24, 2001)
Customer Security Bulletin (CSB01-10): Apache Authentication Modules Unauthorized Access Vulnerability (Sep 24, 2001)
Garner Group Recommends Dumping IIS (Sep 24, 2001)
Macromedia Security Bulletin (MPSB01-08) (Jul 30, 2001)
Security Bulletin FAQ (Jul 9, 2001)
ColdFusion Template Overwrite Vulnerability (Jul 9, 2001)
ColdFusion Unauthorized File Access Vulnerability (Jul 9, 2001)
Top 10 Security Mistakes (Jul 9, 2001)
Microsoft IIS Device File Local DoS Vulnerability (Jul 2, 2001)
JRun Cross-Site Scripting Vulnerability (Jul 2, 2001)
Read Your Firewall Logs! (Jul 2, 2001)
Warning to All Site Administrators: Plug That Hole! (Jul 2, 2001)
Macromedia Product Security Bulletin (MPSB01-07): Macromedia Releases Patch That Addresses ColdFusion Server Security Issues (Jul 9, 2001)
Customer Security Bulletin (CSB01-09) : Microsoft (MS01-036): Using Microsoft Windows 2000 LDAP over SSL Could Enable Passwords to Be Changed (Jun 25, 2001)
Macromedia Product Security Bulletin (MPSB01-03) : JRun 3.1, 3.0, 2.3.3: Patch available for ability to view jsp source code when Ending an URL with js%70 Instead of JSP (Jun 25, 2001)
Macromedia Product Security Bulletin (MPSB01-04) : JRun 3.0: Patch available for re-generation of new java, class, et al. files when adding a forward slash to a previously run jsp (Jun 25, 2001)
Macromedia Product Security Bulletin (MPSB01-05) : JRun 3.0: Patch Available for Accessing a Restricted Directory While Bypassing the Web Authentication (Jun 25, 2001)
Macromedia Product Security Bulletin (MPSB01-06) : JRun 3.1, JRun 3.0, JRun 2.3.3: Cross-site Scripting Vulnerability (a.k.a. Javascript Code Execution Vulnerability) (Jun 25, 2001)
Customer Security Bulletin (CSB01-08): Microsoft (MS01- 033): Unchecked Buffer in Index Server ISAPI Extension Allows IIS Web Server Compromise (Jun 18, 2001)
'Miss World' Virus Uses Sex Angle To Lure The Unwary (Jun 4, 2001)
Hacking 101 (May 28, 2001)
Qualcomm Eudora Hidden Attachment Execution Vulnerability (May 28, 2001)
The Strange Tale of the Denial of Service Attacks Against GRC.COM (May 28, 2001)
Authentication Gets Tough (May 28, 2001)
Scared of _Zombies_? You Should Be (May 28, 2001)
Denial-Of-Service Attacks Common (May 28, 2001)
Microsoft IE SSL Spoofing Vulnerability (May 21, 2001)
Win Media Player Hole Surrenders Your Machine (May 21, 2001)
Microsoft IIS Various Domain User Account Access Vulnerability (May 21, 2001)
iPlanet Web Publisher Remote Buffer Overflow Vulnerability (May 21, 2001)
Macromedia Spectra Internal Security Implementation (May 21, 2001)
Customer Security Bulletin (CSB01- 07): Microsoft (MS01- 026): Superfluous Decoding Operation Could Allow Command Execution Via IIS (May 21, 2001)
Customer Security Bulletin (CSB01- 06): iPlanet: Web Server 4.1 SP 3-7 Product Alert (May 21, 2001)
RSA Security Helps Provide Security Technology to Macromedia ColdFusion (May 7, 2001)
Patch Available for *Unchecked Buffer in ISAPI Extension ...* Vulnerability (May 7, 2001)
iPlanet: Web Server 4.x Product Alert (May 7, 2001)
Malformed URL Can Cause Service Failure in IIS 5.0 (May 7, 2001)
Malformed .HTR Request Allows Reading of File Fragments (May 7, 2001)
Simple RF Weapon Can Fry PC Circuits (May 7, 2001)
Virus Alert: W32.Magistr.24876@mm (May 7, 2001)
Security Quiz at WhatIs.com (Apr 30, 2001)
Prioritizing Network and Server Security Issues (Apr 30, 2001)
IIS 5 Security Alert (Apr 30, 2001)
Another IIS Hole to Plug (Apr 30, 2001)
Denial of Service: A "How Do the Pros Handle It" Front Line Report: Compiled by Erika L. Walker, CF Community Correspondant (Apr 30, 2001)
Prioritizing Network and Server Security Procedures (Dec 7, 2005)
Scripting Vulnerability Detected in MS IE and Outlook Express (Dec 7, 2005)
Formal Trust and Authentication (Dec 7, 2005)
Allaire Security Bulletin (ASB00- 29): JRun 2.3.3: Patch Available for JSP Execution of Arbitrary File Security Issue (Oct 23, 2000)
Allaire Security Bulletin (ASB00- 28): JRun 2.3.3: Patch Available for Non- webroot Requests Security Issue (Oct 23, 2000)
Allaire Security Bulletin (ASB00- 27): JRun 3.0: Patch Available for Extra Leading Slash Security Issue (Oct 23, 2000)
Allaire Security Bulletin (ASB00- 26): Microsoft (MS00- 078): Patch Available for Web Server Folder Traversal Vulnerability (Oct 23, 2000)
Fast Track to Internet Security (Oct 9, 2000)
Allaire Security Bulletin (ASB00- 32) Microsoft (MS00-086): Patch Available for "Web Server File Request Parsing" Vulnerability (Nov 27, 2000)
Allaire Security Bulletin (ASB00-31): Microsoft (MS00-080): Patch Available for "Session ID Cookie Marking" Vulnerability (Oct 30, 2000)
Allaire Security Bulletin (ASB00-30): JRun 3.0: Patch available for "multiple .'s denial of service" issue (Oct 30, 2000)
Allaire Security Bulletin (ASB00-29): JRun 2.3.3: Patch available for "JSP execution of arbitrary file" security issue (Oct 30, 2000)
Allaire Security Bulletin (ASB00-28) (Oct 30, 2000)
Allaire Security Bulletin (ASB00-27) (Oct 30, 2000)
Allaire Security Bulletin (ASB00-26) (Oct 30, 2000)
Allaire Security Bulletin (ASB00-24): Microsoft (MS00-060): Patch Available for IIS Cross-Site Scripting Vulnerabilities (Sep 4, 2000)
CNet News Reports Unix, Linux Computers Vulnerable to Damaging New Attacks (Sep 4, 2000)
Spotting Intrusions: A Real-Life Scenario (Sep 4, 2000)
Allaire Security Bulletin (ASB00-25): Microsoft (MS00- 063): Patch Available for Invalid URL Vulnerability (Sep 4, 2000)
Allaire Security Bulletin (ASB00-23): Spectra 1.0.1: Workaround Available for Administrative Interface Security Issue (Aug 28, 2000)
Allaire Posts Revised Tags and Patches (Aug 28, 2000)
O'Reilly WebSite Pro Write Access Vulnerability (Aug 21, 2000)
PGP Encryption Security in Question (Aug 21, 2000)
Microsoft IIS 5.0 Translate: f Source Disclosure Vulnerability (Aug 14, 2000)
Allaire Security Bulletin (ASB00-19): Patch Available for JRun Trailing Character JSP Source Code Disclosure Issue (Aug 7, 2000)
Allaire Security Bulletin (ASB00-18): Patch Available for JRun 3.0 EJB Property Disclosure Issue (Aug 7, 2000)
Netscape Communicator URL Read Vulnerability (Aug 7, 2000)
Microsoft Internet Explorer Scriptlet Rendering Vulnerability (Aug 7, 2000)
Bugs Afflict Microsoft, Netscape, Sun (Aug 7, 2000)
Allaire Security Bulletin (ASB00-22): O'Reilly Has Patch Available for Buffer Overrun in O'Reilly Website Pro 2.4 httpd32.exe (Jul 24, 2000)
Allaire Security Bulletin (ASB00-21): O'Reilly Has Patch Available for Buffer Overrun in O'Reilly Website Pro 2.4 webfind.exe (Jul 24, 2000)
Allaire Security Bulletin (ASB00-20): Microsoft Has Patch Available for "Absent Directory Browser Argument" Vulnerability (Jul 24, 2000)
Patch Available for Malformed E-mail Header Vulnerability (Jul 17, 2000)
Allaire Security Bulletin (ASB00-16): Microsoft Patch Available for "Stored Procedure Permissions" Vulnerability (Jul 10, 2000)
Allaire Security Bulletin (ASB00-17): Microsoft Patch Updated for "DTS Password" Vulnerability (Jul 10, 2000)
Latest ColdFusion Talk (CF-Talk)
- Migrating Hosts -- custom tags
- CF8 and ssl email
- Advertisment Content Management - problem with random image
- Best performace/practice for storing temp data
- How do you guys deploy databases to shared servers?
- Who encodes characters in mails sent by ColdFusion
- How to cfdump a single row in a query?
- Return JSON from a CFC
- Merging of PDFs
- XMLFormatted Characters
Latest ColdFusion Jobs (CF-Jobs)
- ColdFusion Developer to help on Large/Print PDF generation on the fly
- Looking for FT/PT Telecommute Position
- Los Angeles developer looking for telecommute or freelance projects
- Austin area ColdFusion expert seeking full-time or telecommute work
- Mid-Senior ColdFusion Developer Needed in Columbia, MD area
- Ohio developer looking for local work
- Adobe Expert Seeking ColdFusion / Flex Dev or QA
- ColdFusion Developer Needed in Los Angeles/South Bay Area
- Serious About Your Solutions? Elite ColdFusion Developer Available in VA/DC/MD metro area
- Senior ColdFusion Developer- Edgw are, London £40,000 to 60,000 + Bens
Want a number like 800-ColdFusion?
My Toll Free 800 Number provides a vanity phone number service to clients who want more than just digits. How would you like 800-coldfusion?