search : hacking

select a category, or use search below
(searches all categories and all time range)

displaying top 100 results

Cryptojacking: Hacking for Bitcoins
[ANeff] Bug for: per-app null value can be hacked from address bar
3851606 CF-4200508 Suchika S. getColumnList() returns a string [] and not an array object.We have a hack for converting String[] to array for the headless version. We have added similar hack for member function if it is for the function parameter but not for the calling object. The calling object
2597048 CF-3169196 External U. This is a crazy bug that defies logic. Lots of people use isValid("integer") to validate data that's expected to be an integer to provide protection from hacking, maliciously causing errors to progress hacking, or manipulation of data, so this is actually a security
2609053 CF-3941059 External U. Please fix, it's terrible to have to hack my code when handling Base64 strings of images because the spec is being incorrectly interpreted.
2613176 CF-3341284 External U. We are unable to upgrade our CF without investing additional engineering time to hack together a fix for something that should not be broken.
2597097 CF-3119991 External U. A work mate hacked together a solution. It's detailed here; http://stackoverflow.com/questions/5898291/coldfusion-util-key-memory-leak-issue-with-structure-keys/9401913
2599341 CF-3040311 External U. This is holding up our production server upgrades. With millions of lines of codebase an audit is absolutely ridiculous! Anything short of a hot fix is unacceptable and a hack bandaid.
2603458 CF-3035553 External U. Heavily seconded ... that "bug" or lack of features! Fortunately, I found a Java hack to provide SSL to poll GMail with cfpop ...
of hacking and security breaches. According to NBC News, Hackers stole nearly half a billion personal records in 2018. There were fewer breaches, but the breaches were bigger and worse and more data than ever was stolen. Crypto-miners have improved as well and not in a good way. The post It’s Up To Us
and it creates a zombie process in iis. The pathway that autodiscover uses is also a common one for script hacks on PHP sites, so in production, script hacks against your server can zombie hundreds of threads in a few minutes, killing IIS very quickly. The CFContent problem is equally obvious, any request after
aliaspooryorik Why you should limit password length Allowing long passwords is good but could also be used as an attack vector The post Why you should limit password length appeared first on ColdFusion. Blog,ColdFusion,Modern CFML,blog,Hacking,modern cfml
2609632 CF-3818547 External U. Is this the same security team that facilitated the h.cfm hack? Are you sure you should be listening to them? (in case you hadn't worked it out, that was not a serious question, but was a serious observation that your "security team" isn't really up to much
2612071 CF-3560929 External U. I have found a "hack-ish" work around ... In the Application.cfc utilize the OnMissingTemplate method like so: Then check
2612631 CF-3488063 External U. Super annoying! Have tried most of the 'hacks' and none seem to work. I continuously end up with either a header code 200, or the default. It's not CF10 by itself obviously, as locally everything works just fine (running on a mac).
2613240 CF-3337394 External U. We run travel sites that rely heavily on JSON data and ISO country codes. The ISO country code for Norway is NO and we've had to code a hack around this issue in a few places. The code below illustrates how the bug affected us:
2613240 CF-3337394 External U. We run travel sites that rely heavily on JSON data and ISO country codes. The ISO country code for Norway is NO and we've had to code a hack around this issue in a few places. The code below illustrates how the bug affected us:
2613636 CF-3197321 External U. Yes, this needs to be fixed as soon a possible. This makes moving from CF9 to CF10 questionable when you see such minor problems like this go unsolved. It also makes long term administration in CF10 more difficult when you have to manually hack a fix into the XML
requiring the owner of the website to hack their code to accommodate HotBox (and any other plug-in module they might use). One very jerry-built way it might work is have the site's serialise extend HotBox's one, I suppose... but it still requires hacking about to then have the site's methods also call
if an address cannot be extracted. This means if someone added a URL parameter of "?email=hacked@own.ed" to the URL of the request, if InternetAddress.getAddress() was null, then the results of parseEmail() would not be null but would be "hacked@own.ed". This is a basic example, but the ramifications could
2673002 CF-4157592 Database Christopher Tierney Do not evaluate value if null=tue on CFQUERYPARAM Currently this code: will still try to evaluate "myVal". When attempting to turn off/on NULL's via if a value exists or not, for example in the arguments of a method, we have to hack together
reporting CF as the perfect backend solution for Flex which is totally false, till we add this feature. Other SS solutions are much faster than CF is, unless you use typed structures, which is just an hack, nothing more.
is Better?) appeared first on ColdFusion. Application Performance,Discussion,Performance,application performance,discussion,Hacking,performance
forget that when mentioning the .NET framwork? LOL. And my user account got hacked from Adobe, not from MS ;-) ). What about community support. What about IDE. What about longterm maintainability of large code bases. What about quality of support and speed of reaction. What about licensing. I could go
2602327 CF-3036977 Flex/Flash : Flex remoting João Fernandes Bug 74044:(Watson Migration Closure)[RIA]ColdFusion should support SWF verification similar to FMS Problem: [RIA]ColdFusion should support SWF verification similar to FMS. This increases security by avoiding changed/hacked swf files
referenced forum so that context highlighting displays the CONTENT passages that the error occurs. My best guess it this point is that it is memory related. But it did work just fine, against the same content on an older server, under CF 9. Since it is a standard solr behavior and not an undocumented hack I
2610071 CF-3733001 External U. Not all tags are created equal, so it's a bit silly to think that hacking off some brackets is even mildly acceptable. What's this nonsense having "cf" still attached? Have you seen what you did to cfsilent with this approach? Have you? Monsterous. Hideous! Part
the proper truthy/falsey constructs that language like JavaScript and Groovy have. Instead of making elvis be a hacked-up combination of two things, it needs to be fixed to be a proper null coalescing operator and then this ticket won't be needed. We tried to start using the elvis operator in ColdBox 5
://www.petefreitag.com/item/644.cfm I think I recommended this back during CF8 beta as well, but that bug must have been deleted. It is now a pretty common practice to use HttpOnly in cookies, and using cfheader is quiet a hack. Method: Result: ----------------------------- Additional Watson Details
of the value stored with the key. The workaround of having to run ListFind(StructKeyList(), "key") to see if the key exists in the list combined with StructKeyExists(myStruct, "key") returning false is an ugly hack. StructKeyExists() should just return true for *ANY* key that actually exists, regardless
is the object type. Here system whether the passes object is one of the Member Function supported object type or not. If not (that is the case here), it will by-pass member function completely. To support it we will have to add a hack wherein exception object needs to added for this special case, which
This is a hack, not a fix. Adobe should get this fixed in the installer.
properly as a boolean with no ambiguity? This is a problem because there is no way to treat "No" or "Yes" as a string (there is a hack that seams to work by prepending chr(2) to the string, but that is not something I would want to rely on) because javaCast("string", "NO") still shows up as a boolean
Factory or even specify a cache provider other than EHCache. Any string other than EHCache will throw an error. This means that it is not possible to implement any second level other than the EHCache that ships with ColdFusion 11! The way that RegionFactory implementation seems a bit of a hack. Steps
into CF:http://www.owasp.org/index.php/Category:OWASP_AntiSamy_ProjectEssentially it allows you to parse a string and remove potential XSS attacks.I wrote a blog entry a while back showing how to use AntiSamy in CF:http://blog.pengoworks.com/index.cfm/2008/1/3/Using-AntiSamy-to-protect-your-CFM-pages-from-XSS-hacks
by creating a scheduled task to run every few minutes (I have it at 2) to send a server message to all open connections. This forces traffic over the connection so that it never times out. However, it is absolutely a hack with much more overhead involved than if ping-pongs were implemented directly in CF.
but the answer options have to be rearranged so that all 0 value data items are at the top of the list. If it was the opposite where only items at the top of the list were colored it would be better but having to rearrange the order to put non-0 data as the last in the list of cfchartdata is a terrible hack
to me who had been hacked because of all this: bad guys had uploaded a cfm file (to a page doing cffile action="upload") with content that looked like an image (at the top) but had CFML at the bottom. It passed the strict test ("looked like a png"), but then that file was executable
to have this as an (optional) setting on CFCOLLECTION & the UI in CF Admin, rather than hacking config files. This *is* CF we're talking about after all![/quote]-- Adam Method: Result: ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3043982
.compiler.FinalVariableMutationException is thrown ----------- Actual Result: final ignored Expected Result: coldfusion.compiler.FinalVariableMutationException on line 3 2) Run: ----------- final variables.foo = "final honored" variables.foo = "final ignored" writeOutput(variables.foo) foo = "I call hacks"//if this line is commented
.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( At the end of the day, these smell like someone trying to hack, but cflogin shouldn't throw these exceptions. ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3517498
header set, but for some reason didn't check immediately. * I also had the numerous hacks resetting content and outputting a cfsavecontent variable on my 404 page by this stage, and decided not to rock the boat as it all seemed to be working fine. Yesterday our host finally also put in place