1 - Charge for restoring site which had been altered by recent injection attack
My site had been altered TWICE by recent injection attacks. Potential ColdFusion security issu And I restore my site from backup TWICE. Then they charged $10 as each restoration fee. The total is $20. I couldn't approve this charge. So I replie...
Read more...
Aggregated from: http://shigeru-nakagaki.com/in
2 - Did you know Adobe had a Product Security Incident Response blog?
I didn't! Thanks to Hemant for pointing this out to me. You can find this blog here: http://blogs.adobe.com/psirt/. I've pinged Adobe to find out a bit more about how and why content shows up here. You won't see anything about the MIME issue, but as that is a coder thing not a product thing (imho), it may not make sense here. Either way - one more blog to monitor I suppose. It's not ColdFusion specific, but I'm adding it to ColdFusionBloggers.org now.
Read more...
Aggregated from: http://feedproxy.google.com/~r
3 - Safety ColdFusion - FCKEditor
There is a critical point in FCKeditor, who was announced some time, when detected in connectors ASP and PHP. PHP - GeekLog v1.4.0 FckEditor File Upload Security Vulnerability ASP - Exploiting IIS via HTMLEncode (MS08-006) Now this vulnerability was detected in the version 8.0.1 of ColdFusion, the version 8.0 apparently does not suffer of this failure, but it is worth check. Many local are supplying information to prevent frights. Problem safety serious in CF 8.01 CF8 and FCKEditor Security Threat ColdFusion 8 FCKeditor Vulnerability I recommend disable filemanager.
Read more...
Aggregated from: http://feedproxy.google.com/~r
4 - Security threat with ColdFusion and FCKeditor
Yes, there is a security threat associated with file uploads in ColdFusion. Adobe is aware of this threat and we are working to release a security fix for this issue as soon as possible. Do read this important post from Adobe’s Product Security Incident Response Team which details how to mitigate this issue until a [...]
Read more...
Aggregated from: http://www.rakshith.net/blog/?
5 - OT: Null Characters Bring out the Beast
Once every blue moon, I am reminded of the fact that you cannot create a null character in ColdFusion. At least not in any of the ways you would expect.When the moon rises, I quickly run through the logical possibilities chr(0), javacast("char", chr(0)), etcetera. Only to find they do not work. Each new attempt producing everything from a space character to an empty string. But no null character in sight.As my frustration grows, my nails begin to lengthen. My flesh erupts in fur and my teeth turn transform into fangs. Then I remember. There is a way. Somewhere in the
Read more...
Aggregated from: http://cfsearching.blogspot.co
6 - Create A Running Average Without Storing Individual Values
I was thinking about how to be answer a new ColdFusion-based " Ask Ben " question about a rating system when I thought about creating numeric averages. All my life, when creating an average, I followed the simple formula of dividing the sum of a collection by the number of its entries: Average = Sum / N This, of course, requires you to have both the sum and the count of a ... Read More »
Read more...
Aggregated from: http://www.bennadel.com/index.
7 - Refresh Coldfusion Web Service WSDL definition programmatically
Working on a project that requires two coldfusion servers to chat with each other through web services; something I haven't had to do for many years now. Anyway, as soon as I made a change to my publishing CFC, my consuming CFC started complaining. Seems that the server caches the WSDL signature of the remote cfc. That is great for production, but not so much for development. So, practically crawling into the wayback machine, I quickly found Brandon Purcell's nearly 6 year old solution to Refreshing Web Service Stubs in ColdFusion MX. With two moments worth of added abstraction: And
Read more...
Aggregated from: http://blog.shortfusion.com/in
8 - Refresh Coldfusion Web Service WSDL definition stub programmatically
Working on a project that requires two coldfusion servers to chat with each other through web services; something I haven't had to do for many years now. Anyway, as soon as I made a change to my publishing CFC, my consuming CFC started complaining. Seems that the server caches the WSDL signature of the remote cfc. That is great for production, but not so much for development. So, practically crawling into the wayback machine, I quickly found Brandon Purcell's nearly 6 year old solution to Refreshing Web Service Stubs in ColdFusion MX. With two moments worth of added abstraction: And
Read more...
Aggregated from: http://blog.shortfusion.com/in
9 - ColdFusion 8 FCKeditor Vulnerability
There have been a few stories about a vulnerability in FCKeditor that is bundled with ColdFusion 8, first on SANS and now on The Register. The FCKeditor ColdFusion connector isn't enabled on all CF installations, I think if you installed a fresh 8.0.1 it is enabled, older versions may have had it disabled by default. Either way you need to make sure it is disabled, and remove the file manager. John Mason has put together a blog entry detailing how to do this here. If you aren't using cftextarea you might as well go ahead and delete (or move outside
Read more...
Aggregated from: http://www.petefreitag.com/ite
10 - ColdFusion Security Issue - FCKEditor
Many blogs are reporting this, and frankly I don't have more to add to the already good reports out there, but be sure you read and respond to this new issue involving FCKEditor. Details:
CF8 and FCKEditor Security Threat
ColdFusion 8 FCKeditor Vulnerability
Please help spread the word.
Read more...
Aggregated from: http://feedproxy.google.com/~r
11 - ColdFusion Security Issue - FCKEditor
Many blogs are reporting this, and frankly I don't have more to add to the already good reports out there, but be sure you read and respond to this new issue involving FCKEditor. Details: CF8 and FCKEditor Security Threat ColdFusion 8 FCKeditor...
Read more...
Aggregated from: http://www.coldfusionjedi.com/
12 - <cftextarea> and FCKeditor Exploit
I have now experienced a couple of servers exploited to inject harmful code into .js files. There's a lack of information out there and I believe I have finally ran into what I was looking for. There appears to be a vulnerability with the FCKeditor file upload feature. It appears it affects at least ColdFusion and PHP servers. Attackers are able to use the file uploader to run malware on the server injecting a <script> tag into the end of every .js file. The script includes the URL: "http://bit.ly/dUdvv". Avast, an anti-virus program, recognizes it as a IFRAME virus when
Read more...
Aggregated from: http://chris.cfwebtools.com/in
13 - ColdFusion 9 ORM and why I see deception
Not trying to be contradictive here (maybe a little bit) or rain on anyones parade, but I've been hearing and seeing loads of fuss from people who are "just waiting" for ColdFusion 9 ORM to be released, or some people who have projects where ColdFusion 9 ORM "would suit just perfectly". Whilst I find it to be perfectly normal and very exciting, I can also predict some deception is to come. Obviously this doesn't apply to everybody, but to some people who are expecting too much of it. When I say expecting too much of it, I mean people who think it
Read more...
Aggregated from: http://www.placona.co.uk/blog/
14 - Adobe Announces That HomeSite Is Officially Dead
With the exception of new ColdFusion tag definitions, we all know that there hasn't been any active development on HomeSite in a long time. Dreamweaver, CFEclipse, and now Adobe Bolt have long since taken over that product path. But still, it made me a bit sad to find out earlier this week on Twitter that Adobe officially announced the death of HomeSite as a product as of May 26, 2009, not only in development but also in s ... Read More »
Read more...
Aggregated from: http://www.bennadel.com/index.
15 - Converting ColdFusion data for jQuery Plugins - An example
Kerrie asks: A couple of weeks ago, I read a post you wrote on jQuery and form validation... really peaked my interest so I've been taking a look at not only the validation plugin, but many of the other great jQuery plugins... I found this one... [More]
Read more...
Aggregated from: http://www.coldfusionjedi.com/
16 - Converting ColdFusion data for jQuery Plugins - An example
Kerrie asks:
Kerrie, don't feel alone. I've noticed this in a few other jQuery plugins. The author will give you an example of the JSON they want, but they don't describe the JSON in pure data forms. So for example, if the JSON string is an array of strings, they don't say that. They just show it and assume you know that is how arrays are represented in JSON. JSON may be easy, but I definitely can't parse it in my head quite yet. Lets take a look at what the plugin wants: [More]A couple of weeks ago, I read a post you wrote on jQuery and form validation... really peaked my interest so I've been taking a look at not only the validation plugin, but many of the other great jQuery plugins... I found this one last night, and its perfect for an app I'm working on, but I cannot figure out how to return the output of a query to populate the list. In the demo they are returning the results of tvshows.php. I noticed a number of other folks were having the same problem but no solution. Might you have a few spare moments to take a look??
Read more...
Aggregated from: http://feedproxy.google.com/~r
17 - First Bangalore ColdFusion Usergroup
The inaugural meeting of the newly formed Bangalore ColdFusion Usergroup will take place July 09, 2009, at the Adobe Bangalore office. ColdFusion engineering team members will present ColdFusion Centaur and Bolt. Details posted online.
Read more...
Aggregated from: http://forta.com/blog/index.cf
18 - OCDev July Meeting: Geolocation with ColdFusion by Oğuz Demirkapı
We will have Oğuz Demirkapı as speaker for our July meeting. He will present one of his CFUnited 2009 topics at our next meeting. Topic Geolocation with ColdFusion What's the killer app of the web? It might just be geolocation, a service that opens up tons of new business and service opportunities. Plus, the visual rock. See the cutting edge in mapping from the entrepreneurs leading the way with ColdFusion. Speaker Oğuz Demirkapı (http://blog.demirkapi.net) Date and Time July 8, 2009 from 6:30 PM. Location NicheClick Media 27372 Aliso Creek Rd, Aliso Viejo, CA 92656 USA (Map) RSVP Please RSVP on
Read more...
Aggregated from: http://ocdev.org/post.cfm/ocde
19 - CF8 and FCKEditor Security threat
In a recent SANS posting, they identify a vulnerability in some ColdFusion installations. It involves the richtext feature found in cftexarea. This feature actually uses an open source application called FCKEditor. The FCKEditor has functionality to handle file uploads and file management but this feature should be disabled in the version embedded in CF server. The problem lies in that in some cases the connector that runs this feature is actually turn on. Is your connector on? Go to..CFIDE\scripts\ajax\FCKeditor\editor\filemanager\connectors\cfm Look at config.cfm and see if the connector is on. If left on, this means a hacker might be able to
Read more...
Aggregated from: http://www.codfusion.com/blog/
20 - Query of query issue with where clause/joins
A user reported this to me earlier in the week. I was sure he was wrong until I confirmed it myself. Imagine you have 2 queries you want to join using a query of query. Here is a quick sample.
[More]
Read more...
Aggregated from: http://feedproxy.google.com/~r