I haven't done Coldfusion since CF4, however recently have been tasked to look at a CF7MX appilication that has 3 security issues they are looking to fix.
1. Cross Site Scripting - I believe I have this one figured out using the Admin Pannel's "Enable global script protection" 2. Format String Injection 3. Parameter Based Buffer Overflow I have been able to find generalized information on the other two issues, but nothing as it relates to CF itself. Will the "Enable global script protection" fix these other two as well or should I be looking elsewhere? Everything I am finding has to do with SQL injection and not Format String Injection, and I'm finding nothing on Parameter Based Buffer Overflow. Any help anyone could provide would be great. Thanks, Jamie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353180 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm