In my last job our developers worked primarily in ColdFusion, most recently MX 7. I picked up some research on the SecurityFocus pen-test mailing list about some ColdFusion MX insecurity tidbits [pdf] that I wanted to save. I really like that one can brute force the admin password from a secondary page (no username, no logon logging) and then upload and execute files.