Filtered by vendor Macromedia
Subscribe
Total
116 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2480 | 1 Macromedia | 1 Coldfusion Fusebox | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. | |||||
| CVE-2003-0208 | 1 Macromedia | 1 Flash | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field. | |||||
| CVE-2002-1881 | 1 Macromedia | 1 Flash Player | 2025-04-03 | 5.0 MEDIUM | N/A |
| Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers. | |||||
| CVE-2001-1511 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
| JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". | |||||
| CVE-2005-2481 | 1 Macromedia | 1 Coldfusion Fusebox | 2025-04-03 | 5.0 MEDIUM | N/A |
| ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character. | |||||
| CVE-2002-2187 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact. | |||||
| CVE-2002-0665 | 1 Macromedia | 1 Jrun | 2025-04-03 | 10.0 HIGH | N/A |
| Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. | |||||
| CVE-2004-1815 | 2 Macromedia, Sun | 3 Coldfusion, Jrun, One Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2002-1625 | 1 Macromedia | 1 Flash Player | 2025-04-03 | 5.0 MEDIUM | N/A |
| Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed. | |||||
| CVE-2003-1017 | 1 Macromedia | 2 Director, Flash Player | 2025-04-03 | 5.0 MEDIUM | N/A |
| Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names. | |||||
| CVE-2006-3979 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 7.2 HIGH | N/A |
| The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. | |||||
| CVE-2000-1050 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
| Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash"). | |||||
| CVE-2002-0846 | 1 Macromedia | 1 Shockwave Flash | 2025-04-03 | 7.5 HIGH | N/A |
| The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. | |||||
| CVE-2001-0535 | 1 Macromedia | 1 Coldfusion Server | 2025-04-03 | 7.5 HIGH | N/A |
| Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. | |||||
| CVE-2001-1514 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 10.0 HIGH | N/A |
| ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. | |||||
| CVE-2000-1049 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
| Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters. | |||||
| CVE-2005-3112 | 1 Macromedia | 1 Breeze | 2025-04-03 | 2.1 LOW | N/A |
| The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords. | |||||
| CVE-2002-2186 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
| Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL. | |||||
| CVE-2004-1893 | 1 Macromedia | 2 Dreamweaver, Dreamweaver Ultradev | 2025-04-03 | 5.0 MEDIUM | N/A |
| Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. | |||||
| CVE-2005-4344 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 2.1 LOW | N/A |
| Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration. | |||||