Filtered by vendor Macromedia
Subscribe
Total
116 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1025 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed. | |||||
CVE-2002-0937 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | |||||
CVE-2006-3979 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 7.2 HIGH | N/A |
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. | |||||
CVE-2002-1534 | 1 Macromedia | 1 Flash Player | 2025-04-03 | 5.0 MEDIUM | N/A |
Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share. | |||||
CVE-1999-1525 | 1 Macromedia | 1 Shockwave Flash Plugin | 2025-04-03 | 5.1 MEDIUM | N/A |
Macromedia Shockwave before 6.0 allows a malicious webmaster to read a user's mail box and possibly access internal web servers via the GetNextText command on a Shockwave movie. | |||||
CVE-2005-2628 | 1 Macromedia | 1 Flash Player | 2025-04-03 | 5.1 MEDIUM | N/A |
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer. | |||||
CVE-2004-0407 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 2.6 LOW | N/A |
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish. | |||||
CVE-2001-0179 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." | |||||
CVE-2004-1893 | 1 Macromedia | 2 Dreamweaver, Dreamweaver Ultradev | 2025-04-03 | 5.0 MEDIUM | N/A |
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. | |||||
CVE-2000-0539 | 1 Macromedia | 1 Jrun | 2025-04-03 | 6.4 MEDIUM | N/A |
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. | |||||
CVE-2002-0846 | 1 Macromedia | 1 Shockwave Flash | 2025-04-03 | 7.5 HIGH | N/A |
The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. | |||||
CVE-2005-1022 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 5.0 MEDIUM | N/A |
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. | |||||
CVE-2004-2335 | 1 Macromedia | 2 Contribute, Studio | 2025-04-03 | 7.2 HIGH | N/A |
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program. | |||||
CVE-2004-2204 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 7.2 HIGH | N/A |
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. | |||||
CVE-2002-1382 | 1 Macromedia | 1 Flash Player | 2025-04-03 | 7.5 HIGH | N/A |
Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846. | |||||
CVE-2005-4345 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 7.2 HIGH | N/A |
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. | |||||
CVE-2001-1545 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing. | |||||
CVE-2005-3901 | 1 Macromedia | 1 Flash Communication Server | 2025-04-03 | 7.8 HIGH | N/A |
Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | |||||
CVE-2002-0801 | 1 Macromedia | 1 Jrun | 2025-04-03 | 10.0 HIGH | N/A |
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. | |||||
CVE-2000-1052 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet. |