Vulnerabilities (CVE)

Filtered by vendor Macromedia Subscribe
Total 116 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1025 1 Macromedia 1 Jrun 2025-04-03 5.0 MEDIUM N/A
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
CVE-2002-0937 1 Macromedia 1 Jrun 2025-04-03 5.0 MEDIUM N/A
The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
CVE-2006-3979 1 Macromedia 1 Coldfusion 2025-04-03 7.2 HIGH N/A
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.
CVE-2002-1534 1 Macromedia 1 Flash Player 2025-04-03 5.0 MEDIUM N/A
Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share.
CVE-1999-1525 1 Macromedia 1 Shockwave Flash Plugin 2025-04-03 5.1 MEDIUM N/A
Macromedia Shockwave before 6.0 allows a malicious webmaster to read a user's mail box and possibly access internal web servers via the GetNextText command on a Shockwave movie.
CVE-2005-2628 1 Macromedia 1 Flash Player 2025-04-03 5.1 MEDIUM N/A
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
CVE-2004-0407 1 Macromedia 1 Coldfusion 2025-04-03 2.6 LOW N/A
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish.
CVE-2001-0179 1 Macromedia 1 Jrun 2025-04-03 5.0 MEDIUM N/A
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."
CVE-2004-1893 1 Macromedia 2 Dreamweaver, Dreamweaver Ultradev 2025-04-03 5.0 MEDIUM N/A
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp.
CVE-2000-0539 1 Macromedia 1 Jrun 2025-04-03 6.4 MEDIUM N/A
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.
CVE-2002-0846 1 Macromedia 1 Shockwave Flash 2025-04-03 7.5 HIGH N/A
The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.
CVE-2005-1022 1 Macromedia 1 Coldfusion 2025-04-03 5.0 MEDIUM N/A
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information.
CVE-2004-2335 1 Macromedia 2 Contribute, Studio 2025-04-03 7.2 HIGH N/A
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program.
CVE-2004-2204 1 Macromedia 1 Coldfusion 2025-04-03 7.2 HIGH N/A
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
CVE-2002-1382 1 Macromedia 1 Flash Player 2025-04-03 7.5 HIGH N/A
Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846.
CVE-2005-4345 1 Macromedia 1 Coldfusion 2025-04-03 7.2 HIGH N/A
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
CVE-2001-1545 1 Macromedia 1 Jrun 2025-04-03 5.0 MEDIUM N/A
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
CVE-2005-3901 1 Macromedia 1 Flash Communication Server 2025-04-03 7.8 HIGH N/A
Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133).
CVE-2002-0801 1 Macromedia 1 Jrun 2025-04-03 10.0 HIGH N/A
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.
CVE-2000-1052 1 Macromedia 1 Jrun 2025-04-03 5.0 MEDIUM N/A
Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.