ReportizFlow
Filtered by vendor Macromedia
Subscriptions
Total
116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0928 | 2 Hitachi, Macromedia | 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more | 2026-04-16 | N/A |
| The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". | ||||
| CVE-2002-1026 | 1 Macromedia | 1 Sitespring | 2026-04-16 | N/A |
| Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. | ||||
| CVE-2005-3112 | 1 Macromedia | 1 Breeze | 2026-04-16 | N/A |
| The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords. | ||||
| CVE-2005-1555 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. | ||||
| CVE-2005-2628 | 2 Macromedia, Redhat | 2 Flash Player, Rhel Extras | 2026-04-16 | N/A |
| Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer. | ||||
| CVE-2002-1025 | 1 Macromedia | 1 Jrun | 2026-04-16 | N/A |
| JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed. | ||||
| CVE-2002-1310 | 1 Macromedia | 1 Jrun | 2026-04-16 | N/A |
| Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name. | ||||
| CVE-2002-1382 | 1 Macromedia | 1 Flash Player | 2026-04-16 | N/A |
| Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846. | ||||
| CVE-2002-1625 | 1 Macromedia | 1 Flash Player | 2026-04-16 | N/A |
| Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed. | ||||
| CVE-1999-1525 | 1 Macromedia | 1 Shockwave Flash Plugin | 2026-04-16 | N/A |
| Macromedia Shockwave before 6.0 allows a malicious webmaster to read a user's mail box and possibly access internal web servers via the GetNextText command on a Shockwave movie. | ||||
| CVE-2005-3591 | 1 Macromedia | 1 Flash Player | 2026-04-16 | N/A |
| Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. | ||||
| CVE-2006-0024 | 2 Macromedia, Redhat | 2 Flash Player, Rhel Extras | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file. | ||||
| CVE-2005-1022 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | N/A |
| ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2002-0665 | 1 Macromedia | 1 Jrun | 2026-04-16 | N/A |
| Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. | ||||
| CVE-2005-4472 | 1 Macromedia | 1 Jrun | 2026-04-16 | N/A |
| Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters. | ||||
| CVE-2002-1881 | 1 Macromedia | 1 Flash Player | 2026-04-16 | N/A |
| Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers. | ||||
| CVE-2006-2364 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. | ||||
| CVE-2002-0801 | 1 Macromedia | 1 Jrun | 2026-04-16 | N/A |
| Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. | ||||
| CVE-2005-4216 | 1 Macromedia | 1 Flash Media Server | 2026-04-16 | N/A |
| The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111. | ||||
| CVE-2000-1051 | 1 Macromedia | 1 Jrun | 2026-04-16 | N/A |
| Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet. | ||||