Filtered by vendor Macromedia
Subscriptions
Total
116 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-4342 | 1 Macromedia | 1 Coldfusion | 2024-11-21 | N/A |
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." | ||||
CVE-2005-4216 | 1 Macromedia | 1 Flash Media Server | 2024-11-21 | N/A |
The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111. | ||||
CVE-2005-3901 | 1 Macromedia | 1 Flash Communication Server | 2024-11-21 | N/A |
Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | ||||
CVE-2005-3900 | 1 Macromedia | 1 Breeze | 2024-11-21 | N/A |
Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | ||||
CVE-2005-3800 | 1 Macromedia | 1 Contribute Publishing Server | 2024-11-21 | N/A |
Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information. | ||||
CVE-2005-3591 | 1 Macromedia | 1 Flash Player | 2024-11-21 | N/A |
Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. | ||||
CVE-2005-3112 | 1 Macromedia | 1 Breeze | 2024-11-21 | N/A |
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords. | ||||
CVE-2005-2628 | 2 Macromedia, Redhat | 2 Flash Player, Rhel Extras | 2024-11-21 | N/A |
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer. | ||||
CVE-2005-2481 | 1 Macromedia | 1 Coldfusion Fusebox | 2024-11-21 | N/A |
ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character. | ||||
CVE-2005-2480 | 1 Macromedia | 1 Coldfusion Fusebox | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. | ||||
CVE-2005-2306 | 1 Macromedia | 2 Coldfusion, Jrun | 2024-11-21 | N/A |
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. | ||||
CVE-2005-1555 | 1 Macromedia | 1 Coldfusion | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. | ||||
CVE-2005-1022 | 1 Macromedia | 1 Coldfusion | 2024-11-21 | N/A |
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. | ||||
CVE-2004-2505 | 1 Macromedia | 1 Coldfusion | 2024-11-21 | N/A |
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. | ||||
CVE-2004-2335 | 1 Macromedia | 2 Contribute, Studio | 2024-11-21 | N/A |
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program. | ||||
CVE-2004-2331 | 1 Macromedia | 1 Coldfusion | 2024-11-21 | 5.5 Medium |
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. | ||||
CVE-2004-2330 | 1 Macromedia | 1 Coldfusion | 2024-11-21 | N/A |
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. | ||||
CVE-2004-2204 | 1 Macromedia | 1 Coldfusion | 2024-11-21 | N/A |
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. | ||||
CVE-2004-2182 | 1 Macromedia | 1 Jrun | 2024-11-21 | N/A |
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | ||||
CVE-2004-1893 | 1 Macromedia | 2 Dreamweaver, Dreamweaver Ultradev | 2024-11-21 | N/A |
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. |