Filtered by vendor Macromedia
Subscriptions
Total
116 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-3901 | 1 Macromedia | 1 Flash Communication Server | 2025-04-03 | N/A |
Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | ||||
CVE-2004-1893 | 1 Macromedia | 2 Dreamweaver, Dreamweaver Ultradev | 2025-04-03 | N/A |
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. | ||||
CVE-2004-1477 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session. | ||||
CVE-2004-1478 | 2 Hitachi, Macromedia | 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more | 2025-04-03 | N/A |
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. | ||||
CVE-1999-1526 | 1 Macromedia | 1 Shockwave Flash Plugin | 2025-04-03 | N/A |
Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia. | ||||
CVE-2000-1049 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters. | ||||
CVE-2000-1050 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash"). | ||||
CVE-2000-1051 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet. | ||||
CVE-2000-1052 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet. | ||||
CVE-2000-1053 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. | ||||
CVE-2001-0179 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." | ||||
CVE-2002-0937 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | ||||
CVE-2002-1534 | 1 Macromedia | 1 Flash Player | 2025-04-03 | N/A |
Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share. | ||||
CVE-2002-0846 | 2 Macromedia, Redhat | 3 Shockwave Flash, Enterprise Linux, Linux | 2025-04-03 | N/A |
The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. | ||||
CVE-2002-1625 | 1 Macromedia | 1 Flash Player | 2025-04-03 | N/A |
Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed. | ||||
CVE-2002-2187 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact. | ||||
CVE-2005-1022 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | N/A |
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. | ||||
CVE-2002-1309 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | N/A |
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name. | ||||
CVE-2002-0801 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. | ||||
CVE-2005-4345 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | N/A |
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. |