Filtered by vendor Macromedia
Subscriptions
Total
116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1017 | 1 Macromedia | 2 Director, Flash Player | 2025-04-03 | N/A |
| Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names. | ||||
| CVE-2005-4216 | 1 Macromedia | 1 Flash Media Server | 2025-04-03 | N/A |
| The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111. | ||||
| CVE-2005-2628 | 2 Macromedia, Redhat | 2 Flash Player, Rhel Extras | 2025-04-03 | N/A |
| Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer. | ||||
| CVE-2004-0646 | 1 Macromedia | 2 Coldfusion, Jrun | 2025-04-03 | N/A |
| Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields. | ||||
| CVE-2005-2480 | 1 Macromedia | 1 Coldfusion Fusebox | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. | ||||
| CVE-1999-1271 | 1 Macromedia | 1 Dreamweaver | 2025-04-03 | N/A |
| Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users. | ||||
| CVE-2005-1022 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | N/A |
| ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. | ||||
| CVE-1999-1454 | 1 Macromedia | 1 Matrix Screen Saver | 2025-04-03 | N/A |
| Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key. | ||||
| CVE-2001-0926 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
| SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement. | ||||
| CVE-2004-1477 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session. | ||||
| CVE-2004-1478 | 2 Hitachi, Macromedia | 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more | 2025-04-03 | N/A |
| JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. | ||||
| CVE-2001-1544 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
| Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. | ||||
| CVE-2002-1026 | 1 Macromedia | 1 Sitespring | 2025-04-03 | N/A |
| Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. | ||||
| CVE-2002-2187 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
| Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact. | ||||
| CVE-2004-2204 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | N/A |
| Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. | ||||
| CVE-2005-1555 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. | ||||
| CVE-2005-3800 | 1 Macromedia | 1 Contribute Publishing Server | 2025-04-03 | N/A |
| Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information. | ||||
| CVE-2006-0024 | 2 Macromedia, Redhat | 2 Flash Player, Rhel Extras | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file. | ||||
| CVE-2006-3979 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | N/A |
| The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. | ||||
| CVE-2005-4344 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | N/A |
| Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration. | ||||