Filtered by vendor Macromedia
Subscriptions
Total
116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4473 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
| Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL." | ||||
| CVE-2005-3900 | 1 Macromedia | 1 Breeze | 2025-04-03 | N/A |
| Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | ||||
| CVE-2004-2182 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
| Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | ||||
| CVE-2000-0540 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
| JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information. | ||||
| CVE-2004-0407 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | N/A |
| The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish. | ||||
| CVE-2001-0166 | 1 Macromedia | 1 Shockwave Flash Plugin | 2025-04-03 | N/A |
| Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file. | ||||
| CVE-2005-3591 | 1 Macromedia | 1 Flash Player | 2025-04-03 | N/A |
| Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. | ||||
| CVE-2004-1815 | 2 Macromedia, Sun | 3 Coldfusion, Jrun, One Application Server | 2025-04-03 | N/A |
| Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). | ||||
| CVE-2004-1893 | 1 Macromedia | 2 Dreamweaver, Dreamweaver Ultradev | 2025-04-03 | N/A |
| Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. | ||||
| CVE-2001-1511 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
| JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". | ||||
| CVE-2001-1514 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | N/A |
| ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. | ||||
| CVE-2004-2335 | 1 Macromedia | 2 Contribute, Studio | 2025-04-03 | N/A |
| The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program. | ||||
| CVE-2003-0208 | 1 Macromedia | 1 Flash | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field. | ||||
| CVE-2004-0928 | 2 Hitachi, Macromedia | 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more | 2025-04-03 | N/A |
| The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". | ||||
| CVE-2002-0605 | 1 Macromedia | 1 Flash Player | 2025-04-03 | N/A |
| Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter. | ||||
| CVE-2002-1025 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
| JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed. | ||||