Filtered by vendor Macromedia
Subscriptions
Total
116 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-4342 | 1 Macromedia | 1 Coldfusion | 2011-03-08 | N/A |
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." | ||||
CVE-2005-3900 | 1 Macromedia | 1 Breeze | 2011-03-08 | N/A |
Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | ||||
CVE-2001-1513 | 1 Macromedia | 1 Jrun | 2008-09-10 | N/A |
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx. | ||||
CVE-2001-1512 | 1 Macromedia | 1 Jrun | 2008-09-10 | N/A |
Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050. | ||||
CVE-2005-3901 | 1 Macromedia | 1 Flash Communication Server | 2008-09-05 | N/A |
Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | ||||
CVE-2005-3112 | 1 Macromedia | 1 Breeze | 2008-09-05 | N/A |
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords. | ||||
CVE-2005-2306 | 1 Macromedia | 2 Coldfusion, Jrun | 2008-09-05 | N/A |
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. | ||||
CVE-2002-1534 | 1 Macromedia | 1 Flash Player | 2008-09-05 | N/A |
Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share. | ||||
CVE-2002-1467 | 1 Macromedia | 2 Flash Player, Shockwave | 2008-09-05 | N/A |
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file). | ||||
CVE-2002-1027 | 1 Macromedia | 1 Sitespring | 2008-09-05 | N/A |
Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. | ||||
CVE-2002-1026 | 1 Macromedia | 1 Sitespring | 2008-09-05 | N/A |
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. | ||||
CVE-2002-1025 | 1 Macromedia | 1 Jrun | 2008-09-05 | N/A |
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed. | ||||
CVE-2002-0937 | 1 Macromedia | 1 Jrun | 2008-09-05 | N/A |
The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | ||||
CVE-2002-0801 | 1 Macromedia | 1 Jrun | 2008-09-05 | N/A |
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. | ||||
CVE-2002-0476 | 1 Macromedia | 1 Flash Player | 2008-09-05 | N/A |
Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand. | ||||
CVE-2001-0535 | 1 Macromedia | 1 Coldfusion Server | 2008-09-05 | N/A |
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. |