Filtered by vendor Macromedia
Subscriptions
Total
116 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2004-2331 | 1 Macromedia | 1 Coldfusion | 2024-01-25 | 5.5 Medium |
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. | ||||
CVE-2002-2186 | 1 Macromedia | 1 Jrun | 2022-10-03 | N/A |
Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL. | ||||
CVE-2002-2187 | 1 Macromedia | 1 Jrun | 2022-10-03 | N/A |
Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact. | ||||
CVE-2002-1855 | 1 Macromedia | 1 Jrun | 2022-10-03 | N/A |
Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | ||||
CVE-2002-1992 | 1 Macromedia | 2 Coldfusion, Coldfusion Professional | 2022-10-03 | N/A |
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header. | ||||
CVE-2002-1881 | 1 Macromedia | 1 Flash Player | 2022-10-03 | N/A |
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers. | ||||
CVE-2001-1510 | 1 Macromedia | 1 Jrun | 2022-10-03 | N/A |
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. | ||||
CVE-2001-1545 | 1 Macromedia | 1 Jrun | 2022-10-03 | N/A |
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing. | ||||
CVE-2001-1544 | 1 Macromedia | 1 Jrun | 2022-10-03 | N/A |
Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. | ||||
CVE-2001-1514 | 1 Macromedia | 1 Coldfusion | 2022-10-03 | N/A |
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. | ||||
CVE-2001-1511 | 1 Macromedia | 1 Jrun | 2022-10-03 | N/A |
JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". | ||||
CVE-2004-2182 | 1 Macromedia | 1 Jrun | 2022-10-03 | N/A |
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | ||||
CVE-2009-3793 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2018-10-30 | N/A |
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2010-2162 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2018-10-30 | N/A |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms. | ||||
CVE-2010-2160 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2018-10-30 | N/A |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | ||||
CVE-2010-2163 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2018-10-30 | N/A |
Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors. | ||||
CVE-2010-2161 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2018-10-30 | N/A |
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." | ||||
CVE-2010-2164 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2018-10-30 | N/A |
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function." | ||||
CVE-2010-2165 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2018-10-30 | N/A |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | ||||
CVE-2010-2166 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2018-10-30 | N/A |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. |