VYPR
Vendor

Macromedia

Macromedia, Inc. was an American graphics, multimedia, and web development software company headquartered in San Francisco, California, that made products such as Flash and Dreamweaver. It was purchased by its rival Adobe Systems on December 3, 2005.

Founded 1992
Products
22
CVEs
128
Across products
149
Status
Private

Products

22

Recent CVEs

128
View all 128 CVEs →
  • CVE-2024-50431MedOct 28, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze breeze allows Stored XSS.This issue affects Breeze: from n/a through <= 2.1.14.

  • CVE-2004-2331MedDec 31, 2004
    risk 0.36cvss 5.5epss 0.01

    ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

  • CVE-2025-69364MedJan 6, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.

  • CVE-2024-50422MedOct 29, 2024
    risk 0.34cvss 5.3epss 0.01

    Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.1.14.

  • CVE-2025-23203MedMar 26, 2025
    risk 0.29cvss 5.5epss 0.00

    Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the…

  • CVE-2025-23999MedJun 18, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.13.

  • CVE-2010-3654Oct 29, 2010
    risk 0.09cvss epss 0.70

    Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute…

  • CVE-2007-1403Mar 10, 2007
    risk 0.05cvss epss 0.29

    Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4)…

  • CVE-2002-1700Dec 31, 2002
    risk 0.05cvss epss 0.24

    Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting…

  • CVE-2019-10716Oct 20, 2019
    risk 0.04cvss epss 0.04

    An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.

  • CVE-2006-6885Dec 31, 2006
    risk 0.04cvss epss 0.07

    An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.

  • CVE-2005-3591Nov 16, 2005
    risk 0.04cvss epss 0.10

    Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in…

  • CVE-2002-0937Oct 4, 2002
    risk 0.04cvss epss 0.07

    The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).

  • CVE-2002-0665Jul 11, 2002
    risk 0.04cvss epss 0.11

    Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.

  • CVE-2000-1050Dec 11, 2000
    risk 0.04cvss epss 0.08

    Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").

  • CVE-2006-6827Dec 31, 2006
    risk 0.03cvss epss 0.03

    Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.

  • CVE-2005-4216Dec 14, 2005
    risk 0.03cvss epss 0.04

    The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.

  • CVE-2005-2480Aug 5, 2005
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.

  • CVE-2004-2505Dec 31, 2004
    risk 0.03cvss epss 0.03

    Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.

  • CVE-2003-1017Jan 5, 2004
    risk 0.03cvss epss 0.03

    Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on…