Macromedia
Macromedia, Inc. was an American graphics, multimedia, and web development software company headquartered in San Francisco, California, that made products such as Flash and Dreamweaver. It was purchased by its rival Adobe Systems on December 3, 2005.
Products
22- 42 CVEs
- 33 CVEs
- 27 CVEs
- 9 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
128| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-50431 | Med | 0.38 | 5.9 | 0.00 | Oct 28, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze breeze allows Stored XSS.This issue affects Breeze: from n/a through <= 2.1.14. | ||
| CVE-2004-2331 | Med | 0.36 | 5.5 | 0.01 | Dec 31, 2004 | ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. | ||
| CVE-2025-69364 | Med | 0.34 | 5.3 | 0.00 | Jan 6, 2026 | Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21. | ||
| CVE-2024-50422 | Med | 0.34 | 5.3 | 0.01 | Oct 29, 2024 | Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.1.14. | ||
| CVE-2025-23203 | Med | 0.29 | 5.5 | 0.00 | Mar 26, 2025 | Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the… | ||
| CVE-2025-23999 | Med | 0.28 | 4.3 | 0.00 | Jun 18, 2025 | Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.13. | ||
| CVE-2010-3654 | 0.09 | — | 0.70 | Oct 29, 2010 | Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute… | |||
| CVE-2007-1403 | 0.05 | — | 0.29 | Mar 10, 2007 | Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4)… | |||
| CVE-2002-1700 | 0.05 | — | 0.24 | Dec 31, 2002 | Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting… | |||
| CVE-2019-10716 | 0.04 | — | 0.04 | Oct 20, 2019 | An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request. | |||
| CVE-2006-6885 | 0.04 | — | 0.07 | Dec 31, 2006 | An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute. | |||
| CVE-2005-3591 | 0.04 | — | 0.10 | Nov 16, 2005 | Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in… | |||
| CVE-2002-0937 | 0.04 | — | 0.07 | Oct 4, 2002 | The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | |||
| CVE-2002-0665 | 0.04 | — | 0.11 | Jul 11, 2002 | Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. | |||
| CVE-2000-1050 | 0.04 | — | 0.08 | Dec 11, 2000 | Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash"). | |||
| CVE-2006-6827 | 0.03 | — | 0.03 | Dec 31, 2006 | Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method. | |||
| CVE-2005-4216 | 0.03 | — | 0.04 | Dec 14, 2005 | The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111. | |||
| CVE-2005-2480 | 0.03 | — | 0.04 | Aug 5, 2005 | Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. | |||
| CVE-2004-2505 | 0.03 | — | 0.03 | Dec 31, 2004 | Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. | |||
| CVE-2003-1017 | 0.03 | — | 0.03 | Jan 5, 2004 | Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on… |
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze breeze allows Stored XSS.This issue affects Breeze: from n/a through <= 2.1.14.
- risk 0.36cvss 5.5epss 0.01
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.
- risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.1.14.
- risk 0.29cvss 5.5epss 0.00
Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.13.
- CVE-2010-3654Oct 29, 2010risk 0.09cvss —epss 0.70
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute…
- CVE-2007-1403Mar 10, 2007risk 0.05cvss —epss 0.29
Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4)…
- CVE-2002-1700Dec 31, 2002risk 0.05cvss —epss 0.24
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting…
- CVE-2019-10716Oct 20, 2019risk 0.04cvss —epss 0.04
An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.
- CVE-2006-6885Dec 31, 2006risk 0.04cvss —epss 0.07
An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.
- CVE-2005-3591Nov 16, 2005risk 0.04cvss —epss 0.10
Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in…
- CVE-2002-0937Oct 4, 2002risk 0.04cvss —epss 0.07
The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
- CVE-2002-0665Jul 11, 2002risk 0.04cvss —epss 0.11
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
- CVE-2000-1050Dec 11, 2000risk 0.04cvss —epss 0.08
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").
- CVE-2006-6827Dec 31, 2006risk 0.03cvss —epss 0.03
Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.
- CVE-2005-4216Dec 14, 2005risk 0.03cvss —epss 0.04
The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.
- CVE-2005-2480Aug 5, 2005risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.
- CVE-2004-2505Dec 31, 2004risk 0.03cvss —epss 0.03
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
- CVE-2003-1017Jan 5, 2004risk 0.03cvss —epss 0.03
Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on…