Vendor CVEs
Macromedia
All CVEs
128 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-50431 | Med | 0.38 | 5.9 | 0.00 | Oct 28, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze breeze allows Stored XSS.This issue affects Breeze: from n/a through <= 2.1.14. | ||
| CVE-2004-2331 | Med | 0.36 | 5.5 | 0.01 | Dec 31, 2004 | ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. | ||
| CVE-2025-69364 | Med | 0.34 | 5.3 | 0.00 | Jan 6, 2026 | Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21. | ||
| CVE-2024-50422 | Med | 0.34 | 5.3 | 0.01 | Oct 29, 2024 | Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.1.14. | ||
| CVE-2025-23203 | Med | 0.29 | 5.5 | 0.00 | Mar 26, 2025 | Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the… | ||
| CVE-2025-23999 | Med | 0.28 | 4.3 | 0.00 | Jun 18, 2025 | Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.13. | ||
| CVE-2010-3654 | 0.09 | — | 0.70 | Oct 29, 2010 | Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute… | |||
| CVE-2007-1403 | 0.05 | — | 0.29 | Mar 10, 2007 | Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4)… | |||
| CVE-2002-1700 | 0.05 | — | 0.24 | Dec 31, 2002 | Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting… | |||
| CVE-2019-10716 | 0.04 | — | 0.04 | Oct 20, 2019 | An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request. | |||
| CVE-2006-6885 | 0.04 | — | 0.07 | Dec 31, 2006 | An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute. | |||
| CVE-2005-3591 | 0.04 | — | 0.10 | Nov 16, 2005 | Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in… | |||
| CVE-2002-0937 | 0.04 | — | 0.07 | Oct 4, 2002 | The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | |||
| CVE-2002-0665 | 0.04 | — | 0.11 | Jul 11, 2002 | Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. | |||
| CVE-2000-1050 | 0.04 | — | 0.08 | Dec 11, 2000 | Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash"). | |||
| CVE-2006-6827 | 0.03 | — | 0.03 | Dec 31, 2006 | Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method. | |||
| CVE-2005-4216 | 0.03 | — | 0.04 | Dec 14, 2005 | The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111. | |||
| CVE-2005-2480 | 0.03 | — | 0.04 | Aug 5, 2005 | Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. | |||
| CVE-2004-2505 | 0.03 | — | 0.03 | Dec 31, 2004 | Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. | |||
| CVE-2003-1017 | 0.03 | — | 0.03 | Jan 5, 2004 | Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on… | |||
| CVE-2003-1469 | 0.03 | — | 0.07 | Dec 31, 2003 | The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | |||
| CVE-2002-1027 | 0.03 | — | 0.03 | Oct 4, 2002 | Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. | |||
| CVE-2000-1053 | 0.03 | — | 0.06 | Dec 11, 2000 | Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. | |||
| CVE-2010-2188 | 0.01 | — | 0.07 | Jun 15, 2010 | Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times… | |||
| CVE-2010-2186 | 0.01 | — | 0.07 | Jun 15, 2010 | Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2010-2185 | 0.01 | — | 0.09 | Jun 15, 2010 | Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2010-2183 | 0.01 | — | 0.07 | Jun 15, 2010 | Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181. | |||
| CVE-2010-2181 | 0.01 | — | 0.07 | Jun 15, 2010 | Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183. | |||
| CVE-2010-2174 | 0.01 | — | 0.07 | Jun 15, 2010 | Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability… | |||
| CVE-2010-2173 | 0.01 | — | 0.07 | Jun 15, 2010 | Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability… | |||
| CVE-2010-2171 | 0.01 | — | 0.07 | Jun 15, 2010 | Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and… | |||
| CVE-2010-2170 | 0.01 | — | 0.07 | Jun 15, 2010 | Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183. | |||
| CVE-2010-2167 | 0.01 | — | 0.09 | Jun 15, 2010 | Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data. | |||
| CVE-2010-2164 | 0.01 | — | 0.07 | Jun 15, 2010 | Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function." | |||
| CVE-2010-2163 | 0.01 | — | 0.07 | Jun 15, 2010 | Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2010-2162 | 0.01 | — | 0.07 | Jun 15, 2010 | Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2)… | |||
| CVE-2010-2161 | 0.01 | — | 0.07 | Jun 15, 2010 | Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." | |||
| CVE-2010-2160 | 0.01 | — | 0.07 | Jun 15, 2010 | Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript… | |||
| CVE-2009-3793 | 0.01 | — | 0.09 | Jun 15, 2010 | Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2006-0024 | 0.01 | — | 0.07 | Mar 15, 2006 | Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file. | |||
| CVE-2005-2628 | 0.01 | — | 0.07 | Nov 5, 2005 | Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer. | |||
| CVE-2004-0646 | 0.01 | — | 0.07 | Dec 23, 2004 | Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other… | |||
| CVE-2002-0801 | 0.01 | — | 0.09 | Aug 12, 2002 | Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. | |||
| CVE-2025-46067 | 0.00 | — | 0.00 | Jan 12, 2026 | An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file | |||
| CVE-2025-46068 | 0.00 | — | 0.00 | Jan 12, 2026 | An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism | |||
| CVE-2025-46066 | 0.00 | — | 0.00 | Jan 12, 2026 | An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges | |||
| CVE-2025-43565 | 0.00 | — | 0.09 | May 13, 2025 | ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security… | |||
| CVE-2018-16498 | 0.00 | — | 0.00 | May 26, 2021 | In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores. | |||
| CVE-2019-10715 | 0.00 | — | 0.01 | Oct 20, 2019 | There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages. | |||
| CVE-2010-2189 | 0.00 | — | 0.06 | Jun 15, 2010 | Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified… |
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze breeze allows Stored XSS.This issue affects Breeze: from n/a through <= 2.1.14.
- risk 0.36cvss 5.5epss 0.01
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.
- risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.1.14.
- risk 0.29cvss 5.5epss 0.00
Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.13.
- CVE-2010-3654Oct 29, 2010risk 0.09cvss —epss 0.70
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute…
- CVE-2007-1403Mar 10, 2007risk 0.05cvss —epss 0.29
Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4)…
- CVE-2002-1700Dec 31, 2002risk 0.05cvss —epss 0.24
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting…
- CVE-2019-10716Oct 20, 2019risk 0.04cvss —epss 0.04
An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.
- CVE-2006-6885Dec 31, 2006risk 0.04cvss —epss 0.07
An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.
- CVE-2005-3591Nov 16, 2005risk 0.04cvss —epss 0.10
Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in…
- CVE-2002-0937Oct 4, 2002risk 0.04cvss —epss 0.07
The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
- CVE-2002-0665Jul 11, 2002risk 0.04cvss —epss 0.11
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
- CVE-2000-1050Dec 11, 2000risk 0.04cvss —epss 0.08
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").
- CVE-2006-6827Dec 31, 2006risk 0.03cvss —epss 0.03
Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.
- CVE-2005-4216Dec 14, 2005risk 0.03cvss —epss 0.04
The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.
- CVE-2005-2480Aug 5, 2005risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.
- CVE-2004-2505Dec 31, 2004risk 0.03cvss —epss 0.03
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
- CVE-2003-1017Jan 5, 2004risk 0.03cvss —epss 0.03
Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on…
- CVE-2003-1469Dec 31, 2003risk 0.03cvss —epss 0.07
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
- CVE-2002-1027Oct 4, 2002risk 0.03cvss —epss 0.03
Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter.
- CVE-2000-1053Dec 11, 2000risk 0.03cvss —epss 0.06
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.
- CVE-2010-2188Jun 15, 2010risk 0.01cvss —epss 0.07
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times…
- CVE-2010-2186Jun 15, 2010risk 0.01cvss —epss 0.07
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2010-2185Jun 15, 2010risk 0.01cvss —epss 0.09
Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.
- CVE-2010-2183Jun 15, 2010risk 0.01cvss —epss 0.07
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.
- CVE-2010-2181Jun 15, 2010risk 0.01cvss —epss 0.07
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.
- CVE-2010-2174Jun 15, 2010risk 0.01cvss —epss 0.07
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability…
- CVE-2010-2173Jun 15, 2010risk 0.01cvss —epss 0.07
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability…
- CVE-2010-2171Jun 15, 2010risk 0.01cvss —epss 0.07
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and…
- CVE-2010-2170Jun 15, 2010risk 0.01cvss —epss 0.07
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.
- CVE-2010-2167Jun 15, 2010risk 0.01cvss —epss 0.09
Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.
- CVE-2010-2164Jun 15, 2010risk 0.01cvss —epss 0.07
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function."
- CVE-2010-2163Jun 15, 2010risk 0.01cvss —epss 0.07
Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.
- CVE-2010-2162Jun 15, 2010risk 0.01cvss —epss 0.07
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2)…
- CVE-2010-2161Jun 15, 2010risk 0.01cvss —epss 0.07
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code."
- CVE-2010-2160Jun 15, 2010risk 0.01cvss —epss 0.07
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript…
- CVE-2009-3793Jun 15, 2010risk 0.01cvss —epss 0.09
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
- CVE-2006-0024Mar 15, 2006risk 0.01cvss —epss 0.07
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.
- CVE-2005-2628Nov 5, 2005risk 0.01cvss —epss 0.07
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
- CVE-2004-0646Dec 23, 2004risk 0.01cvss —epss 0.07
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other…
- CVE-2002-0801Aug 12, 2002risk 0.01cvss —epss 0.09
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.
- CVE-2025-46067Jan 12, 2026risk 0.00cvss —epss 0.00
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file
- CVE-2025-46068Jan 12, 2026risk 0.00cvss —epss 0.00
An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism
- CVE-2025-46066Jan 12, 2026risk 0.00cvss —epss 0.00
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges
- CVE-2025-43565May 13, 2025risk 0.00cvss —epss 0.09
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security…
- CVE-2018-16498May 26, 2021risk 0.00cvss —epss 0.00
In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.
- CVE-2019-10715Oct 20, 2019risk 0.00cvss —epss 0.01
There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages.
- CVE-2010-2189Jun 15, 2010risk 0.00cvss —epss 0.06
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified…
Page 1 of 3