VYPR

Vendor CVEs

Macromedia

All CVEs

128 total · sorted by risk
  • CVE-2024-50431MedOct 28, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze breeze allows Stored XSS.This issue affects Breeze: from n/a through <= 2.1.14.

  • CVE-2004-2331MedDec 31, 2004
    risk 0.36cvss 5.5epss 0.01

    ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

  • CVE-2025-69364MedJan 6, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.

  • CVE-2024-50422MedOct 29, 2024
    risk 0.34cvss 5.3epss 0.01

    Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.1.14.

  • CVE-2025-23203MedMar 26, 2025
    risk 0.29cvss 5.5epss 0.00

    Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the…

  • CVE-2025-23999MedJun 18, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.13.

  • CVE-2010-3654Oct 29, 2010
    risk 0.09cvss epss 0.70

    Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute…

  • CVE-2007-1403Mar 10, 2007
    risk 0.05cvss epss 0.29

    Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4)…

  • CVE-2002-1700Dec 31, 2002
    risk 0.05cvss epss 0.24

    Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting…

  • CVE-2019-10716Oct 20, 2019
    risk 0.04cvss epss 0.04

    An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.

  • CVE-2006-6885Dec 31, 2006
    risk 0.04cvss epss 0.07

    An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.

  • CVE-2005-3591Nov 16, 2005
    risk 0.04cvss epss 0.10

    Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in…

  • CVE-2002-0937Oct 4, 2002
    risk 0.04cvss epss 0.07

    The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).

  • CVE-2002-0665Jul 11, 2002
    risk 0.04cvss epss 0.11

    Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.

  • CVE-2000-1050Dec 11, 2000
    risk 0.04cvss epss 0.08

    Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").

  • CVE-2006-6827Dec 31, 2006
    risk 0.03cvss epss 0.03

    Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.

  • CVE-2005-4216Dec 14, 2005
    risk 0.03cvss epss 0.04

    The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.

  • CVE-2005-2480Aug 5, 2005
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.

  • CVE-2004-2505Dec 31, 2004
    risk 0.03cvss epss 0.03

    Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.

  • CVE-2003-1017Jan 5, 2004
    risk 0.03cvss epss 0.03

    Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on…

  • CVE-2003-1469Dec 31, 2003
    risk 0.03cvss epss 0.07

    The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.

  • CVE-2002-1027Oct 4, 2002
    risk 0.03cvss epss 0.03

    Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter.

  • CVE-2000-1053Dec 11, 2000
    risk 0.03cvss epss 0.06

    Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.

  • CVE-2010-2188Jun 15, 2010
    risk 0.01cvss epss 0.07

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times…

  • CVE-2010-2186Jun 15, 2010
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2010-2185Jun 15, 2010
    risk 0.01cvss epss 0.09

    Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.

  • CVE-2010-2183Jun 15, 2010
    risk 0.01cvss epss 0.07

    Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.

  • CVE-2010-2181Jun 15, 2010
    risk 0.01cvss epss 0.07

    Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.

  • CVE-2010-2174Jun 15, 2010
    risk 0.01cvss epss 0.07

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability…

  • CVE-2010-2173Jun 15, 2010
    risk 0.01cvss epss 0.07

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability…

  • CVE-2010-2171Jun 15, 2010
    risk 0.01cvss epss 0.07

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and…

  • CVE-2010-2170Jun 15, 2010
    risk 0.01cvss epss 0.07

    Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.

  • CVE-2010-2167Jun 15, 2010
    risk 0.01cvss epss 0.09

    Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.

  • CVE-2010-2164Jun 15, 2010
    risk 0.01cvss epss 0.07

    Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function."

  • CVE-2010-2163Jun 15, 2010
    risk 0.01cvss epss 0.07

    Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.

  • CVE-2010-2162Jun 15, 2010
    risk 0.01cvss epss 0.07

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2)…

  • CVE-2010-2161Jun 15, 2010
    risk 0.01cvss epss 0.07

    Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code."

  • CVE-2010-2160Jun 15, 2010
    risk 0.01cvss epss 0.07

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript…

  • CVE-2009-3793Jun 15, 2010
    risk 0.01cvss epss 0.09

    Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.

  • CVE-2006-0024Mar 15, 2006
    risk 0.01cvss epss 0.07

    Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.

  • CVE-2005-2628Nov 5, 2005
    risk 0.01cvss epss 0.07

    Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.

  • CVE-2004-0646Dec 23, 2004
    risk 0.01cvss epss 0.07

    Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other…

  • CVE-2002-0801Aug 12, 2002
    risk 0.01cvss epss 0.09

    Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.

  • CVE-2025-46067Jan 12, 2026
    risk 0.00cvss epss 0.00

    An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file

  • CVE-2025-46068Jan 12, 2026
    risk 0.00cvss epss 0.00

    An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism

  • CVE-2025-46066Jan 12, 2026
    risk 0.00cvss epss 0.00

    An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges

  • CVE-2025-43565May 13, 2025
    risk 0.00cvss epss 0.09

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security…

  • CVE-2018-16498May 26, 2021
    risk 0.00cvss epss 0.00

    In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.

  • CVE-2019-10715Oct 20, 2019
    risk 0.00cvss epss 0.01

    There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages.

  • CVE-2010-2189Jun 15, 2010
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified…

Page 1 of 3