VYPR

Vendor CVEs

Macromedia

All CVEs

128 total · sorted by risk
  • CVE-2010-2187Jun 15, 2010
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160,…

  • CVE-2010-2184Jun 15, 2010
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160,…

  • CVE-2010-2182Jun 15, 2010
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160,…

  • CVE-2010-2180Jun 15, 2010
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160,…

  • CVE-2010-2178Jun 15, 2010
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160,…

  • CVE-2010-2177Jun 15, 2010
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160,…

  • CVE-2010-2176Jun 15, 2010
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160,…

  • CVE-2010-2175Jun 15, 2010
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160,…

  • CVE-2010-2169Jun 15, 2010
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.

  • CVE-2010-2166Jun 15, 2010
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160,…

  • CVE-2010-2165Jun 15, 2010
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160,…

  • CVE-2006-3979Aug 9, 2006
    risk 0.00cvss epss 0.00

    The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.

  • CVE-2006-2364May 15, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before…

  • CVE-2005-4473Dec 22, 2005
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL."

  • CVE-2005-4472Dec 22, 2005
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters.

  • CVE-2005-4344Dec 19, 2005
    risk 0.00cvss epss 0.00

    Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.

  • CVE-2005-4343Dec 19, 2005
    risk 0.00cvss epss 0.01

    Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection…

  • CVE-2005-4345Dec 19, 2005
    risk 0.00cvss epss 0.00

    Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.

  • CVE-2005-4342Dec 19, 2005
    risk 0.00cvss epss 0.02

    ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."

  • CVE-2005-3901Nov 29, 2005
    risk 0.00cvss epss 0.01

    Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133).

  • CVE-2005-3900Nov 29, 2005
    risk 0.00cvss epss 0.02

    Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build…

  • CVE-2005-3800Nov 24, 2005
    risk 0.00cvss epss 0.01

    Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information.

  • CVE-2005-3112Sep 30, 2005
    risk 0.00cvss epss 0.00

    The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords.

  • CVE-2005-2481Aug 5, 2005
    risk 0.00cvss epss 0.01

    ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.

  • CVE-2005-2306Jul 19, 2005
    risk 0.00cvss epss 0.00

    Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.

  • CVE-2005-1555May 10, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.

  • CVE-2005-1022May 2, 2005
    risk 0.00cvss epss 0.02

    ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information.

  • CVE-2004-2335Dec 31, 2004
    risk 0.00cvss epss 0.00

    The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying…

  • CVE-2004-2182Dec 31, 2004
    risk 0.00cvss epss 0.01

    Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.

  • CVE-2004-2204Dec 31, 2004
    risk 0.00cvss epss 0.00

    Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.

  • CVE-2004-1478Dec 31, 2004
    risk 0.00cvss epss 0.03

    JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.

  • CVE-2004-1893Dec 31, 2004
    risk 0.00cvss epss 0.02

    Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary…

  • CVE-2004-2330Dec 31, 2004
    risk 0.00cvss epss 0.02

    ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.

  • CVE-2004-1477Dec 31, 2004
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session.

  • CVE-2004-0928Oct 5, 2004
    risk 0.00cvss epss 0.04

    The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

  • CVE-2004-0407Jun 1, 2004
    risk 0.00cvss epss 0.02

    The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish.

  • CVE-2004-1815Mar 15, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2003-0208May 5, 2003
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.

  • CVE-2002-1467Apr 22, 2003
    risk 0.00cvss epss 0.02

    Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).

  • CVE-2002-1534Mar 31, 2003
    risk 0.00cvss epss 0.02

    Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share.

  • CVE-2002-1992Dec 31, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.

  • CVE-2002-2186Dec 31, 2002
    risk 0.00cvss epss 0.01

    Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.

  • CVE-2002-1881Dec 31, 2002
    risk 0.00cvss epss 0.02

    Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers.

  • CVE-2002-1625Dec 31, 2002
    risk 0.00cvss epss 0.02

    Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the…

  • CVE-2002-2187Dec 31, 2002
    risk 0.00cvss epss 0.01

    Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact.

  • CVE-2002-1855Dec 31, 2002
    risk 0.00cvss epss 0.02

    Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").

  • CVE-2002-1382Dec 23, 2002
    risk 0.00cvss epss 0.03

    Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846.

  • CVE-2002-1309Nov 29, 2002
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.

  • CVE-2002-1310Nov 29, 2002
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name.

  • CVE-2002-1025Oct 4, 2002
    risk 0.00cvss epss 0.02

    JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.