VYPR

Vendor CVEs

Macromedia

All CVEs

128 total · sorted by risk
  • CVE-2002-1026Oct 4, 2002
    risk 0.00cvss epss 0.03

    Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow.

  • CVE-2002-0846Aug 12, 2002
    risk 0.00cvss epss 0.03

    The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.

  • CVE-2002-0476Aug 12, 2002
    risk 0.00cvss epss 0.02

    Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.

  • CVE-2002-0477Aug 12, 2002
    risk 0.00cvss epss 0.02

    Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand.

  • CVE-2002-0576Jun 18, 2002
    risk 0.00cvss epss 0.03

    ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.

  • CVE-2002-0605Jun 18, 2002
    risk 0.00cvss epss 0.04

    Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter.

  • CVE-2001-1545Dec 31, 2001
    risk 0.00cvss epss 0.01

    Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.

  • CVE-2001-1511Dec 31, 2001
    risk 0.00cvss epss 0.01

    JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570".

  • CVE-2001-1512Dec 31, 2001
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050.

  • CVE-2001-1510Dec 31, 2001
    risk 0.00cvss epss 0.03

    Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.

  • CVE-2001-1544Dec 31, 2001
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.

  • CVE-2001-1514Dec 31, 2001
    risk 0.00cvss epss 0.01

    ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with and (2) child processes that call the CreateProcess function and are executed…

  • CVE-2001-1513Dec 31, 2001
    risk 0.00cvss epss 0.02

    Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx.

  • CVE-2001-0926Nov 28, 2001
    risk 0.00cvss epss 0.02

    SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement.

  • CVE-2001-0535Oct 30, 2001
    risk 0.00cvss epss 0.02

    Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web…

  • CVE-2001-1427Jul 11, 2001
    risk 0.00cvss epss 0.02

    Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.

  • CVE-2001-1084Jul 2, 2001
    risk 0.00cvss epss 0.03

    Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.

  • CVE-2001-0179May 3, 2001
    risk 0.00cvss epss 0.01

    Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."

  • CVE-2001-0166Mar 26, 2001
    risk 0.00cvss epss 0.02

    Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file.

  • CVE-2000-1052Dec 11, 2000
    risk 0.00cvss epss 0.01

    Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.

  • CVE-2000-1049Dec 11, 2000
    risk 0.00cvss epss 0.02

    Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.

  • CVE-2000-1051Dec 11, 2000
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.

  • CVE-2000-0540Jun 22, 2000
    risk 0.00cvss epss 0.03

    JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.

  • CVE-2000-0539Jun 22, 2000
    risk 0.00cvss epss 0.02

    Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.

  • CVE-1999-1454Oct 4, 1999
    risk 0.00cvss epss 0.00

    Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key.

  • CVE-1999-1526Mar 11, 1999
    risk 0.00cvss epss 0.01

    Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia.

  • CVE-1999-1271Jun 11, 1998
    risk 0.00cvss epss 0.00

    Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.

  • CVE-1999-1525Mar 14, 1997
    risk 0.00cvss epss 0.01

    Macromedia Shockwave before 6.0 allows a malicious webmaster to read a user's mail box and possibly access internal web servers via the GetNextText command on a Shockwave movie.

Page 3 of 3