Filtered by vendor Macromedia
Subscribe
Total
116 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0928 | 2 Hitachi, Macromedia | 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". | |||||
CVE-2004-0646 | 1 Macromedia | 2 Coldfusion, Jrun | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields. | |||||
CVE-2001-1514 | 1 Macromedia | 1 Coldfusion | 2023-12-10 | 10.0 HIGH | N/A |
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. | |||||
CVE-2000-1051 | 1 Macromedia | 1 Jrun | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet. | |||||
CVE-2004-1893 | 1 Macromedia | 2 Dreamweaver, Dreamweaver Ultradev | 2023-12-10 | 5.0 MEDIUM | N/A |
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. | |||||
CVE-2002-0665 | 1 Macromedia | 1 Jrun | 2023-12-10 | 10.0 HIGH | N/A |
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. | |||||
CVE-1999-1526 | 1 Macromedia | 1 Shockwave Flash Plugin | 2023-12-10 | 5.0 MEDIUM | N/A |
Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia. | |||||
CVE-2002-0605 | 1 Macromedia | 1 Flash Player | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter. | |||||
CVE-2002-1027 | 1 Macromedia | 1 Sitespring | 2023-12-10 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. | |||||
CVE-2001-1545 | 1 Macromedia | 1 Jrun | 2023-12-10 | 5.0 MEDIUM | N/A |
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing. | |||||
CVE-2002-0846 | 1 Macromedia | 1 Shockwave Flash | 2023-12-10 | 7.5 HIGH | N/A |
The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. | |||||
CVE-2001-1513 | 1 Macromedia | 1 Jrun | 2023-12-10 | 7.5 HIGH | N/A |
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx. | |||||
CVE-2001-1084 | 1 Macromedia | 1 Jrun | 2023-12-10 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. | |||||
CVE-2001-1544 | 1 Macromedia | 1 Jrun | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. | |||||
CVE-2003-1469 | 2 Macromedia, Microsoft | 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | |||||
CVE-2002-1467 | 1 Macromedia | 2 Flash Player, Shockwave | 2023-12-10 | 5.0 MEDIUM | N/A |
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file). | |||||
CVE-2002-1855 | 1 Macromedia | 1 Jrun | 2023-12-10 | 5.0 MEDIUM | N/A |
Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | |||||
CVE-2000-0539 | 1 Macromedia | 1 Jrun | 2023-12-10 | 6.4 MEDIUM | N/A |
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. | |||||
CVE-2002-0476 | 1 Macromedia | 1 Flash Player | 2023-12-10 | 5.0 MEDIUM | N/A |
Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand. | |||||
CVE-2001-1427 | 1 Macromedia | 1 Coldfusion | 2023-12-10 | 7.5 HIGH | N/A |
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. |