Filtered by vendor Macromedia Subscriptions
Total 116 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-4216 1 Macromedia 1 Flash Media Server 2026-04-16 N/A
The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.
CVE-2004-2204 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
CVE-2005-3800 1 Macromedia 1 Contribute Publishing Server 2026-04-16 N/A
Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information.
CVE-2002-1881 1 Macromedia 1 Flash Player 2026-04-16 N/A
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers.
CVE-2001-1545 1 Macromedia 1 Jrun 2026-04-16 N/A
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
CVE-2003-0208 1 Macromedia 1 Flash 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.
CVE-2004-0928 2 Hitachi, Macromedia 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more 2026-04-16 N/A
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
CVE-2001-0535 1 Macromedia 1 Coldfusion Server 2026-04-16 N/A
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
CVE-2001-1510 1 Macromedia 1 Jrun 2026-04-16 N/A
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
CVE-2000-0540 1 Macromedia 1 Jrun 2026-04-16 N/A
JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.
CVE-2006-3979 1 Macromedia 1 Coldfusion 2026-04-16 N/A
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.
CVE-2005-4472 1 Macromedia 1 Jrun 2026-04-16 N/A
Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters.
CVE-2004-1477 1 Macromedia 1 Jrun 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session.
CVE-2004-1478 2 Hitachi, Macromedia 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more 2026-04-16 N/A
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
CVE-2001-1514 1 Macromedia 1 Coldfusion 2026-04-16 N/A
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.
CVE-2001-1512 1 Macromedia 1 Jrun 2026-04-16 N/A
Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050.
CVE-2000-1049 1 Macromedia 1 Jrun 2026-04-16 N/A
Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.
CVE-2000-1053 1 Macromedia 1 Jrun 2026-04-16 N/A
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.
CVE-2002-1625 1 Macromedia 1 Flash Player 2026-04-16 N/A
Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed.
CVE-2000-1051 1 Macromedia 1 Jrun 2026-04-16 N/A
Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.