Filtered by vendor Macromedia Subscriptions
Total 116 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-1881 1 Macromedia 1 Flash Player 2026-04-16 N/A
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers.
CVE-2001-1427 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
CVE-2001-1545 1 Macromedia 1 Jrun 2026-04-16 N/A
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
CVE-2002-1992 1 Macromedia 2 Coldfusion, Coldfusion Professional 2026-04-16 N/A
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
CVE-2004-2182 1 Macromedia 1 Jrun 2026-04-16 N/A
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
CVE-2004-2335 1 Macromedia 2 Contribute, Studio 2026-04-16 N/A
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program.
CVE-1999-1525 1 Macromedia 1 Shockwave Flash Plugin 2026-04-16 N/A
Macromedia Shockwave before 6.0 allows a malicious webmaster to read a user's mail box and possibly access internal web servers via the GetNextText command on a Shockwave movie.
CVE-1999-1526 1 Macromedia 1 Shockwave Flash Plugin 2026-04-16 N/A
Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia.
CVE-2000-1051 1 Macromedia 1 Jrun 2026-04-16 N/A
Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.
CVE-2000-1052 1 Macromedia 1 Jrun 2026-04-16 N/A
Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.
CVE-2003-1469 2 Macromedia, Microsoft 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more 2026-04-16 N/A
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
CVE-2001-0179 1 Macromedia 1 Jrun 2026-04-16 N/A
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."
CVE-2001-0926 1 Macromedia 1 Jrun 2026-04-16 N/A
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement.
CVE-2002-1467 2 Macromedia, Redhat 4 Flash Player, Shockwave, Enterprise Linux and 1 more 2026-04-16 N/A
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
CVE-2002-0605 1 Macromedia 1 Flash Player 2026-04-16 N/A
Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter.
CVE-2002-0801 1 Macromedia 1 Jrun 2026-04-16 N/A
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.
CVE-2002-0846 2 Macromedia, Redhat 3 Shockwave Flash, Enterprise Linux, Linux 2026-04-16 N/A
The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.
CVE-1999-1271 1 Macromedia 1 Dreamweaver 2026-04-16 N/A
Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.
CVE-2002-1310 1 Macromedia 1 Jrun 2026-04-16 N/A
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name.
CVE-2002-1382 1 Macromedia 1 Flash Player 2026-04-16 N/A
Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846.