| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). |
| Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. |
| Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand. |
| Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header. |
| Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact. |
| Macromedia Shockwave before 6.0 allows a malicious webmaster to read a user's mail box and possibly access internal web servers via the GetNextText command on a Shockwave movie. |
| Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. |
| Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. |
| Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session. |
| Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. |
| JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. |
| Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL. |
| Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. |
| Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed. |
| Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. |
| ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." |
| Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration. |
| Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. |
| Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. |
| The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords. |
