Search Results (116 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1025 1 Macromedia 1 Jrun 2026-04-16 N/A
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
CVE-2002-1026 1 Macromedia 1 Sitespring 2026-04-16 N/A
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow.
CVE-2002-1027 1 Macromedia 1 Sitespring 2026-04-16 N/A
Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter.
CVE-2002-1467 2 Macromedia, Redhat 4 Flash Player, Shockwave, Enterprise Linux and 1 more 2026-04-16 N/A
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
CVE-2002-1992 1 Macromedia 2 Coldfusion, Coldfusion Professional 2026-04-16 N/A
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
CVE-2003-0208 1 Macromedia 1 Flash 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.
CVE-2003-1017 1 Macromedia 2 Director, Flash Player 2026-04-16 N/A
Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.
CVE-2004-0407 1 Macromedia 1 Coldfusion 2026-04-16 N/A
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish.
CVE-2004-0646 1 Macromedia 2 Coldfusion, Jrun 2026-04-16 N/A
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
CVE-2004-1815 2 Macromedia, Sun 3 Coldfusion, Jrun, One Application Server 2026-04-16 N/A
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
CVE-2004-1816 2 Macromedia, Sun 3 Coldfusion, Jrun, One Application Server 2026-04-16 N/A
Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
CVE-2001-1544 1 Macromedia 1 Jrun 2026-04-16 N/A
Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
CVE-2004-2182 1 Macromedia 1 Jrun 2026-04-16 N/A
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
CVE-2005-1022 1 Macromedia 1 Coldfusion 2026-04-16 N/A
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information.
CVE-2005-1555 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.
CVE-2002-0476 1 Macromedia 1 Flash Player 2026-04-16 N/A
Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.
CVE-2002-0477 1 Macromedia 1 Flash Player 2026-04-16 N/A
Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand.
CVE-2000-0539 1 Macromedia 1 Jrun 2026-04-16 N/A
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.
CVE-2002-0605 1 Macromedia 1 Flash Player 2026-04-16 N/A
Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter.
CVE-2000-1052 1 Macromedia 1 Jrun 2026-04-16 N/A
Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.