An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.
Max CVSS
4.3
EPSS Score
15.03%
Published
2006-12-31
Updated
2017-10-19
Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.
Max CVSS
5.0
EPSS Score
3.15%
Published
2006-12-31
Updated
2017-10-19
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.
Max CVSS
5.8
EPSS Score
0.36%
Published
2006-05-15
Updated
2017-07-20
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.
Max CVSS
5.1
EPSS Score
50.92%
Published
2006-03-15
Updated
2018-10-12
Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL."
Max CVSS
5.0
EPSS Score
0.52%
Published
2005-12-22
Updated
2011-03-08
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-12-19
Updated
2011-03-08
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".
Max CVSS
5.0
EPSS Score
3.52%
Published
2005-12-19
Updated
2011-03-08
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords.
Max CVSS
2.1
EPSS Score
0.06%
Published
2005-09-30
Updated
2008-09-05
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
Max CVSS
5.1
EPSS Score
93.88%
Published
2005-11-05
Updated
2018-10-19
ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.
Max CVSS
5.0
EPSS Score
0.44%
Published
2005-08-05
Updated
2016-10-18
Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.
Max CVSS
4.3
EPSS Score
0.27%
Published
2005-08-05
Updated
2017-07-11
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
Max CVSS
3.7
EPSS Score
0.05%
Published
2005-07-19
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-05-10
Updated
2017-07-11
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information.
Max CVSS
5.0
EPSS Score
0.32%
Published
2005-05-02
Updated
2016-10-18
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
Max CVSS
5.0
EPSS Score
2.26%
Published
2004-12-31
Updated
2017-07-11
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
Max CVSS
5.5
EPSS Score
0.04%
Published
2004-12-31
Updated
2024-01-25
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.
Max CVSS
5.0
EPSS Score
1.71%
Published
2004-12-31
Updated
2017-07-11
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
Max CVSS
5.0
EPSS Score
30.66%
Published
2004-03-15
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session.
Max CVSS
4.3
EPSS Score
0.44%
Published
2004-12-31
Updated
2017-07-11
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
Max CVSS
5.0
EPSS Score
13.89%
Published
2004-10-05
Updated
2017-07-11
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish.
Max CVSS
2.6
EPSS Score
1.27%
Published
2004-06-01
Updated
2017-07-11
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
Max CVSS
5.0
EPSS Score
2.07%
Published
2003-12-31
Updated
2017-07-29
Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.
Max CVSS
5.0
EPSS Score
0.77%
Published
2004-01-05
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.
Max CVSS
4.3
EPSS Score
0.19%
Published
2003-05-05
Updated
2016-10-18
Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact.
Max CVSS
5.0
EPSS Score
0.14%
Published
2002-12-31
Updated
2008-09-05
52 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!