Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885.
Max CVSS
7.5
EPSS Score
92.93%
Published
2007-03-10
Updated
2017-10-11
An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.
Max CVSS
4.3
EPSS Score
15.03%
Published
2006-12-31
Updated
2017-10-19
Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.
Max CVSS
5.0
EPSS Score
3.15%
Published
2006-12-31
Updated
2017-10-19
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.
Max CVSS
7.2
EPSS Score
0.19%
Published
2006-08-09
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.
Max CVSS
5.8
EPSS Score
0.36%
Published
2006-05-15
Updated
2017-07-20
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.
Max CVSS
5.1
EPSS Score
50.92%
Published
2006-03-15
Updated
2018-10-12
Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL."
Max CVSS
5.0
EPSS Score
0.52%
Published
2005-12-22
Updated
2011-03-08
Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters.
Max CVSS
7.5
EPSS Score
9.86%
Published
2005-12-22
Updated
2011-03-08
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
Max CVSS
7.2
EPSS Score
0.07%
Published
2005-12-19
Updated
2011-03-08
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".
Max CVSS
5.0
EPSS Score
3.52%
Published
2005-12-19
Updated
2011-03-08
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."
Max CVSS
7.5
EPSS Score
5.60%
Published
2005-12-19
Updated
2011-03-08
The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.
Max CVSS
7.8
EPSS Score
39.78%
Published
2005-12-14
Updated
2017-07-20
Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133).
Max CVSS
7.8
EPSS Score
0.48%
Published
2005-11-29
Updated
2008-09-05
Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628.
Max CVSS
7.5
EPSS Score
92.92%
Published
2005-11-16
Updated
2017-07-11
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
Max CVSS
5.1
EPSS Score
93.88%
Published
2005-11-05
Updated
2018-10-19
ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.
Max CVSS
5.0
EPSS Score
0.44%
Published
2005-08-05
Updated
2016-10-18
Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.
Max CVSS
4.3
EPSS Score
0.27%
Published
2005-08-05
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-05-10
Updated
2017-07-11
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information.
Max CVSS
5.0
EPSS Score
0.32%
Published
2005-05-02
Updated
2016-10-18
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
Max CVSS
5.0
EPSS Score
2.26%
Published
2004-12-31
Updated
2017-07-11
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-07-11
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
Max CVSS
5.5
EPSS Score
0.04%
Published
2004-12-31
Updated
2024-01-25
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.
Max CVSS
5.0
EPSS Score
1.71%
Published
2004-12-31
Updated
2017-07-11
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
Max CVSS
7.2
EPSS Score
0.06%
Published
2004-12-31
Updated
2017-07-11
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
Max CVSS
7.5
EPSS Score
0.34%
Published
2004-12-31
Updated
2008-09-05
73 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!