Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.
Max CVSS
5.8
EPSS Score
0.36%
Published
2006-05-15
Updated
2017-07-20
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
Max CVSS
5.5
EPSS Score
0.04%
Published
2004-12-31
Updated
2024-01-25
Macromedia Shockwave before 6.0 allows a malicious webmaster to read a user's mail box and possibly access internal web servers via the GetNextText command on a Shockwave movie.
Max CVSS
5.1
EPSS Score
0.28%
Published
1997-03-14
Updated
2017-12-19
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
Max CVSS
5.1
EPSS Score
93.88%
Published
2005-11-05
Updated
2018-10-19
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.
Max CVSS
5.1
EPSS Score
50.92%
Published
2006-03-15
Updated
2018-10-12
Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia.
Max CVSS
5.0
EPSS Score
0.78%
Published
1999-03-11
Updated
2017-12-19
JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.
Max CVSS
5.0
EPSS Score
0.49%
Published
2000-06-22
Updated
2017-10-10
Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.
Max CVSS
5.0
EPSS Score
0.99%
Published
2000-12-11
Updated
2017-10-10
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").
Max CVSS
5.0
EPSS Score
1.49%
Published
2000-12-11
Updated
2017-10-10
Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.
Max CVSS
5.0
EPSS Score
0.36%
Published
2000-12-11
Updated
2017-10-10
Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.
Max CVSS
5.0
EPSS Score
0.70%
Published
2000-12-11
Updated
2016-10-18
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."
Max CVSS
5.0
EPSS Score
0.24%
Published
2001-05-03
Updated
2017-10-10
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement.
Max CVSS
5.0
EPSS Score
0.36%
Published
2001-11-28
Updated
2017-12-19
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
Max CVSS
5.0
EPSS Score
0.67%
Published
2001-12-31
Updated
2008-09-05
JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570".
Max CVSS
5.0
EPSS Score
0.26%
Published
2001-12-31
Updated
2008-09-05
Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
Max CVSS
5.0
EPSS Score
0.22%
Published
2001-12-31
Updated
2008-09-05
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
Max CVSS
5.0
EPSS Score
0.22%
Published
2001-12-31
Updated
2008-09-05
Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.
Max CVSS
5.0
EPSS Score
0.34%
Published
2002-08-12
Updated
2008-09-05
The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
Max CVSS
5.0
EPSS Score
0.67%
Published
2002-10-04
Updated
2008-09-05
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
Max CVSS
5.0
EPSS Score
0.67%
Published
2002-10-04
Updated
2008-09-05
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow.
Max CVSS
5.0
EPSS Score
1.17%
Published
2002-10-04
Updated
2008-09-05
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
Max CVSS
5.0
EPSS Score
0.30%
Published
2003-04-22
Updated
2008-09-05
Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share.
Max CVSS
5.0
EPSS Score
0.48%
Published
2003-03-31
Updated
2008-09-05
Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed.
Max CVSS
5.0
EPSS Score
1.49%
Published
2002-12-31
Updated
2017-07-11
Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
Max CVSS
5.0
EPSS Score
0.21%
Published
2002-12-31
Updated
2008-09-05
40 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!