Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
macromedia vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2000-1049
Allaire JRun 3.0 http servlet server allows remote malicious users to cause a denial of service via a URL that contains a long string of "." characters.
Macromedia Jrun 3.0
7.5
CVSSv2
CVE-2002-1027
Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote malicious users to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter.
Macromedia Sitespring 1.2.0
1 EDB exploit
2.6
CVSSv2
CVE-2004-0407
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote malicious users to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish.
Macromedia Coldfusion 6.1
4.3
CVSSv2
CVE-2005-1555
Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote malicious users to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.
Macromedia Coldfusion 7.0
5
CVSSv2
CVE-2001-0179
Allaire JRun 3.0 allows remote malicious users to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."
Macromedia Jrun 3.0
6.4
CVSSv2
CVE-2000-0539
Servlet examples in Allaire JRun 2.3.x allow remote malicious users to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.
Macromedia Jrun 2.3
5
CVSSv2
CVE-2000-0540
JSP sample files in Allaire JRun 2.3.x allow remote malicious users to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.
Macromedia Jrun 2.3
7.2
CVSSv2
CVE-2005-4345
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
Macromedia Coldfusion 7.0
7.5
CVSSv2
CVE-2002-0846
The decoder for Macromedia Shockwave Flash allows remote malicious users to execute arbitrary code via a malformed SWF header that contains more data than the specified length.
Macromedia Shockwave Flash
5
CVSSv2
CVE-2002-1026
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote malicious users to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow.
Macromedia Sitespring 1.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »