Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
macromedia vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2006-2364
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which i...
Macromedia Coldfusion 5.0
2.1
CVSSv2
CVE-2004-2331
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
Macromedia Coldfusion 6.1
2.1
CVSSv2
CVE-2005-3112
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords.
Macromedia Breeze 5
5
CVSSv2
CVE-2005-1022
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote malicious users to obtain sensitive information.
Macromedia Coldfusion 6.1
2.1
CVSSv2
CVE-2005-4344
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.
Macromedia Coldfusion 7.0
6.4
CVSSv2
CVE-2001-1512
Unknown vulnerability in Allaire JRun 3.1 allows remote malicious users to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050.
Macromedia Jrun 3.1
2.1
CVSSv2
CVE-1999-1271
Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.
Macromedia Dreamweaver Initial
5
CVSSv2
CVE-2000-1050
Allaire JRun 3.0 http servlet server allows remote malicious users to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").
Macromedia Jrun 3.0
1 EDB exploit
2.6
CVSSv2
CVE-2004-0407
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote malicious users to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish.
Macromedia Coldfusion 6.1
6.4
CVSSv2
CVE-2000-0539
Servlet examples in Allaire JRun 2.3.x allow remote malicious users to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.
Macromedia Jrun 2.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »