Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
macromedia vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-2505
Macromedia ColdFusion MX prior to 6.1 does not restrict the size of error messages, which allows remote malicious users to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
Macromedia Coldfusion 5.0
Macromedia Coldfusion 6.0
1 EDB exploit
NA
CVE-2004-2182
Session fixation vulnerability in Macromedia JRun 4.0 allows remote malicious users to hijack user sessions by pre-setting the user session ID information used by the session server.
Macromedia Jrun 4.0
Macromedia Jrun 4.0 Build 61650
NA
CVE-2005-4472
Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters.
Macromedia Jrun 4.0
Macromedia Jrun 4.0 Build 61650
NA
CVE-2001-1084
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
Macromedia Jrun 3.0
Macromedia Jrun 2.3.3
NA
CVE-2002-0801
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote malicious users to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.
Macromedia Jrun 3.0
Macromedia Jrun 3.1
NA
CVE-2004-2204
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
Macromedia Coldfusion 6.0
Macromedia Coldfusion 6.1
NA
CVE-2001-1511
JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote malicious users to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570".
Macromedia Jrun 3.0
Macromedia Jrun 3.1
NA
CVE-2001-1513
Macromedia JRun 3.0 and 3.1 allows remote malicious users to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx.
Macromedia Jrun 3.0
Macromedia Jrun 3.1
NA
CVE-2001-1514
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function an...
Macromedia Coldfusion 5.0
Macromedia Coldfusion 4.5
NA
CVE-2001-1545
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote malicious users to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
Macromedia Jrun 3.0
Macromedia Jrun 3.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »