Vulnerabilities > Macromedia
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-10-30 | CVE-2001-0535 | Unspecified vulnerability in Macromedia Coldfusion Server 4.X Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. | 7.5 |
| 2001-07-11 | CVE-2001-1427 | Unspecified vulnerability in Macromedia Coldfusion Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. | 7.5 |
| 2001-07-02 | CVE-2001-1084 | Cross-Site Scripting vulnerability in Macromedia Jrun 2.3.3/3.0 Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. | 7.5 |
| 2001-05-03 | CVE-2001-0179 | Unspecified vulnerability in Macromedia Jrun 3.0 Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." | 5.0 |
| 2001-03-26 | CVE-2001-0166 | Unspecified vulnerability in Macromedia Shockwave Flash Plugin 6.0/7.0/8.0 Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file. | 7.6 |
| 2000-12-11 | CVE-2000-1053 | Unspecified vulnerability in Macromedia Jrun 2.3.X Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. | 10.0 |
| 2000-12-11 | CVE-2000-1052 | Unspecified vulnerability in Macromedia Jrun 2.3.X Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet. | 5.0 |
| 2000-12-11 | CVE-2000-1051 | Unspecified vulnerability in Macromedia Jrun 2.3.X Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet. | 5.0 |
| 2000-12-11 | CVE-2000-1050 | Unspecified vulnerability in Macromedia Jrun 3.0 Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash"). | 5.0 |
| 2000-12-11 | CVE-2000-1049 | Unspecified vulnerability in Macromedia Jrun 3.0 Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters. | 5.0 |