Vulnerabilities > Macromedia > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-10 | CVE-2007-1403 | ActiveX Control Remote Denial of Service vulnerability in Macromedia Shockwave 10.1.4.20 Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885. | 7.5 |
| 2006-08-09 | CVE-2006-3979 | Authentication Bypass vulnerability in Macromedia Coldfusion 7.0/7.02 The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. | 7.2 |
| 2005-12-22 | CVE-2005-4472 | Multiple vulnerability in Macromedia JRun Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters. | 7.5 |
| 2005-12-19 | CVE-2005-4345 | Multiple vulnerability in Macromedia Coldfusion 7.0 Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. | 7.2 |
| 2005-12-19 | CVE-2005-4342 | Multiple vulnerability in Macromedia Coldfusion 6.0/6.1/7.0 ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." | 7.5 |
| 2005-12-14 | CVE-2005-4216 | Remote Denial of Service vulnerability in Macromedia Flash Media Server 2.0/2.0R1145 The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111. | 7.8 |
| 2005-11-29 | CVE-2005-3901 | Unspecified vulnerability in Macromedia Flash Communication Server 1.0/1.5 Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | 7.8 |
| 2005-11-29 | CVE-2005-3900 | Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | 7.8 |
| 2005-11-16 | CVE-2005-3591 | Improper Input Validation vulnerability in Macromedia Flash Player Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. | 7.5 |
| 2004-12-31 | CVE-2004-2335 | Local Privilege Escalation vulnerability in Macromedia Contribute and Studio The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program. | 7.2 |