Vulnerabilities > Macromedia > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2204 | Unspecified vulnerability in Macromedia Coldfusion 6.0/6.1 Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. | 7.2 |
| 2004-12-31 | CVE-2004-2182 | Improper Authentication vulnerability in Macromedia Jrun 4.0/4.0Build61650 Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | 7.5 |
| 2004-12-31 | CVE-2004-1478 | Remote vulnerability in Macromedia JRun JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. | 7.5 |
| 2002-12-23 | CVE-2002-1382 | SWF Buffer Overflow vulnerability in Macromedia Flash Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846. | 7.5 |
| 2002-11-29 | CVE-2002-1310 | Buffer Overrun vulnerability in Macromedia JRun IIS ISAPI Filter GET Request Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name. | 7.5 |
| 2002-11-29 | CVE-2002-1309 | Remote Security vulnerability in Macromedia Coldfusion 6.0 Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name. | 7.5 |
| 2002-10-04 | CVE-2002-1027 | Cross-Site Scripting vulnerability in Macromedia Sitespring 1.2.0 Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. | 7.5 |
| 2002-08-12 | CVE-2002-0846 | Buffer Overflow vulnerability in Macromedia Flash Malformed Header The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. | 7.5 |
| 2002-08-12 | CVE-2002-0477 | Unspecified vulnerability in Macromedia Flash Player 5.0 Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand. | 7.5 |
| 2002-06-18 | CVE-2002-0605 | Buffer Overflow vulnerability in Macromedia Flash Player 6.0 Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter. | 7.5 |