Vulnerabilities > Macromedia > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1700 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. | 4.3 |
| 2002-12-31 | CVE-2002-1625 | Unspecified vulnerability in Macromedia Flash Player 6.0 Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed. | 5.0 |
| 2002-10-04 | CVE-2002-1026 | Denial Of Service vulnerability in Macromedia Sitespring 1.2.0 Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. | 5.0 |
| 2002-10-04 | CVE-2002-1025 | Unspecified vulnerability in Macromedia Jrun 3.0/3.1/4.0 JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed. | 5.0 |
| 2002-10-04 | CVE-2002-0937 | Denial Of Service vulnerability in Macromedia Jrun 3.0/3.1/4.0 The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | 5.0 |
| 2002-08-12 | CVE-2002-0476 | Unspecified vulnerability in Macromedia Flash Player 5.0 Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand. | 5.0 |
| 2001-12-31 | CVE-2001-1545 | Unspecified vulnerability in Macromedia Jrun 3.0/3.1 Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. | 5.0 |
| 2001-12-31 | CVE-2001-1544 | Directory Traversal vulnerability in Macromedia Jrun 2.3.3/3.0/3.1 Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2001-12-31 | CVE-2001-1512 | Unspecified vulnerability in Macromedia Jrun 3.1 Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050. | 6.4 |
| 2001-12-31 | CVE-2001-1511 | Remote Security vulnerability in Jrun 3.0/3.1 JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". | 5.0 |