macromedia software vulnerabilities
vulnerabilities.aspcode.net
Searching macromedia software vulnerabilities
Macromedia Dreamweaver uses weak encryption to
Dreamweaver
|
encryption
|
Macromedia
|
passwords
|
decrypt
|
easily
|
local
|
allow
|
other
|
users
|
store
|
which
|
could
|
weak
|
uses
|
FTP
|
Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.
Macromedia "The Matrix" screen saver on Windows
protected"
|
Macromedia
|
attackers
|
"Password
|
physical
|
pressing
|
password
|
enabled
|
machine
|
Windows
|
Matrix"
|
screen
|
bypass
|
prompt
|
allows
|
option
|
access
|
saver
|
"The
|
ESC
|
Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key.
Macromedia Shockwave before 6.0 allows a malici
GetNextText
|
Macromedia
|
malicious
|
webmaster
|
Shockwave
|
internal
|
possibly
|
servers
|
command
|
access
|
allows
|
before
|
user's
|
movie
|
mail
|
read
|
box
|
web
|
via
|
Macromedia Shockwave before 6.0 allows a malicious webmaster to read a user's mail box and possibly access internal web servers via the GetNextText command on a Shockwave movie.
Buffer overflow in Olivier Debon Flash plugin (
overflow
|
Olivier
|
plugin
|
Buffer
|
Flash
|
Debon
|
Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag.
Directory traversal vulnerability in Macromedia
vulnerability
|
Macromedia
|
Directory
|
traversal
|
Server
|
JRun
|
Web
|
Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
Standalone Macromedia Flash Player 5.0 allows r
undocumented
|
containing
|
Standalone
|
Macromedia
|
arbitrary
|
FSCommand
|
attackers
|
programs
|
"save"
|
allows
|
Player
|
remote
|
files
|
Flash
|
save
|
file
|
via
|
SWF
|
Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.
Standalone Macromedia Flash Player 5.0 before 5
Macromedia
|
Standalone
|
Player
|
before
|
Flash
|
Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand.
Macromedia Sitespring 1.2.0 (277.1) using Sybas
Sitespring
|
Macromedia
|
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow.
Cross-site scripting vulnerability in the defau
vulnerability
|
Cross-site
|
scripting
|
default
|
HTTP
|
Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter.
Heap-based buffer overflow in the error-handlin
error-handling
|
Macromedia
|
ColdFusion
|
Heap-based
|
attackers
|
arbitrary
|
mechanism
|
overflow
|
request
|
handler
|
execute
|
remote
|
buffer
|
allows
|
ISAPI
|
long
|
HTTP
|
name
|
file
|
cfm
|
IIS
|
via
|
GET
|
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.
Heap-based buffer overflow in the error-handlin
error-handling
|
Macromedia
|
Heap-based
|
arbitrary
|
attackers
|
mechanism
|
overflow
|
request
|
earlier
|
handler
|
execute
|
remote
|
buffer
|
allows
|
ISAPI
|
name
|
long
|
file
|
HTTP
|
JRun
|
IIS
|
jsp
|
GET
|
via
|
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name.
Macromedia JRun 3.0, 3.1, and 4.0 allow remote
Macromedia
|
attackers
|
character
|
encoded
|
Unicode
|
source
|
remote
|
values
|
files
|
allow
|
view
|
JRun
|
code
|
URL
|
via
|
JSP
|
Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.
Unknown "file disclosure" vulnerability in Macr
vulnerability
|
disclosure"
|
Macromedia
|
related
|
jrunini
|
Unknown
|
impact
|
"file
|
file
|
JRun
|
log
|
Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact.
Cross-site scripting (XSS) vulnerability in Mac
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.
The Macromedia installers and e-licensing clien
AuthenticationService
|
e-licensing
|
Dreamweaver
|
privileges
|
Contribute
|
installers
|
Macromedia
|
Fireworks
|
modifying
|
Director
|
writable
|
program
|
install
|
client
|
allows
|
Studio
|
setuid
|
local
|
which
|
Flash
|
other
|
users
|
used
|
gain
|
Mac
|
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program.
The "reset password" feature in Macromedia Bree
Macromedia
|
passwords
|
attackers
|
plaintext
|
password"
|
database
|
instead
|
feature
|
access
|
allows
|
"reset
|
stores
|
Breeze
|
obtain
|
which
|
hash
|
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords.
Adobe (formerly Macromedia) ColdFusion MX 7.0 e
Adobe
|
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
Unspecified vulnerability in Macromedia JRun 4
vulnerability
|
Unspecified
|
Macromedia
|
server
|
JRun
|
web
|
Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL."
Adobe Macromedia MX 2004 products, Captivate, C
Macromedia
|
Adobe
|
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
Flash8b.ocx in Macromedia Flash 8 allows remote
Macromedia
|
Flash8bocx
|
attackers
|
service
|
denial
|
allows
|
remote
|
Flash
|
cause
|
Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.
Software vulnerabilities results 1 to 20 of 53
Page:
1
2
3
►