Page 10 of 116 results (0.005 seconds)

CVSS: 7.5EPSS: 88%CPEs: 8EXPL: 3

Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. • https://www.exploit-db.com/exploits/1331 http://marc.info/?l=bugtraq&m=113140426614670&w=2 http://secunia.com/advisories/17430 http://secunia.com/advisories/17437 http://secunia.com/advisories/17481 http://secunia.com/advisories/17626 http://secunia.com/advisories/17738 http://securityreason.com/securityalert/149 http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html http://www.microsoft.com/technet/security/advisory/910550.mspx http://www.sec-consult.com/22 • CWE-20: Improper Input Validation •

CVSS: 5.1EPSS: 93%CPEs: 8EXPL: 0

Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/17430 http://secunia.com/advisories/17437 http://secunia.com/advisories/17481 http://secunia.com/advisories/17626 http://secunia.com/advisories/17738 http://secunia.com/advisories/20045 http://secunia.com/advisories/20077 http://securitytracker.com/id?1015156 http://www.gentoo.org/security/en/glsa/glsa-200511-21.xml http://www.kb.cert.org/vuls/id/146284 http://www •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords. • http://secunia.com/advisories/17009 http://securitytracker.com/id?1014990 http://www.macromedia.com/go/mpsb05-06 http://www.securityfocus.com/bid/14975 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. Vulnerabilidad de secuencias de comandos en sitios cruzados en ColdFusion Fusebox 4.1.0 permite que atacantes remotos inyecten script web arbitrario o HTML (mediante el parámetro fuseaction). • https://www.exploit-db.com/exploits/26065 http://marc.info/?l=bugtraq&m=112309656102615&w=2 http://secunia.com/advisories/16320 http://www.securityfocus.com/bid/14460 https://exchange.xforce.ibmcloud.com/vulnerabilities/21697 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character. ColdFusion Fusebox 4.1.0 permite que atacantes remotos obtengan información confidencial mediante un parámetro fuseaction inválido. • http://marc.info/?l=bugtraq&m=112309656102615&w=2 •