CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 1CVE-2002-1700 – ColdFusion MX - Missing Template Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1700
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. • https://www.exploit-db.com/exploits/21548 http://online.securityfocus.com/archive/1/277487 http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047 http://www.securityfocus.com/bid/5011 https://exchange.xforce.ibmcloud.com/vulnerabilities/9360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2002-1625
https://notcve.org/view.php?id=CVE-2002-1625
Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed. • http://www.kb.cert.org/vuls/id/128491 http://www.macromedia.com/v1/handlers/index.cfm?ID=22796&Method=Full&Title=Macromedia%20Flash%20Player%206%20Streaming%20Issue&Cache=False http://www.securityfocus.com/bid/4567 https://exchange.xforce.ibmcloud.com/vulnerabilities/8925 •
CVSS: 5.0EPSS: 6%CPEs: 3EXPL: 0CVE-2002-1855
https://notcve.org/view.php?id=CVE-2002-1855
Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). • http://online.securityfocus.com/archive/1/279582 http://www.iss.net/security_center/static/9446.php http://www.macromedia.com/v1/handlers/index.cfm?ID=23164 http://www.securityfocus.com/bid/5119 http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt •
CVSS: 5.0EPSS: 1%CPEs: 7EXPL: 2CVE-2002-1881
https://notcve.org/view.php?id=CVE-2002-1881
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers. • http://archives.neohapsis.com/archives/bugtraq/2002-08/0088.html http://www.iss.net/security_center/static/9843.php http://www.securityfocus.com/bid/5445 •
CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 0CVE-2002-1382
https://notcve.org/view.php?id=CVE-2002-1382
Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846. Macromedia Flash Player anteriores a 6.0.65.0 permite a atacantes remotos ejecutar código arbitrario mediante ciertas cabeceras de datos malformadas en ficheros en formato Shockwave Flash (.SWF), un problema distinto a CAN-2002-0846. • http://marc.info/?l=bugtraq&m=104014220727109&w=2 http://marc.info/?l=vulnwatch&m=104013370116670 http://www.macromedia.com/v1/handlers/index.cfm?ID=23569 http://www.securityfocus.com/bid/6383 https://exchange.xforce.ibmcloud.com/vulnerabilities/10861 •