Filtered by vendor Adobe
Subscribe
Total
5743 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4071 | 2 Adobe, Microsoft | 3 Acrobat, Internet Explorer, Windows Vista | 2024-11-21 | 5.0 MEDIUM | N/A |
A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. | |||||
CVE-2008-3961 | 1 Adobe | 1 Illustrator | 2024-11-21 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file. | |||||
CVE-2008-3873 | 1 Adobe | 1 Flash Player | 2024-11-21 | 4.3 MEDIUM | N/A |
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008. | |||||
CVE-2008-3872 | 1 Adobe | 1 Flash Player | 2024-11-21 | 9.3 HIGH | N/A |
Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations. | |||||
CVE-2008-3516 | 1 Adobe | 1 Presenter | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515. | |||||
CVE-2008-3515 | 1 Adobe | 1 Presenter | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516. | |||||
CVE-2008-2992 | 2 Adobe, Oracle | 3 Acrobat, Acrobat Reader, Solaris | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. | |||||
CVE-2008-2991 | 1 Adobe | 1 Robohelp Server | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log. | |||||
CVE-2008-2641 | 1 Adobe | 2 Acrobat 3d, Acrobat Reader | 2024-11-21 | 10.0 HIGH | N/A |
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method." | |||||
CVE-2008-2640 | 1 Adobe | 2 Flex, Flex Builder | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation. | |||||
CVE-2008-2549 | 1 Adobe | 1 Acrobat Reader | 2024-11-21 | 4.3 MEDIUM | N/A |
Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf. | |||||
CVE-2008-2042 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-11-21 | 9.3 HIGH | N/A |
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. | |||||
CVE-2008-1765 | 1 Adobe | 1 Photoshop | 2024-11-21 | 9.3 HIGH | N/A |
Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header. NOTE: the related issue in Photoshop CS3 is already covered by CVE-2007-2244. | |||||
CVE-2008-1656 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.5 HIGH | N/A |
Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725. | |||||
CVE-2008-1655 | 1 Adobe | 3 Air, Flash Player, Flex | 2024-11-21 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. | |||||
CVE-2008-1654 | 1 Adobe | 1 Flash Player | 2024-11-21 | 4.3 MEDIUM | N/A |
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. | |||||
CVE-2008-1203 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.5 HIGH | N/A |
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. | |||||
CVE-2008-1202 | 1 Adobe | 1 Livecycle Workflow | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2008-1201 | 1 Adobe | 1 Flash | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file. | |||||
CVE-2008-0883 | 2 Adobe, Suse | 4 Acrobat Reader, Open Suse, Suse Linux and 1 more | 2024-11-21 | 3.7 LOW | N/A |
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. |