Filtered by vendor Adobe
Subscribe
Total
5713 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-4726 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page. | |||||
CVE-2008-1202 | 1 Adobe | 1 Livecycle Workflow | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2007-6246 | 2 Adobe, Linux | 2 Flash Player, Linux Kernel | 2024-02-28 | 4.4 MEDIUM | N/A |
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. | |||||
CVE-2007-4324 | 1 Adobe | 1 Flash Player | 2024-02-28 | 5.0 MEDIUM | N/A |
ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. | |||||
CVE-2007-0047 | 1 Adobe | 1 Acrobat Reader | 2024-02-28 | 6.8 MEDIUM | N/A |
CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | |||||
CVE-2007-0046 | 1 Adobe | 1 Acrobat Reader | 2024-02-28 | 7.5 HIGH | N/A |
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | |||||
CVE-2007-5905 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 6.8 MEDIUM | N/A |
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | |||||
CVE-2007-6243 | 1 Adobe | 1 Flash Player | 2024-02-28 | 9.3 HIGH | N/A |
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. | |||||
CVE-2008-0667 | 1 Adobe | 1 Acrobat Reader | 2024-02-28 | 4.3 MEDIUM | N/A |
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655. | |||||
CVE-2006-5860 | 1 Adobe | 2 Coldfusion, Jrun | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2006-4725 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 4.6 MEDIUM | N/A |
Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox. | |||||
CVE-2007-1279 | 2 Adobe, Apple | 2 Bridge, Mac Os X | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges. | |||||
CVE-2007-6244 | 1 Adobe | 1 Flash Player | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. | |||||
CVE-2008-0642 | 1 Adobe | 1 Robohelp | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280. | |||||
CVE-2008-0643 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-0644 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 5.0 MEDIUM | N/A |
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. | |||||
CVE-2006-3978 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | |||||
CVE-2007-6148 | 1 Adobe | 2 Connect Enterprise Server, Flash Media Server 2 | 2024-02-28 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspecified sequence of Real Time Message Protocol (RTMP) requests. | |||||
CVE-2006-1787 | 1 Adobe | 1 Document Server | 2024-02-28 | 2.6 LOW | N/A |
Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session. | |||||
CVE-2006-3311 | 1 Adobe | 2 Flash Player, Flex Sdk | 2024-02-28 | 5.1 MEDIUM | N/A |
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. |