Filtered by vendor Adobe
Subscribe
Total
5345 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1874 | 1 Adobe | 1 Coldfusion | 2023-12-10 | 7.2 HIGH | N/A |
| Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/. | |||||
| CVE-2008-0667 | 1 Adobe | 1 Acrobat Reader | 2023-12-10 | 4.3 MEDIUM | N/A |
| The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655. | |||||
| CVE-2006-6483 | 1 Adobe | 1 Coldfusion | 2023-12-10 | 2.6 LOW | N/A |
| Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag. | |||||
| CVE-2008-0642 | 1 Adobe | 1 Robohelp | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280. | |||||
| CVE-2007-0044 | 1 Adobe | 3 Acrobat, Acrobat 3d, Acrobat Reader | 2023-12-10 | 4.3 MEDIUM | N/A |
| Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." | |||||
| CVE-2007-6148 | 1 Adobe | 2 Connect Enterprise Server, Flash Media Server 2 | 2023-12-10 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspecified sequence of Real Time Message Protocol (RTMP) requests. | |||||
| CVE-2006-3978 | 1 Adobe | 1 Coldfusion | 2023-12-10 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2007-1279 | 2 Adobe, Apple | 2 Bridge, Mac Os X | 2023-12-10 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges. | |||||
| CVE-2006-5856 | 1 Adobe | 1 Download Manager | 2023-12-10 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file. | |||||
| CVE-2008-0726 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2023-12-10 | 9.3 HIGH | N/A |
| Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. | |||||
| CVE-2007-5905 | 1 Adobe | 1 Coldfusion | 2023-12-10 | 6.8 MEDIUM | N/A |
| Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | |||||
| CVE-2006-4724 | 1 Adobe | 1 Coldfusion | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. | |||||
| CVE-2007-3457 | 1 Adobe | 1 Flash Player | 2023-12-10 | 4.3 MEDIUM | N/A |
| Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. | |||||
| CVE-2006-1628 | 1 Adobe | 1 Livecycle Form Manager | 2023-12-10 | 4.6 MEDIUM | N/A |
| Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system. | |||||
| CVE-2006-3452 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2023-12-10 | 4.6 MEDIUM | N/A |
| Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files. | |||||
| CVE-2006-1787 | 1 Adobe | 1 Document Server | 2023-12-10 | 2.6 LOW | N/A |
| Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session. | |||||
| CVE-2005-1625 | 1 Adobe | 1 Acrobat Reader | 2023-12-10 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag. | |||||
| CVE-2005-3525 | 1 Adobe | 1 Shockwave Player | 2023-12-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. | |||||
| CVE-2004-1152 | 1 Adobe | 1 Acrobat Reader | 2023-12-10 | 10.0 HIGH | N/A |
| Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment. | |||||
| CVE-2005-1841 | 1 Adobe | 1 Acrobat Reader | 2023-12-10 | 2.1 LOW | N/A |
| The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it. | |||||