Filtered by vendor Adobe
Subscribe
Total
5493 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0642 | 1 Adobe | 1 Robohelp | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280. | |||||
| CVE-2008-1202 | 1 Adobe | 1 Livecycle Workflow | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2007-4324 | 1 Adobe | 1 Flash Player | 2024-02-04 | 5.0 MEDIUM | N/A |
| ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. | |||||
| CVE-2007-3457 | 1 Adobe | 1 Flash Player | 2024-02-04 | 4.3 MEDIUM | N/A |
| Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. | |||||
| CVE-2007-5663 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-04 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655. | |||||
| CVE-2007-4651 | 1 Adobe | 1 Connect Enterprise Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors. | |||||
| CVE-2008-0667 | 1 Adobe | 1 Acrobat Reader | 2024-02-04 | 4.3 MEDIUM | N/A |
| The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655. | |||||
| CVE-2007-3640 | 1 Adobe | 1 Adobe Air | 2024-02-04 | 4.3 MEDIUM | N/A |
| Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. NOTE: this may be an intended consequence of the AIR permission model; if so, then perhaps this issue should not be included in CVE. | |||||
| CVE-2007-2682 | 2 Adobe, Apple | 2 Creative Suite, Mac Os X | 2024-02-04 | 7.5 HIGH | N/A |
| The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules. | |||||
| CVE-2007-5020 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-04 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher. | |||||
| CVE-2007-5905 | 1 Adobe | 1 Coldfusion | 2024-02-04 | 6.8 MEDIUM | N/A |
| Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | |||||
| CVE-2007-6637 | 1 Adobe | 1 Flash Player | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. | |||||
| CVE-2007-2244 | 1 Adobe | 3 Golive, Illustrator, Photoshop | 2024-02-04 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file. | |||||
| CVE-2007-5666 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-04 | 6.2 MEDIUM | N/A |
| Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655. | |||||
| CVE-2007-6149 | 1 Adobe | 2 Connect Enterprise Server, Flash Media Server 2 | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for allocation. | |||||
| CVE-2008-1203 | 1 Adobe | 1 Coldfusion | 2024-02-04 | 7.5 HIGH | N/A |
| The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. | |||||
| CVE-2007-6245 | 1 Adobe | 1 Flash Player | 2024-02-04 | 5.8 MEDIUM | N/A |
| Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. | |||||
| CVE-2007-6246 | 2 Adobe, Linux | 2 Flash Player, Linux Kernel | 2024-02-04 | 4.4 MEDIUM | N/A |
| Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. | |||||
| CVE-2007-5275 | 1 Adobe | 1 Shockwave Player | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. | |||||
| CVE-2007-6243 | 1 Adobe | 1 Flash Player | 2024-02-04 | 9.3 HIGH | N/A |
| Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. | |||||