Vulnerabilities > Adobe
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-10-13 | CVE-2009-3459 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat, Acrobat Reader and Reader Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. | 9.3 |
| 2009-09-30 | CVE-2009-3489 | Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Photoshop Elements 8.0 Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. | 7.8 |
| 2009-09-25 | CVE-2009-3431 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. | 5.0 |
| 2009-09-18 | CVE-2009-3244 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value. | 9.3 |
| 2009-09-04 | CVE-2009-3068 | Permissions, Privileges, and Access Controls vulnerability in Adobe Robohelp Server 8 Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11. | 9.3 |
| 2009-08-21 | CVE-2009-1879 | Cross-Site Scripting vulnerability in Adobe Flex SDK 1.5/3.3 Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string. | 2.6 |
| 2009-08-18 | CVE-2009-1878 | Improper Authentication vulnerability in Adobe Coldfusion Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | 5.8 |
| 2009-08-18 | CVE-2009-1877 | Cross-Site Scripting vulnerability in Adobe Coldfusion Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875. | 4.3 |
| 2009-08-18 | CVE-2009-1876 | Unspecified vulnerability in Adobe Coldfusion Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability." | 5.0 |
| 2009-08-18 | CVE-2009-1875 | Cross-Site Scripting vulnerability in Adobe Coldfusion Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877. | 4.3 |