Vulnerabilities > Adobe
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-31 | CVE-2006-5857 | Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. | 9.3 |
| 2006-12-12 | CVE-2006-6483 | Cross-Site Scripting vulnerability in ColdFusion MX Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag. | 2.6 |
| 2006-12-12 | CVE-2006-6482 | Input Validation vulnerability in Adobe Coldfusion 7.0 Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag. | 5.0 |
| 2006-12-06 | CVE-2006-5856 | Buffer Overflow vulnerability in Adobe Download Manager AOM Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file. network adobe | 6.8 |
| 2006-12-03 | CVE-2006-6236 | Remote Code Execution vulnerability in Adobe Reader and Acrobat AcroPDF.dll ActiveX Control Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027. | 9.3 |
| 2006-11-21 | CVE-2006-6027 | Multiple vulnerability in Adobe Acrobat Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control. | 9.3 |
| 2006-10-17 | CVE-2006-5330 | Cross-Site Scripting vulnerability in Adobe Flash Player CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. | 5.0 |
| 2006-10-10 | CVE-2006-5200 | Directory Traversal vulnerability in Adobe Breeze Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze 5.1 Licensed Server allows attackers to read arbitrary files via unknown vectors related to "URL parsing." | 5.0 |
| 2006-10-10 | CVE-2006-5199 | Local Information Disclosure vulnerability in Adobe Contribute Publishing Server Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server. | 2.1 |
| 2006-10-10 | CVE-2006-3978 | Local Privilege Escalation vulnerability in Adobe Coldfusion 7.0/7.0.1/7.0.2 Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | 4.6 |