Vulnerabilities > Adobe

DATE CVE VULNERABILITY TITLE RISK
2008-02-11 CVE-2008-0667 Resource Management Errors vulnerability in Adobe Acrobat Reader
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document.
network
adobe CWE-399
4.3
2008-02-07 CVE-2008-0655 Unspecified vulnerability in Adobe Acrobat
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
network
low complexity
adobe
critical
9.8
2008-01-04 CVE-2007-6637 Cross-Site Scripting vulnerability in Adobe Flash Player
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect.
network
adobe CWE-79
4.3
2007-12-20 CVE-2007-6246 Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
4.4
2007-12-20 CVE-2007-6245 Buffer Errors vulnerability in Adobe Flash Player 7.0/8.0/9.0
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
network
adobe CWE-119
5.8
2007-12-20 CVE-2007-6244 Cross-Site Scripting vulnerability in Adobe Flash Player 8.0/9.0
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
network
adobe CWE-79
4.3
2007-12-20 CVE-2007-6243 Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
network
adobe CWE-264
critical
9.3
2007-12-20 CVE-2007-6242 Improper Input Validation vulnerability in Adobe Flash Player
Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
network
adobe CWE-20
6.8
2007-11-15 CVE-2007-5905 Credentials Management vulnerability in Adobe Coldfusion 7.0/8.0
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
network
adobe CWE-255
6.8
2007-11-14 CVE-2007-5941 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player
Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method.
network
low complexity
adobe CWE-119
critical
10.0