Vulnerabilities > Adobe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-11 | CVE-2007-3457 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Flash Player Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. | 4.3 |
| 2007-07-10 | CVE-2007-3640 | Cross-Site Scripting vulnerability in Adobe AIR Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. network adobe | 4.3 |
| 2007-05-10 | CVE-2007-1280 | Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. | 4.3 |
| 2007-04-13 | CVE-2007-2022 | Information Exposure vulnerability in multiple products Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | 6.8 |
| 2007-03-16 | CVE-2007-1278 | Denial Of Service vulnerability in Adobe Coldfusion and Jrun Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. | 4.3 |
| 2007-03-10 | CVE-2007-1377 | Resource Exhaustion vulnerability in multiple products AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. | 5.0 |
| 2007-03-02 | CVE-2007-1199 | Information Disclosure vulnerability in Adobe Acrobat/Adobe Reader Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045. network adobe | 4.3 |
| 2007-02-14 | CVE-2006-5860 | Cross-Site Scripting vulnerability in Adobe Coldfusion and Jrun Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2007-02-14 | CVE-2006-5859 | Cross-Site Scripting vulnerability in Adobe Coldfusion 7.0/7.0.1 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. | 4.3 |
| 2007-02-07 | CVE-2007-0817 | Cross-Site Scripting vulnerability in Adobe Coldfusion 6.1/7.0.1/7.0.2 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. network adobe | 4.3 |