Vulnerabilities > Adobe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-18 | CVE-2009-1875 | Cross-Site Scripting vulnerability in Adobe Coldfusion Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877. | 4.3 |
| 2009-08-18 | CVE-2009-1874 | Cross-Site Scripting vulnerability in Adobe Jrun 4.0 Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Adobe JRun 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-08-18 | CVE-2009-1873 | Path Traversal vulnerability in Adobe Jrun 4.0 Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. | 4.0 |
| 2009-08-18 | CVE-2009-1872 | Cross-Site Scripting vulnerability in Adobe Coldfusion Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. | 4.3 |
| 2009-07-31 | CVE-2009-1870 | Information Exposure vulnerability in Adobe Air, Flash Player and Flex Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability." | 4.9 |
| 2009-07-31 | CVE-2009-1867 | Link Following vulnerability in Adobe Air, Flash Player and Flex Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." | 4.3 |
| 2009-02-26 | CVE-2009-0524 | Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp. | 4.3 |
| 2009-02-26 | CVE-2009-0523 | Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log. | 4.3 |
| 2009-02-26 | CVE-2009-0522 | Remote Security vulnerability in Flash Player Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Per: http://www.adobe.com/support/security/bulletins/apsb09-01.html "This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack. | 4.3 |
| 2009-02-26 | CVE-2009-0114 | Remote Security vulnerability in Flash Player Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." | 5.8 |