Vulnerabilities > Adobe > Medium

DATE CVE VULNERABILITY TITLE RISK
2009-08-18 CVE-2009-1874 Cross-Site Scripting vulnerability in Adobe Jrun 4.0
Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Adobe JRun 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
adobe CWE-79
4.3
2009-08-18 CVE-2009-1873 Path Traversal vulnerability in Adobe Jrun 4.0
Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a ..
network
low complexity
adobe CWE-22
4.0
2009-08-18 CVE-2009-1872 Cross-Site Scripting vulnerability in Adobe Coldfusion
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
network
adobe CWE-79
4.3
2009-07-31 CVE-2009-1870 Information Exposure vulnerability in Adobe Air, Flash Player and Flex
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
local
low complexity
adobe CWE-200
4.9
2009-07-31 CVE-2009-1867 Link Following vulnerability in Adobe Air, Flash Player and Flex
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
network
adobe CWE-59
4.3
2009-02-26 CVE-2009-0524 Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp.
network
adobe CWE-79
4.3
2009-02-26 CVE-2009-0523 Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log.
network
adobe CWE-79
4.3
2009-02-26 CVE-2009-0522 Remote Security vulnerability in Flash Player
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Per: http://www.adobe.com/support/security/bulletins/apsb09-01.html "This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack.
network
adobe microsoft
4.3
2009-02-26 CVE-2009-0114 Remote Security vulnerability in Flash Player
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."
network
adobe microsoft
5.8
2009-02-05 CVE-2008-6062 Cross-Site Scripting vulnerability in Adobe Dreamweaver
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter.
network
adobe CWE-79
4.3