Vulnerabilities > Adobe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-04-09 | CVE-2008-1655 | Cross-Site Scripting vulnerability in Adobe Air, Flash Player and Flex Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. | 4.3 |
| 2008-04-02 | CVE-2008-1654 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Flash Player Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. | 4.3 |
| 2008-03-24 | CVE-2008-1201 | Code Injection vulnerability in Adobe Flash Basic/Professional Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file. | 6.8 |
| 2008-03-12 | CVE-2008-1202 | Cross-Site Scripting vulnerability in Adobe Livecycle Workflow 6.2 Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2008-03-12 | CVE-2008-0644 | Cross-Site Scripting vulnerability in Adobe ColdFusion Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. | 5.0 |
| 2008-03-12 | CVE-2008-0643 | Cross-Site Scripting vulnerability in Adobe Coldfusion Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-02-15 | CVE-2008-0642 | Cross-Site Scripting vulnerability in Adobe Robohelp 6/7 Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280. | 4.3 |
| 2008-02-12 | CVE-2007-5666 | Code Injection vulnerability in Adobe Acrobat and Acrobat Reader Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. | 6.2 |
| 2008-02-11 | CVE-2008-0667 | Resource Management Errors vulnerability in Adobe Acrobat Reader The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. | 4.3 |
| 2008-01-04 | CVE-2007-6637 | Cross-Site Scripting vulnerability in Adobe Flash Player Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. | 4.3 |