Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors.
Max CVSS
6.8
EPSS Score
1.62%
Published
2006-06-19
Updated
2017-07-20
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
Max CVSS
6.8
EPSS Score
17.94%
Published
2006-09-12
Updated
2018-10-12
Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file.
Max CVSS
6.8
EPSS Score
81.61%
Published
2006-12-06
Updated
2018-10-17
CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
Max CVSS
6.8
EPSS Score
4.86%
Published
2007-01-03
Updated
2017-07-29
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
Max CVSS
6.8
EPSS Score
7.84%
Published
2007-01-09
Updated
2017-07-29
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
Max CVSS
6.8
EPSS Score
2.11%
Published
2007-04-13
Updated
2017-10-11
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655.
Max CVSS
6.2
EPSS Score
0.07%
Published
2008-02-12
Updated
2017-09-29
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
Max CVSS
6.8
EPSS Score
1.94%
Published
2007-11-15
Updated
2017-07-29
Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
Max CVSS
6.8
EPSS Score
92.76%
Published
2007-12-20
Updated
2018-10-26
Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file.
Max CVSS
6.8
EPSS Score
6.10%
Published
2008-03-24
Updated
2017-08-08
The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."
Max CVSS
6.8
EPSS Score
2.67%
Published
2008-10-09
Updated
2018-10-30
Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
Max CVSS
6.8
EPSS Score
4.96%
Published
2008-11-10
Updated
2018-10-30
Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.
Max CVSS
6.8
EPSS Score
2.86%
Published
2008-11-10
Updated
2018-10-30
Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors.
Max CVSS
6.8
EPSS Score
1.37%
Published
2008-11-17
Updated
2012-10-31
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.
Max CVSS
6.8
EPSS Score
97.04%
Published
2009-04-30
Updated
2017-09-29
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.
Max CVSS
6.8
EPSS Score
3.47%
Published
2010-02-15
Updated
2018-10-30
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.
Max CVSS
6.5
EPSS Score
3.19%
Published
2010-05-13
Updated
2022-04-05
Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
6.8
EPSS Score
5.08%
Published
2010-06-30
Updated
2017-09-19
Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 9.0.0.20091029.1.612548 allows local users to gain privileges via a Trojan horse objectassisten_US.dll file in the current working directory, as demonstrated by a directory that contains a .tds file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
6.9
EPSS Score
0.05%
Published
2012-09-06
Updated
2012-09-06
Untrusted search path vulnerability in Adobe LiveCycle Designer 8.2.1.3144.1.471865 allows local users to gain privileges via a Trojan horse .dll file in the current working directory, as demonstrated by a directory that contains a .tds file. NOTE: some of these details are obtained from third party information.
Max CVSS
6.9
EPSS Score
0.04%
Published
2012-09-06
Updated
2017-08-29
Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 allows local users to gain privileges via a Trojan horse Assist.Dll file in the current working directory, as demonstrated by a directory that contains a .ses file. NOTE: some of these details are obtained from third party information.
Max CVSS
6.9
EPSS Score
0.05%
Published
2012-09-07
Updated
2012-09-07
Multiple untrusted search path vulnerabilities in Adobe Device Central CS4 2.0.0 0476 allow local users to gain privileges via a Trojan horse (1) ibfs32.dll or (2) amt_cdb.dll file in the current working directory, as demonstrated by a directory that contains a .adcp file. NOTE: some of these details are obtained from third party information.
Max CVSS
6.9
EPSS Score
0.07%
Published
2012-09-07
Updated
2012-09-07
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588.
Max CVSS
6.9
EPSS Score
0.04%
Published
2011-02-10
Updated
2018-10-30
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
Max CVSS
6.8
EPSS Score
1.38%
Published
2011-02-10
Updated
2018-10-30
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0588.
Max CVSS
6.9
EPSS Score
0.04%
Published
2011-02-10
Updated
2018-10-30
389 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!