CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe : Security Vulnerabilities Published In 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-6483 XSS 2006-12-12 2008-09-05
2.6
None Remote High Not required None Partial None
Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.
2 CVE-2006-6482 +Info 2006-12-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag.
3 CVE-2006-6236 DoS Exec Code 2006-12-03 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027.
4 CVE-2006-6027 DoS Exec Code 2006-11-21 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.
5 CVE-2006-5858 20 2006-12-31 2011-05-17
5.0
None Remote Low Not required Partial None None
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.
6 CVE-2006-5857 399 Exec Code Mem. Corr. 2006-12-31 2010-08-21
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.
7 CVE-2006-5856 Exec Code Overflow 2006-12-06 2009-01-29
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file.
8 CVE-2006-5549 Exec Code File Inclusion 2006-10-26 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party researcher who states that AMFPHP_BASE is a constant.
9 CVE-2006-5330 79 XSS 2006-10-17 2010-08-21
5.0
None Remote Low Not required None Partial None
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.
10 CVE-2006-5200 2006-10-10 2008-09-05
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze 5.1 Licensed Server allows attackers to read arbitrary files via unknown vectors related to "URL parsing."
11 CVE-2006-5199 +Priv 2006-10-10 2008-09-05
2.1
None Local Low Not required Partial None None
Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server.
12 CVE-2006-4726 XSS 2006-09-13 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.
13 CVE-2006-4725 Bypass 2006-09-13 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.
14 CVE-2006-4724 DoS 2006-09-13 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command.
15 CVE-2006-4640 264 Bypass 2006-09-12 2010-08-21
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
16 CVE-2006-3978 Exec Code 2006-10-10 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors.
17 CVE-2006-3588 DoS 2006-07-13 2008-09-05
2.6
None Remote High Not required None None Partial
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.
18 CVE-2006-3587 Exec Code 2006-07-13 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
19 CVE-2006-3453 Exec Code Overflow 2006-07-13 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF.
20 CVE-2006-3452 +Priv 2006-07-12 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files.
21 CVE-2006-3311 Exec Code Overflow 2006-09-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
22 CVE-2006-3093 2006-06-19 2011-01-06
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors.
23 CVE-2006-2042 Sql 2006-05-09 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.
24 CVE-2006-1788 2006-04-13 2008-09-05
2.6
None Remote High Not required Partial None None
Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks.
25 CVE-2006-1787 2006-04-13 2008-09-05
2.6
None Remote High Not required Partial None None
Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session.
26 CVE-2006-1786 XSS 2006-04-13 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op paremeter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue.
27 CVE-2006-1785 2006-04-13 2008-09-05
2.1
None Remote High Single system None Partial None
Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.
28 CVE-2006-1628 2006-04-13 2008-09-05
4.6
User Remote High Single system Partial Partial Partial
Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system.
29 CVE-2006-1627 2006-04-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure.
30 CVE-2006-1182 Exec Code 2006-03-15 2008-09-10
2.6
None Local High Not required Partial Partial None
Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the (1) saveContent or (2) saveOptimized ADS commands, or the (3) loadContent command.
31 CVE-2006-0525 +Priv 2006-02-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs.
Total number of vulnerabilities : 31   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.