Search Results (7315 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5860 1 Adobe 2 Coldfusion, Jrun 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-5859 1 Adobe 1 Coldfusion 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.
CVE-2006-5858 2 Adobe, Microsoft 3 Coldfusion, Jrun, Internet Information Services 2026-04-23 N/A
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.
CVE-2006-5857 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.
CVE-2006-3978 1 Adobe 1 Coldfusion 2026-04-23 N/A
Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors.
CVE-2007-4651 1 Adobe 1 Connect Enterprise Server 2026-04-23 N/A
Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors.
CVE-2008-4814 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
CVE-2008-4816 2 Adobe, Microsoft 4 Acrobat, Acrobat Reader, Download Manager and 1 more 2026-04-23 N/A
Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors.
CVE-2008-1201 1 Adobe 1 Flash 2026-04-23 N/A
Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file.
CVE-2008-4817 2 Adobe, Redhat 4 Acrobat, Acrobat Reader, Download Manager and 1 more 2026-04-23 N/A
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.
CVE-2007-6245 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
CVE-2007-0817 1 Adobe 1 Coldfusion 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
CVE-2009-1872 1 Adobe 1 Coldfusion 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
CVE-2007-1279 2 Adobe, Apple 2 Bridge, Mac Os X 2026-04-23 N/A
Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges.
CVE-2009-1597 2 Adobe, Mozilla 2 Acrobat Reader, Firefox 2026-04-23 N/A
Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
CVE-2009-1599 2 Adobe, Opera 2 Acrobat Reader, Opera Browser 2026-04-23 N/A
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
CVE-2009-1600 2 Adobe, Apple 2 Acrobat Reader, Safari 2026-04-23 N/A
Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
CVE-2009-1857 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font.
CVE-2009-1861 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption.
CVE-2009-1865 2 Adobe, Redhat 4 Air, Flash Player, Flex and 1 more 2026-04-23 N/A
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability."