10 matches found
Adobe XML External Entity Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe XML External Entity Injection', 'Description' = %q Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2...
Adobe Multiple Products - XML Injection File Content Disclosure Exploit
Exploit for multiple platform in category web applications !/bin/bash Source: https://raw.githubusercontent.com/tsluyter/exploits/master/adobexmlinject.sh Exploit Title: Adobe XML Injection file content disclosure Date: 07-04-2017 Exploit Author: Thomas Sluyter Website: https://www.kilala.nl Vend...
Adobe (Multiple Products) - XML Injection File Content Disclosure
Adobe Multiple Products - XML Injection File Content Disclosure !/bin/bash Exploit Title: Adobe XML Injection file content disclosure Date: 07-04-2017 Exploit Author: Thomas Sluyter Website: https://www.kilala.nl Vendor Homepage: http://www.adobe.com/support/security/bulletins/apsb10-05.html...
Adobe (Multiple Products) - XML Injection File Content Disclosure
!/bin/bash Exploit Title: Adobe XML Injection file content disclosure Date: 07-04-2017 Exploit Author: Thomas Sluyter Website: https://www.kilala.nl Vendor Homepage: http://www.adobe.com/support/security/bulletins/apsb10-05.html Version: Multiple Adobe products Tested on: Windows Server 2003,...
September 2015 Adobe Shockwave Security Patch
Adobe today released a new version of its Shockwave Player that patches two critical vulnerabilities that could be remotely exploited. Adobe said that it is not aware of public exploits for either security flaw. The vulnerability affects Shockwave for Windows, versions 12.1.9.160 and earlier and...
Adobe LiveCycle Data Services Hotfix
Adobe is today expected to push a hotfix through to implementations of its LiveCycle Data Services application framework. The company said the vulnerability, CVE-2015-3269, affects versions 4.7, 4.6.2, 4.5 and 3.0.x on Windows, Macintosh and UNIX systems. Adobe is not aware of public exploits of...
http-vuln-cve2009-3960 NSE Script
Exploits cve-2009-3960 also known as Adobe XML External Entity Injection. This vulnerability permits to read local files remotely and is present in BlazeDS 3.2 and earlier, LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion...
Adobe XML External Entity Injection
Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and 2.5.1, Flex Data Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2 This module requires Metasploit:...
Multiple Adobe Products XML External Entity (XXE) Injection (APSB10-05)
The remote host appears to be running an Adobe product that is susceptible to XML External Entity XXE attacks. The installed version of the product fails to block the use of external XML entities while using the HTTPChannel to transport data in AMFX format. A remote, unauthenticated attacker coul...
CVE-2009-3960
CVE-2009-3960 is an information-disclosure vulnerability in Adobe BlazeDS and related Adobe data services components (e.g., LiveCycle, ColdFusion) where XML External Entity/XML Injection flaws can allow remote attackers to obtain sensitive information. Root cause: injected tags and external entit...