Lucene search
K

90 matches found

Nmap
Nmap
added 2012/01/02 7:48 p.m.163 views

http-vuln-cve2009-3960 NSE Script

Exploits cve-2009-3960 also known as Adobe XML External Entity Injection. This vulnerability permits to read local files remotely and is present in BlazeDS 3.2 and earlier, LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion...

10CVSS0.99448EPSS
Exploits45
NVD
NVD
added 2011/06/16 11:55 p.m.15 views

CVE-2011-2092

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of 1 AMF and 2 AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a...

10CVSS8.8AI score0.06062EPSS
Exploits0References3
NVD
NVD
added 2011/06/16 11:55 p.m.17 views

CVE-2011-2093

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."...

5CVSS8.4AI score0.03772EPSS
Exploits0References6
Prion
Prion
added 2011/06/16 11:55 p.m.17 views

Deserialization of untrusted data

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of 1 AMF and 2 AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a...

10CVSS7.1AI score0.06062EPSS
Exploits0References3Affected Software3
Prion
Prion
added 2011/06/16 11:55 p.m.14 views

Design/Logic Flaw

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."...

5CVSS7AI score0.03772EPSS
Exploits0References6Affected Software3
Cvelist
Cvelist
added 2011/06/16 11:0 p.m.20 views

CVE-2011-2093

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."...

8.4AI score0.03772EPSS
Exploits0References6
Cvelist
Cvelist
added 2011/06/16 11:0 p.m.21 views

CVE-2011-2092

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of 1 AMF and 2 AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a...

8.8AI score0.06062EPSS
Exploits0References3
CVE
CVE
added 2011/06/16 11:0 p.m.64 views

CVE-2011-2093

CVE-2011-2093 affects Adobe LiveCycle Data Services (versions 3.1 and earlier), LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The vulnerability arises from improper handling of object graphs, described as a “complex object graph vulnerability,” which can allow an attacker to cause...

5CVSS6.7AI score0.03772EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2011/06/16 11:0 p.m.58 views

CVE-2011-2092

CVE-2011-2092 affects Adobe products: LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The root cause is improper restriction during deserialization of AMF and AMFX data that allows creation of classes, leading to an unresolved impact via unkn...

10CVSS6.8AI score0.06062EPSS
Exploits0References3Affected Software1
ThreatPost
ThreatPost
added 2011/06/15 1:32 p.m.8 views

Adobe Patches Critical Bugs in Flash, Reader, Acrobat

Adobe has released a number of patches for critical vulnerabilities in several of its more popular applications, including Flash, Reader and Acrobat. The most severe of the vulnerabilities that Adobe fixed Tuesday is a flaw in Flash that is being used in targeted attacks right now through...

0.9AI score
Exploits0References4
Metasploit
Metasploit
added 2010/11/04 2:11 a.m.63 views

Adobe XML External Entity Injection

Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and 2.5.1, Flex Data Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2 This module requires Metasploit:...

6.5CVSS7.1AI score0.90012EPSS
Exploits12
Packet Storm
Packet Storm
added 2010/09/14 12:0 a.m.37 views

Adobe LiveCycle ES DLL Hijacking

www.BugReport.ir AmnPardaz Security Research Team Title: Adobe LiveCycle ES DLL Hijacking Exploit .dll Vendor: http://www.adobe.com/products/livecycle/ Vulnerable Version: 8.2.1.3144.1.471865 Exploitation: Remote Code Execution - Description: Adobe® LiveCycle® Enterprise Suite ES software can hel...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/03/01 12:0 a.m.442 views

Multiple Adobe Products XML External Entity (XXE) Injection (APSB10-05)

The remote host appears to be running an Adobe product that is susceptible to XML External Entity XXE attacks. The installed version of the product fails to block the use of external XML entities while using the HTTPChannel to transport data in AMFX format. A remote, unauthenticated attacker coul...

6.5CVSS8.2AI score0.90012EPSS
Exploits12References4
NVD
NVD
added 2010/02/15 6:30 p.m.20 views

CVE-2009-3960

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are...

6.5CVSS6AI score0.90012EPSS
Exploits12References7
CVE
CVE
added 2010/02/15 6:0 p.m.1057 views

CVE-2009-3960

CVE-2009-3960 is an information-disclosure vulnerability in Adobe BlazeDS and related Adobe data services components (e.g., LiveCycle, ColdFusion) where XML External Entity/XML Injection flaws can allow remote attackers to obtain sensitive information. Root cause: injected tags and external entit...

6.5CVSS8.8AI score0.90012EPSS
In wildExploits12References7Affected Software5
Cvelist
Cvelist
added 2010/02/15 6:0 p.m.44 views

CVE-2009-3960

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are...

5.9AI score0.90012EPSS
Exploits12References6
ATTACKERKB
ATTACKERKB
added 2010/02/15 12:0 a.m.39 views

CVE-2009-3960

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are...

6.5CVSS4.2AI score0.90012EPSS
In wildExploits12References9
seebug.org
seebug.org
added 2008/03/15 12:0 a.m.25 views

Adobe LiveCycle Workflow管理登录页面跨站脚本漏洞

BUGTRAQ ID: 28209 CVECAN ID: CVE-2008-1202 Adobe LiveCycle Workflow是一个全面的流程管理解决方案,用于帮助企业简化、整合和保护以文档为中心的流程。 LiveCycle Workflow没有正确地过滤对Web管理登录页面的输入便返回给了用户,这可能导致跨站脚本攻击,允许在用户浏览器会话中注入并执行任意HTML和脚本代码。 Adobe LiveCycle Workflow 6.2 Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

4.3CVSS6.4AI score0.04069EPSS
Exploits1
Prion
Prion
added 2008/03/12 12:44 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS6.1AI score0.04069EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2008/03/12 12:44 a.m.17 views

CVE-2008-1202

Cross-site scripting XSS vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.6AI score0.04069EPSS
Exploits1References9
Rows per page
Query Builder