90 matches found
http-vuln-cve2009-3960 NSE Script
Exploits cve-2009-3960 also known as Adobe XML External Entity Injection. This vulnerability permits to read local files remotely and is present in BlazeDS 3.2 and earlier, LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion...
CVE-2011-2092
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of 1 AMF and 2 AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a...
CVE-2011-2093
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."...
Deserialization of untrusted data
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of 1 AMF and 2 AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a...
Design/Logic Flaw
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."...
CVE-2011-2093
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."...
CVE-2011-2092
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of 1 AMF and 2 AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a...
CVE-2011-2093
CVE-2011-2093 affects Adobe LiveCycle Data Services (versions 3.1 and earlier), LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The vulnerability arises from improper handling of object graphs, described as a “complex object graph vulnerability,” which can allow an attacker to cause...
CVE-2011-2092
CVE-2011-2092 affects Adobe products: LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The root cause is improper restriction during deserialization of AMF and AMFX data that allows creation of classes, leading to an unresolved impact via unkn...
Adobe Patches Critical Bugs in Flash, Reader, Acrobat
Adobe has released a number of patches for critical vulnerabilities in several of its more popular applications, including Flash, Reader and Acrobat. The most severe of the vulnerabilities that Adobe fixed Tuesday is a flaw in Flash that is being used in targeted attacks right now through...
Adobe XML External Entity Injection
Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and 2.5.1, Flex Data Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2 This module requires Metasploit:...
Adobe LiveCycle ES DLL Hijacking
www.BugReport.ir AmnPardaz Security Research Team Title: Adobe LiveCycle ES DLL Hijacking Exploit .dll Vendor: http://www.adobe.com/products/livecycle/ Vulnerable Version: 8.2.1.3144.1.471865 Exploitation: Remote Code Execution - Description: Adobe® LiveCycle® Enterprise Suite ES software can hel...
Multiple Adobe Products XML External Entity (XXE) Injection (APSB10-05)
The remote host appears to be running an Adobe product that is susceptible to XML External Entity XXE attacks. The installed version of the product fails to block the use of external XML entities while using the HTTPChannel to transport data in AMFX format. A remote, unauthenticated attacker coul...
CVE-2009-3960
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are...
CVE-2009-3960
CVE-2009-3960 is an information-disclosure vulnerability in Adobe BlazeDS and related Adobe data services components (e.g., LiveCycle, ColdFusion) where XML External Entity/XML Injection flaws can allow remote attackers to obtain sensitive information. Root cause: injected tags and external entit...
CVE-2009-3960
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are...
CVE-2009-3960
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are...
Adobe LiveCycle Workflow管理登录页面跨站脚本漏洞
BUGTRAQ ID: 28209 CVECAN ID: CVE-2008-1202 Adobe LiveCycle Workflow是一个全面的流程管理解决方案,用于帮助企业简化、整合和保护以文档为中心的流程。 LiveCycle Workflow没有正确地过滤对Web管理登录页面的输入便返回给了用户,这可能导致跨站脚本攻击,允许在用户浏览器会话中注入并执行任意HTML和脚本代码。 Adobe LiveCycle Workflow 6.2 Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Cross site scripting
Cross-site scripting XSS vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2008-1202
Cross-site scripting XSS vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...