5 matches found
CVE-2009-3960
CVE-2009-3960 is an information-disclosure vulnerability in Adobe BlazeDS and related Adobe data services components (e.g., LiveCycle, ColdFusion) where XML External Entity/XML Injection flaws can allow remote attackers to obtain sensitive information. Root cause: injected tags and external entit...
CVE-2016-6934
CVE-2016-6934 affects Adobe Experience Manager Forms (versions 6.2 and earlier) and LiveCycle (11.0.1 and 10.0.4) with an input validation issue in the PMAdmin module that can enable cross-site scripting. Public sources link this to two input-validation vulnerabilities in AEM Forms; NVD lists CVS...
CVE-2016-6933
CVE-2016-6933 affects Adobe Experience Manager Forms (Versions 6.2 and earlier) and LiveCycle (11.0.1, 10.0.4) with an input validation issue in the AACComponent that could be exploited for cross-site scripting. Connected advisories (e.g., APSB16-40) indicate Adobe released security updates addre...
CVE-2011-2093
CVE-2011-2093 affects Adobe LiveCycle Data Services (versions 3.1 and earlier), LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The vulnerability arises from improper handling of object graphs, described as a “complex object graph vulnerability,” which can allow an attacker to cause...
CVE-2011-2092
CVE-2011-2092 affects Adobe products: LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The root cause is improper restriction during deserialization of AMF and AMFX data that allows creation of classes, leading to an unresolved impact via unkn...