17 matches found
CVE-2021-42727
Adobe Bridge 11.1.1 and earlier are affected by a stack overflow caused by insecure handling of a crafted file, potentially allowing arbitrary code execution in the current user context. Exploit requires the victim to open a crafted file in Bridge (user interaction). The issue is documented acros...
CVE-2022-30670
Adobe RoboHelp Server are affected in versions earlier than RHS 11 Update 3 by an Improper Authorization vulnerability that can allow an authenticated attacker to escalate to full administrator privileges without user interaction. The issue, documented as CVE-2022-30670, has been addressed by Ado...
CVE-2023-22272
Summary: CVE-2023-22272 affects Adobe RoboHelp Server (versions 11.4 and earlier). The issue is an Improper Input Validation vulnerability that enables information disclosure by an unauthenticated attacker, with no user interaction required. Connected sources corroborate an information-disclosure...
CVE-2009-3068
CVE-2009-3068 affects Adobe RoboHelp Server 8. The vulnerability is an unrestricted/arbitrary file upload in the RoboHelpServer Servlet (robohelp/server). An unauthenticated attacker can upload a JSP file during a PUBLISH action and then access it under the server’s session-specific robohelp/robo...
CVE-2023-22275
Adobe RoboHelp Server
CVE-2007-1280
The CVE-2007-1280 entry describes an XSS vulnerability in Adobe RoboHelp X5, X6, and RoboHelp Server 6. The issue allows remote attackers to inject arbitrary script/HTML via a URL that includes a # (hash) in the path, demonstrated with en/frameset-7.html and potentially other vectors involving te...
CVE-2023-22268
Adobe RoboHelp Server versions 11.4 and earlier are affected by an SQL Injection vulnerability (CVE-2023-22268) that could lead to information disclosure by a low-privileged authenticated attacker, with exploitation not requiring user interaction. The root cause is improper neutralization of spec...
CVE-2011-2133
Adobe RoboHelp 8/9 (and RoboHelp Server 8/9) are affected by a DOM-based XSS in the URI handling via template_stock/whutils.js, allowing arbitrary script/HTML execution. The issue is documented as CVE-2011-2133; a patch exists to address the vulnerability in RoboHelp/RoboHelp Server prior to 9.0....
CVE-2023-22274
CVE-2023-22274 affects Adobe RoboHelp Server
CVE-2023-22273
CVE-2023-22273 affects Adobe RoboHelp Server; the path traversal vulnerability in RoboHelp Server versions 11.4 and earlier could allow an admin-authenticated attacker to achieve remote code execution. Public sources confirm the issue as part of APSB23-53 (update to 11 Update 5). The connected do...
CVE-2011-0613
CVE-2011-0613 involves multiple cross-site scripting (XSS) flaws in RoboHelp 7/8 and RoboHelp Server 7/8. The vulnerabilities are tied to RoboHTML/WildFireExt/TemplateStock components and vectors related to wf_status.htm and wf_topicfs.htm, allowing remote attackers to inject arbitrary script or ...
CVE-2021-28588
CVE-2021-28588 affects Adobe RoboHelp Server up to version 2019.0.9. The root cause is a path traversal flaw in the server when processing requests (notably the folderId parameter), which allows an attacker to execute arbitrary code. Exploitation could occur via a crafted HTTP POST and, per sourc...
CVE-2008-2991
CVE-2008-2991 is an XSS vulnerability in Adobe RoboHelp Server 6 and 7 that allows remote attackers to inject arbitrary web script or HTML via the Help Errors log. Affected software: RoboHelp Server 6 and 7. Root cause: input handling in the Help Errors log leads to script execution. Impact: arbi...
CVE-2009-0524
CVE-2009-0524 affects Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7. The connected sources describe multiple input validation errors in template_stock/whutils.js, Report_Template.asp, redirect.asp, and SQL_Lib.asp that enable cross-site scripting via URLs crafted from RoboHelp-produced file...
CVE-2009-0523
Adobe RoboHelp Server 6/7 are affected by multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary script via crafted URLs displayed in the Help Errors log. The issues stem from input validation errors in template_stock/whutils.js, Report_Template.asp, r...
CVE-2010-2886
CVE-2010-2886 affects Adobe RoboHelp 7/8 and RoboHelp Server 7/8. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Root cause is a vulnerability in how the products handle input/...
CVE-2010-2885
CVE-2010-2885 concerns an XSS vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8. The connected records specify that the vulnerability arises in the WebHelp generation process with RoboHelp for Word, enabling remote attackers to inject arbitrary web script or HTML. Affected prod...