RSS   Vulnerabilities for 'Document server'   RSS

2006-04-13
 
CVE-2006-1788

CWE-Other
 

 
Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks.

 
 
CVE-2006-1787

CWE-Other
 

 
Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session.

 
 
CVE-2006-1786

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue.

 
 
CVE-2006-1785

CWE-Other
 

 
Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.

 
2006-03-15
 
CVE-2006-1182

CWE-Other
 

 
Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the (1) saveContent or (2) saveOptimized ADS commands, or the (3) loadContent command.

 

 >>> Vendor: Adobe 124 Products
Framemaker
Acrobat reader
Acrobat
Acrobat business tools
Digital editions
Adobe content server
Photodeluxe
Creative suite
Photoshop
Premiere
Svg viewer
Version cue
Shockwave player
Captivate
Contribute
Director
Dreamweaver
Elicensing
Fireworks
Flash player
Freehand
Studio
Illustrator
Indesign
Pagemaker
Document server
Graphics server
Livecycle form manager
Flex sdk
Coldfusion
Breeze licensed server
Adobe php ria sdk
Download manager
JRUN
Acrobat 3d
AIR
FLEX
Bridge
Robohelp
Robohelp server
Golive
Photoshop elements
Adobe air
Connect enterprise server
Flash
Flash media server 2
Form client
Form designer
Livecycle workflow
Flex builder
Presenter
Reader
Flash media server
Flash playe for linux
Flash player for linux
Blazeds
Flex data services
Lifecycle
Lifecycle data services
Photoshop cs4
Indesign cs3
Device central cs5
Premier pro cs4
Onlocation cs4
Indesign cs4
Extension manager cs5
Extendedscript toolkit cs5
Audition
Livecycle
Livecycle data services
Adobe reader
Flash player for android
Flash cs3
Flash cs4
Flash cs5.5
Illustrator cs5.5
Photoshop cs5.5
Adobe air sdk
Photoshop cs6
Livecycle designer es2
Livecycle designer
Device central cs4
Camera raw
Acrobat r2000eader
Adobe air sdk and compiler
Phonegap
Photoshop cs5
Photoshop cs5.1
Air sdk
Air sdk & compiler
Air sdk and compiler
Connect
Photoshop cc
Acrobat dc
Acrobat reader dc
Premiere clip
Air sdk \& compiler
Experience manager
Bridge cc
Photoshop cc 2015
See all Products for Vendor Adobe


Copyright 2019, cxsecurity.com

 

Back to Top