CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 0CVE-2023-28500
https://notcve.org/view.php?id=CVE-2023-28500
06 Apr 2023 — A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may be vulnerable if the application is installed with Java environment 7u21 and earlier. Exploitation of the vulnerability depends on two factors: insecure deserialization methods used in the Adobe LiveCycle applicati... • https://coastalsecurity.gitbook.io/critical-vulnerability-adobe-livecycle-es4v11.0 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 1%CPEs: 5EXPL: 0CVE-2016-6933
https://notcve.org/view.php?id=CVE-2016-6933
15 Dec 2016 — Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks. Adobe Experience Manager Forms en versión 6.2 y versiones anteriores, LiveCycle 11.0.1, LiveCycle 10.0.4 tienen un problema de validación de entrada en el AACComponent que puede ser utilizado en ataques de XSS. • http://www.securityfocus.com/bid/94867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6934
https://notcve.org/view.php?id=CVE-2016-6934
15 Dec 2016 — Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks. Adobe Experience Manager Forms en versión 6.2 y versiones anteriores, LiveCycle 11.0.1, LiveCycle 10.0.4 tienen un problema de validación de entrada en el módulo PMAdmin que puede ser utilizado en ataques de XSS. • http://www.securityfocus.com/bid/94867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 1CVE-2015-5255 – HP Security Bulletin HPSBST03568 1
https://notcve.org/view.php?id=CVE-2015-5255
18 Nov 2015 — Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue. Adobe BlazeDS, como se utiliza en ColdFusion 10 en versiones anteriores a Update 18 y 11 en versiones anteriores a ... • https://packetstorm.news/files/id/134506 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 13%CPEs: 5EXPL: 0CVE-2015-3269 – Cisco Nexus Dashboard Fabric Controller XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-3269
22 Aug 2015 — Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Vulnerabilidad en Apache Flex BlazeDS, tal como se usa en flex-messaging-core.jar en Ado... • http://marc.info/?l=bugtraq&m=145706712500978&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5212
https://notcve.org/view.php?id=CVE-2010-5212
06 Sep 2012 — Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 9.0.0.20091029.1.612548 allows local users to gain privileges via a Trojan horse objectassisten_US.dll file in the current working directory, as demonstrated by a directory that contains a .tds file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de ruta de búsqueda no confiable en Adobe LiveCycle Designer ES2 9.0.0.20091029.1.612548 permite a usuarios locale... • http://secunia.com/advisories/41417 •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5213
https://notcve.org/view.php?id=CVE-2010-5213
06 Sep 2012 — Untrusted search path vulnerability in Adobe LiveCycle Designer 8.2.1.3144.1.471865 allows local users to gain privileges via a Trojan horse .dll file in the current working directory, as demonstrated by a directory that contains a .tds file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en Adobe LiveCycle Designer v8.2.1.3144.1.471865, permite a usuarios locales ganar privilegios a través de un archivo de caballo de troya .dll en el d... • http://secunia.com/advisories/41417 •
CVSS: 10.0EPSS: 2%CPEs: 14EXPL: 0CVE-2011-2092
https://notcve.org/view.php?id=CVE-2011-2092
16 Jun 2011 — Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability." Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no restringen adecuadamente la creación de clases durante la deserializaci... • http://www.adobe.com/support/security/bulletins/apsb11-15.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 2%CPEs: 14EXPL: 0CVE-2011-2093
https://notcve.org/view.php?id=CVE-2011-2093
16 Jun 2011 — Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability." Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no maneja adecuadamente los objetos gráficos, lo que permite a atacantes provocar una denegación de servicio a través de vecto... • http://osvdb.org/73009 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1202
https://notcve.org/view.php?id=CVE-2008-1202
12 Mar 2008 — Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe LiveCycle Workflow 6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores desconocidos. • http://secunia.com/advisories/29331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •