CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36002 – Adobe Captivate Installer Creation of Temporary File In Directory With Incorrect Permissions Could Lead To Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-36002
Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer. Adobe Captivate versión 11.5.5 (y anteriores), está afectada por una vulnerabilidad de Creación de un Archivo Temporal en el Directorio con Permisos Incorrectos que podría resultar en una escalada de privilegios en el contexto del usuario actual. El atacante debe colocar un archivo malicioso en una ubicación particular de la máquina de la víctima. • https://helpx.adobe.com/security/products/captivate/apsb21-60.html • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21011 – Uncontrolled Search Path Element in Adobe Captivate 2019
https://notcve.org/view.php?id=CVE-2021-21011
Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges. Adobe Captivate 2019 versiones 11.5.1.499 (y anteriores) está afectado por una vulnerabilidad de elemento de ruta de búsqueda no controlada que podría conllevar a una escalada de privilegios. Un atacante con permisos para escribir en el sistema de archivos podría aprovechar esta vulnerabilidad para escalar los privilegios • https://helpx.adobe.com/security/products/captivate/apsb21-06.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2017-3098
https://notcve.org/view.php?id=CVE-2017-3098
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server. Las versiones 9 y anteriores de Adobe Captivate, presentan una vulnerabilidad de ejecución de código remota en la funcionalidad quiz reporting que podría ser violada para leer y escribir archivos arbitrarios en el servidor. • http://www.securitytracker.com/id/1038657 https://helpx.adobe.com/security/products/captivate/apsb17-19.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3087
https://notcve.org/view.php?id=CVE-2017-3087
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate. Adobe Captative versiones 9 y anteriores tienen una vulnerabilidad de divulgación de información debido al abuso de la característica de informes quiz en Captative. • http://www.securitytracker.com/id/1038657 https://helpx.adobe.com/security/products/captivate/apsb17-19.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2006-2796
https://notcve.org/view.php?id=CVE-2006-2796
Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0413.html http://securityreason.com/securityalert/1020 http://www.securityfocus.com/bid/18072 https://exchange.xforce.ibmcloud.com/vulnerabilities/26589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •