CVE-2017-3102
https://notcve.org/view.php?id=CVE-2017-3102
Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack. Adobe Connect versiones 9.6.1 y anteriores, presenta una vulnerabilidad de tipo cross-site scripting reflejado. Una explotación con éxito podría conllevar a un ataque de tipo cross-site scripting reflejado. • http://www.securityfocus.com/bid/99517 http://www.securitytracker.com/id/1038846 https://helpx.adobe.com/security/products/connect/apsb17-22.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-3101
https://notcve.org/view.php?id=CVE-2017-3101
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack. Adobe Connect versiones 9.6.1 y anteriores, presenta una vulnerabilidad de secuestro de cliqueo. Una explotación con éxito podría conllevar a un ataque de secuestro de cliqueo. • http://www.securityfocus.com/bid/99521 http://www.securitytracker.com/id/1038846 https://helpx.adobe.com/security/products/connect/apsb17-22.html •
CVE-2017-3103
https://notcve.org/view.php?id=CVE-2017-3103
Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack. Adobe Connect versiones 9.6.1 y anteriores, presenta una vulnerabilidad de tipo cross-site scripting almacenado. Una explotación con éxito podría conllevar a un ataque de tipo cross-site scripting (XSS) almacenado. • http://www.securityfocus.com/bid/99518 http://www.securitytracker.com/id/1038846 https://helpx.adobe.com/security/products/connect/apsb17-22.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-8494
https://notcve.org/view.php?id=CVE-2016-8494
Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. Verificación insuficiente de archivos cargados permite a atacantes con privilegios de administradores de webui realizar ejecución de código arbitrario cargando un nuevo tema webui. • http://www.securityfocus.com/bid/96159 https://fortiguard.com/advisory/FG-IR-16-080 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-7851 – Adobe Connect 9.5.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-7851
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks. Adobe Connect versión 9.5.6 y versiones anteriores no valida adecuadamente entradas en el módulo de registro de eventos. Esta vulnerabilidad puede ser explotada en ataques de XSS. • https://www.exploit-db.com/exploits/40742 http://www.securityfocus.com/bid/94152 http://www.securitytracker.com/id/1037239 https://helpx.adobe.com/security/products/connect/apsb16-35.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •