CVSS: 6.5EPSS: 51%CPEs: 36EXPL: 1CVE-2007-0048
https://notcve.org/view.php?id=CVE-2007-0048
03 Jan 2007 — Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." El Plugin de Adobe Acrobat Reader anterior al 8.0.0., cuando se usa con el Internet Explorer, permite a atacantes remo... • http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf •
CVSS: 8.8EPSS: 54%CPEs: 36EXPL: 2CVE-2007-0044 – Adobe Reader 9.1.3 Plugin - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0044
03 Jan 2007 — Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." Adobe Acrobat Reader Plugin anterior a la versión 8.0.0 para los navegadores Firefox, Internet Explorer y Opera permite a atacantes remotos forzar al navegador a realizar... • https://www.exploit-db.com/exploits/29383 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 69%CPEs: 36EXPL: 5CVE-2007-0045
https://notcve.org/view.php?id=CVE-2007-0045
03 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, o... • http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 67%CPEs: 1EXPL: 2CVE-2007-0046 – Adobe Acrobat Reader Plugin 7.0.x - 'acroreader' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0046
03 Jan 2007 — Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. Doble vulnerabilidad en el Adobe Acrobat Reader Plugin anterior al 8.0.0, como el utilizado en el Mozilla Firefox 1.5.0.7, permite a atacantes remotos ejecutar código de su elección provocando un error mediante un javascript... • https://www.exploit-db.com/exploits/3084 •
CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 0CVE-2007-0047
https://notcve.org/view.php?id=CVE-2007-0047
03 Jan 2007 — CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. Vulnerabilidad de inyección de CRLF en el Plugin de Adobe Acrobat Reader anterior al 8.0.0, cuando se utiliza con el objeto ActiveX Microsoft.XMLHTTP en el Int... • http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf •
CVSS: 9.3EPSS: 23%CPEs: 54EXPL: 0CVE-2006-5857
https://notcve.org/view.php?id=CVE-2006-5857
31 Dec 2006 — Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. Adobe Reader y Acrobat 7.0.8 y anteriores permite a atacantes remotos con la intervención del usuario ejecutar código mediante un archivo PDF manipulado que dispara una corrupción de memoria y sobrescribe un puntero de subrutina durante el dibujado. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 46%CPEs: 9EXPL: 1CVE-2006-6236
https://notcve.org/view.php?id=CVE-2006-6236
03 Dec 2006 — Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027. Adobe Reader (Adobe Acrobat Reader) 7.0 hasta 7.0.8 permite a un atacante remoto provocar denegación de servicio y posiblemente ejecutar código de su elección a tavés de un parámetro ... • http://research.eeye.com/html/alerts/zeroday/20061128.html •
CVSS: 9.8EPSS: 54%CPEs: 9EXPL: 3CVE-2006-6027 – Adobe Reader 7.0.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-6027
21 Nov 2006 — Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control. Adobe Reader (Adobe Acrobat Reader) 7.0 hasta 7.0.8 permite a atacantes remotos provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante un argumento de cadena largo al método LoadFile en el control ActiveX AcroPDF. • https://www.exploit-db.com/exploits/29076 •
CVSS: 9.8EPSS: 2%CPEs: 22EXPL: 0CVE-2006-3093
https://notcve.org/view.php?id=CVE-2006-3093
19 Jun 2006 — Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors. Múltiples vulnerabilidades no especificadas en Adobe Acrobat Reader (acroread) anterior a v7.0.8 tienen un impacto desconocido y vectores desconocidos. • http://secunia.com/advisories/20576 •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2006-0525
https://notcve.org/view.php?id=CVE-2006-0525
02 Feb 2006 — Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs. • http://secunia.com/advisories/18698 • CWE-264: Permissions, Privileges, and Access Controls •