Page 3 of 17 results (0.013 seconds)

CVSS: 4.3EPSS: 6%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe RoboHelp v7 y v8, y RoboHelp Server v7 y v8, permite a atacantes remotos inyecatra código web y HTML de su elección a través de vectores relacionados con la generación de WebHelp con RoboHelp para Word. • http://secunia.com/advisories/41870 http://securitytracker.com/id?1024611 http://www.adobe.com/support/security/bulletins/apsb10-23.html http://www.vupen.com/english/advisories/2010/2718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 6%CPEs: 4EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe RoboHelp v7 y v8, y RoboHelp Server v7 y v8, permiet atacantes remotos inyectar código web o HMTL de su elección a través de vectores no especificados. • http://secunia.com/advisories/41870 http://securitytracker.com/id?1024611 http://www.adobe.com/support/security/bulletins/apsb10-23.html http://www.vupen.com/english/advisories/2010/2718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 97%CPEs: 1EXPL: 2

Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11. Una vulnerabilidad de carga de archivos sin restricciones en el Servlet RoboHelpServer (robohelp/server) en RoboHelp Server de Adobe versión 8, permite a los atacantes remotos ejecutar código arbitrario mediante la carga de un archivo Java Archive (.jsp) durante una acción PUBLISH, y luego, acceder a él por medio de una petición directa al archivo en el directorio robohelp/robo/reserved/web bajo su subdirectorio sessionid, como es demostrado por el módulo vd_adobe en VulnDisco Pack Professional versiones 8.7 hasta 8.11. This vulnerability allows remote attackers to execute arbitrary code on vulnerability installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the management web server listening by default on port 8080. The Java Servlet handling POST requests to the server does not properly sanitize user input. • https://www.exploit-db.com/exploits/33209 https://www.exploit-db.com/exploits/16789 http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36467 http://twitter.com/elegerov/statuses/3727947465 http://twitter.com/elegerov/statuses/3737538715 http://twitter.com/elegerov/statuses/3737725344 http://www.adobe.com/support/security/bulletins/apsb09-14.html http://www.intevydis.com/blog/?p=26 http • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en Adobe RoboHelp Server 6 y 7 que permite a los atacantes remoto inyectar arbitrariamente una secuencia de comandos web o HTML a través de URL manipuladas, lo que es manejado apropiadamente cuando se muestra el registro de errores de la ayuda. • http://secunia.com/advisories/34048 http://securitytracker.com/id?1021755 http://www.adobe.com/support/security/bulletins/apsb09-02.html http://www.securityfocus.com/bid/33887 http://www.vupen.com/english/advisories/2009/0512 https://exchange.xforce.ibmcloud.com/vulnerabilities/48890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Adobe RoboHelp v6 y v7, y RoboHelp Server v6 y v7, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores que implican ficheros creados con robohelp. • http://secunia.com/advisories/34032 http://secunia.com/advisories/34048 http://securitytracker.com/id?1021755 http://www.adobe.com/support/security/bulletins/apsb09-02.html http://www.securityfocus.com/bid/33888 http://www.vupen.com/english/advisories/2009/0512 https://exchange.xforce.ibmcloud.com/vulnerabilities/48889 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •