CVE-2010-2885
https://notcve.org/view.php?id=CVE-2010-2885
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe RoboHelp v7 y v8, y RoboHelp Server v7 y v8, permite a atacantes remotos inyecatra código web y HTML de su elección a través de vectores relacionados con la generación de WebHelp con RoboHelp para Word. • http://secunia.com/advisories/41870 http://securitytracker.com/id?1024611 http://www.adobe.com/support/security/bulletins/apsb10-23.html http://www.vupen.com/english/advisories/2010/2718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2886
https://notcve.org/view.php?id=CVE-2010-2886
Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe RoboHelp v7 y v8, y RoboHelp Server v7 y v8, permiet atacantes remotos inyectar código web o HMTL de su elección a través de vectores no especificados. • http://secunia.com/advisories/41870 http://securitytracker.com/id?1024611 http://www.adobe.com/support/security/bulletins/apsb10-23.html http://www.vupen.com/english/advisories/2010/2718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3068 – Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability
https://notcve.org/view.php?id=CVE-2009-3068
Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11. Una vulnerabilidad de carga de archivos sin restricciones en el Servlet RoboHelpServer (robohelp/server) en RoboHelp Server de Adobe versión 8, permite a los atacantes remotos ejecutar código arbitrario mediante la carga de un archivo Java Archive (.jsp) durante una acción PUBLISH, y luego, acceder a él por medio de una petición directa al archivo en el directorio robohelp/robo/reserved/web bajo su subdirectorio sessionid, como es demostrado por el módulo vd_adobe en VulnDisco Pack Professional versiones 8.7 hasta 8.11. This vulnerability allows remote attackers to execute arbitrary code on vulnerability installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the management web server listening by default on port 8080. The Java Servlet handling POST requests to the server does not properly sanitize user input. • https://www.exploit-db.com/exploits/33209 https://www.exploit-db.com/exploits/16789 http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36467 http://twitter.com/elegerov/statuses/3727947465 http://twitter.com/elegerov/statuses/3737538715 http://twitter.com/elegerov/statuses/3737725344 http://www.adobe.com/support/security/bulletins/apsb09-14.html http://www.intevydis.com/blog/?p=26 http • CWE-264: Permissions, Privileges, and Access Controls •