Page 5 of 26 results (0.002 seconds)

CVSS: 9.3EPSS: 97%CPEs: 1EXPL: 2

CVE-2009-3068 – Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability

https://notcve.org/view.php?id=CVE-2009-3068

Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11. Una vulnerabilidad de carga de archivos sin restricciones en el Servlet RoboHelpServer (robohelp/server) en RoboHelp Server de Adobe versión 8, permite a los atacantes remotos ejecutar código arbitrario mediante la carga de un archivo Java Archive (.jsp) durante una acción PUBLISH, y luego, acceder a él por medio de una petición directa al archivo en el directorio robohelp/robo/reserved/web bajo su subdirectorio sessionid, como es demostrado por el módulo vd_adobe en VulnDisco Pack Professional versiones 8.7 hasta 8.11. This vulnerability allows remote attackers to execute arbitrary code on vulnerability installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the management web server listening by default on port 8080. The Java Servlet handling POST requests to the server does not properly sanitize user input. • https://www.exploit-db.com/exploits/33209 https://www.exploit-db.com/exploits/16789 http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36467 http://twitter.com/elegerov/statuses/3727947465 http://twitter.com/elegerov/statuses/3737538715 http://twitter.com/elegerov/statuses/3737725344 http://www.adobe.com/support/security/bulletins/apsb09-14.html http://www.intevydis.com/blog/?p=26 http • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2009-0523

https://notcve.org/view.php?id=CVE-2009-0523

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en Adobe RoboHelp Server 6 y 7 que permite a los atacantes remoto inyectar arbitrariamente una secuencia de comandos web o HTML a través de URL manipuladas, lo que es manejado apropiadamente cuando se muestra el registro de errores de la ayuda. • http://secunia.com/advisories/34048 http://securitytracker.com/id?1021755 http://www.adobe.com/support/security/bulletins/apsb09-02.html http://www.securityfocus.com/bid/33887 http://www.vupen.com/english/advisories/2009/0512 https://exchange.xforce.ibmcloud.com/vulnerabilities/48890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2009-0524

https://notcve.org/view.php?id=CVE-2009-0524

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Adobe RoboHelp v6 y v7, y RoboHelp Server v6 y v7, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores que implican ficheros creados con robohelp. • http://secunia.com/advisories/34032 http://secunia.com/advisories/34048 http://securitytracker.com/id?1021755 http://www.adobe.com/support/security/bulletins/apsb09-02.html http://www.securityfocus.com/bid/33888 http://www.vupen.com/english/advisories/2009/0512 https://exchange.xforce.ibmcloud.com/vulnerabilities/48889 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 37%CPEs: 2EXPL: 3

CVE-2008-2991

https://notcve.org/view.php?id=CVE-2008-2991

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe RoboHelp Server 6 y 7 permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores relacionados con el log Help Errors. • http://secunia.com/advisories/31001 http://securitytracker.com/id?1020442 http://www.adobe.com/support/security/bulletins/apsb08-16.html http://www.securityfocus.com/bid/30137 http://www.vupen.com/english/advisories/2008/2026/references • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-0642

https://notcve.org/view.php?id=CVE-2008-0642

Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280. Vulnerabilidad de secuencias de comandos en sitios cruzados en archivos creados por Adobe RoboHelp 6 and 7, y posiblemente las extensiones (1) WebHelp5 (WebHelp5Ext) o (2) WildFire (WildFireExt), permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores no especificados. Vulnerabilidad distinta de CVE-2007-1280. • http://secunia.com/advisories/28945 http://securitytracker.com/id?1019397 http://www.adobe.com/support/security/bulletins/apsb08-05.html http://www.securityfocus.com/bid/27763 http://www.vupen.com/english/advisories/2008/0537 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •