CVE-2016-0949
https://notcve.org/view.php?id=CVE-2016-0949
Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL. Adobe Connect en versiones anteriores a 9.5.2 permite a atacantes remotos tener un impacto no especificado a través de un parámetro manipulado en una URL. • http://www.securitytracker.com/id/1034978 https://helpx.adobe.com/security/products/connect/apsb16-07.html •
CVE-2016-0948
https://notcve.org/view.php?id=CVE-2016-0948
Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en Adobe Connect en versiones anteriores a 9.5.2 permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • http://www.securitytracker.com/id/1034978 https://helpx.adobe.com/security/products/connect/apsb16-07.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-0344
https://notcve.org/view.php?id=CVE-2015-0344
Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la aplicación web en Adobe Connect anterior a 9.4 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.securitytracker.com/id/1032567 https://helpx.adobe.com/adobe-connect/release-note/connect-94-release-notes.html#Issues%20Resolved • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0343 – Adobe Connect 9.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-0343
Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. Vulnerabilidad de XSS en admin/home/homepage/search en la aplicación web en Adobe Connect anterior a 9.4 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro query. Adobe Connect version 9.3 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/132269/Adobe-Connect-9.3-Cross-Site-Scripting.html http://seclists.org/bugtraq/2015/Jun/61 http://seclists.org/fulldisclosure/2015/Jun/35 http://www.securitytracker.com/id/1032567 https://helpx.adobe.com/adobe-connect/release-note/connect-94-release-notes.html#Issues%20Resolved • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-1506
https://notcve.org/view.php?id=CVE-2011-1506
The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information. La implementación STARTTLS en Kerio Connect v7.1.4 build 2985 y MailServer v6.x no restringe de forma adecuada el búfer I/O, lo que permite atacantes "man-in-the-middle" insertar comandos en las sesiones SMTP cifrado mediante el envío de un comando de texto plano que se procesa después de TLS en su lugar, en relación con un ataque "inyección de comandos de texto claro", un problema similar a CVE-2011-0411. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • http://secunia.com/advisories/43678 http://www.kb.cert.org/vuls/id/555316 http://www.kb.cert.org/vuls/id/MAPG-8D9M4P http://www.securityfocus.com/bid/46767 http://www.vupen.com/english/advisories/2011/0610 https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 • CWE-20: Improper Input Validation •