Page 89 of 451 results (0.016 seconds)

CVSS: 4.3EPSS: 92%CPEs: 36EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." Múltiples vulnerabilidades de tipo cross-site-scripting (XSS) en Adobe Acrobat Reader Plugin anterior a versión 8.0.0, y posiblemente el plugin distribuido con Adobe Reader versión 7.x anterior a 7.1.4, versión 8.x anterior a 8.1.7, y versión 9.x anterior a 9.2, para Mozilla Firefox, Microsoft Internet Explorer versión 6 SP1, Google Chrome, Opera versión 8.5.4 build 770 y Opera versión 9.10.8679 en Windows permiten a los atacantes remotos inyectar JavaScript arbitrario y conducir otros ataques por medio de una URL .pdf con un javascript: o URI res: con los parámetros (1) FDF, (2) XML y (3) AJAX XFDF, o (4) un identificador de anclaje arbitrariamente llamado name=URI, también se conoce como "Universal XSS (UXSS)". • http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://secunia.com/advisories/23483 http://secunia.com/advisories/23691 http://secunia.com/advisories/23812 http://secunia.com/advisories/23877 http://secunia.com/advisories/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 77%CPEs: 36EXPL: 1

Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." El Plugin de Adobe Acrobat Reader anterior al 8.0.0., cuando se usa con el Internet Explorer, permite a atacantes remotos provocar una denegación de servicio (agotamiento de memoria) mediante una secuencia larga de caracteres # (almohadilla) añadidos a una PDF URL. • http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://osvdb.org/31596 http://secunia.com/advisories/23812 http://secunia.com/advisories/23882 http://secunia.com/advisories/33754 http://security.gentoo.org/glsa/glsa-200701-16.xml http://securityreason.com/securityalert/2090 http://securitytracker •

CVSS: 9.3EPSS: 48%CPEs: 54EXPL: 0

Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. Adobe Reader y Acrobat 7.0.8 y anteriores permite a atacantes remotos con la intervención del usuario ejecutar código mediante un archivo PDF manipulado que dispara una corrupción de memoria y sobrescribe un puntero de subrutina durante el dibujado. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://osvdb.org/31316 http://secunia.com/advisories/23666 http://secunia.com/advisories/23691 http://secunia.com/advisories/23812 http://secunia.com/advisories/23877 http://secunia.com/advisories/23882 http://secunia.com/advisories/24533 http://security.gentoo.org/glsa/glsa-200701-16.xml http://securitytracker.com/id?1017491 http:/ • CWE-399: Resource Management Errors •

CVSS: 4.6EPSS: 0%CPEs: 28EXPL: 0

Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files. Adobe Reader y Acrobat 6.0.4 y anteriores en Mac OSX, tiene un archivo y permisos de directorio inseguros, lo que permite a usuarios locales obtener privilegios sobrescribiendo archivos de programa. • http://secunia.com/advisories/21016 http://securitytracker.com/id?1016473 http://www.adobe.com/support/security/bulletins/apsb06-08.html http://www.osvdb.org/27157 http://www.securityfocus.com/bid/18945 http://www.vupen.com/english/advisories/2006/2758 https://exchange.xforce.ibmcloud.com/vulnerabilities/27678 •

CVSS: 6.8EPSS: 1%CPEs: 22EXPL: 0

Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors. Múltiples vulnerabilidades no especificadas en Adobe Acrobat Reader (acroread) anterior a v7.0.8 tienen un impacto desconocido y vectores desconocidos. • http://secunia.com/advisories/20576 http://secunia.com/advisories/20925 http://secunia.com/advisories/20960 http://securitytracker.com/id?1016314 http://www.adobe.com/support/techdocs/327817.html http://www.novell.com/linux/security/advisories/2006_16_sr.html http://www.novell.com/linux/security/advisories/2006_41_acroread.html http://www.osvdb.org/26535 http://www.osvdb.org/26536 http://www.securityfocus.com/bid/18445 https://exchange.xforce.ibmcloud.com/vulnerabilities/31 •