CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36002 – Adobe Captivate Installer Creation of Temporary File In Directory With Incorrect Permissions Could Lead To Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-36002
01 Sep 2021 — Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer. Adobe Captivate versión 11.5.5 (y anteriores), está afectada por una vulnerabilidad de Creac... • https://helpx.adobe.com/security/products/captivate/apsb21-60.html • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21011 – Uncontrolled Search Path Element in Adobe Captivate 2019
https://notcve.org/view.php?id=CVE-2021-21011
13 Jan 2021 — Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges. Adobe Captivate 2019 versiones 11.5.1.499 (y anteriores) está afectado por una vulnerabilidad de elemento de ruta de búsqueda no controlada que podría conllevar a una escalada de privilegios. Un atacante con permisos para escribir e... • https://helpx.adobe.com/security/products/captivate/apsb21-06.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-3087
https://notcve.org/view.php?id=CVE-2017-3087
20 Jun 2017 — Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate. Adobe Captative versiones 9 y anteriores tienen una vulnerabilidad de divulgación de información debido al abuso de la característica de informes quiz en Captative. • http://www.securitytracker.com/id/1038657 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2017-3098
https://notcve.org/view.php?id=CVE-2017-3098
20 Jun 2017 — Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server. Las versiones 9 y anteriores de Adobe Captivate, presentan una vulnerabilidad de ejecución de código remota en la funcionalidad quiz reporting que podría ser violada para leer y escribir archivos arbitrarios en el servidor. • http://www.securitytracker.com/id/1038657 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3191
https://notcve.org/view.php?id=CVE-2010-3191
31 Aug 2010 — Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Captivate v5.0.0.596, y posiblemente otras versiones... • http://secunia.com/advisories/41233 •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 2CVE-2006-2796
https://notcve.org/view.php?id=CVE-2006-2796
03 Jun 2006 — Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0413.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •