Vulnerabilites related to adobe - dreamweaver
Vulnerability from fkie_nvd
Published
2021-02-11 21:15
Modified
2024-11-21 05:47
Severity ?
Summary
Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | dreamweaver | * | |
| adobe | dreamweaver | 21.0 | |
| apple | macos | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D52BDC-7020-4542-9CF4-5B5D51EA9CF7",
"versionEndIncluding": "20.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68E8F9A9-CC0B-457D-ADF6-DB1E86D0EE1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure."
},
{
"lang": "es",
"value": "Adobe Dreamweaver versiones 21.0 (y anteriores) y versiones 20.2 (y anteriores), est\u00e1n afectadas por una vulnerabilidad de ruta de b\u00fasqueda no confiable que podr\u00eda resultar en una divulgaci\u00f3n de informaci\u00f3n.\u0026#xa0;Un atacante con acceso f\u00edsico al sistema podr\u00eda reemplazar determinados archivos de configuraci\u00f3n y bibliotecas din\u00e1micas a las que hace referencia Dreamweaver, resultando potencialmente en una divulgaci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2021-21055",
"lastModified": "2024-11-21T05:47:28.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "psirt@adobe.com",
"type": "Secondary"
}
]
},
"published": "2021-02-11T21:15:13.383",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-05 01:30
Modified
2024-11-21 00:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | dreamweaver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4612B738-830D-417F-BD8B-7AA15010F193",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en ActionScript en ficheros arbitrarios Shockwave Flash (SWF) creados por Adobe Dreamweaver, cuando se usa la caracter\u00edstica Insert Flash Video, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s una funci\u00f3n as: URI en el par\u00e1metro skinName. NOTA: deber\u00eda sobreescribir las vulnerabilidades CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637."
}
],
"id": "CVE-2008-6062",
"lastModified": "2024-11-21T00:55:34.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-05T01:30:00.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/249337"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485722/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/249337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485722/100/100/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-18 22:15
Modified
2024-11-21 04:49
Severity ?
Summary
Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | dreamweaver | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F844C97-B0FF-4357-84E2-7F8E9CEF1E5A",
"versionEndIncluding": "19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user."
},
{
"lang": "es",
"value": "Las versiones de instalador de descarga directa de Adobe Dreamweaver en versiones 19.0 y anteriores, 18.0 y anteriores tienen una vulnerabilidad de carga de librer\u00eda insegura (secuestro de DLL). Su explotaci\u00f3n con \u00e9xito podr\u00eda conducir al Escalado de Privilegios en el contexto del usuario actual."
}
],
"id": "CVE-2019-7956",
"lastModified": "2024-11-21T04:49:00.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-18T22:15:12.887",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-21 21:15
Modified
2024-11-21 05:14
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.html | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D52BDC-7020-4542-9CF4-5B5D51EA9CF7",
"versionEndIncluding": "20.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges."
},
{
"lang": "es",
"value": "Dreamweaver versi\u00f3n 20.2 (y anteriores) est\u00e1 afectada por una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada que podr\u00eda conllevar a una escalada de privilegios.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda resultar en un usuario local con permisos para escribir en el sistema de archivos ejecutando comandos del sistema con privilegios de administrador"
}
],
"id": "CVE-2020-24425",
"lastModified": "2024-11-21T05:14:47.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "psirt@adobe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-21T21:15:13.020",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "psirt@adobe.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-26 18:36
Modified
2024-11-21 01:18
Severity ?
Summary
Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | dreamweaver | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC4FCD0-1ED2-470F-85CA-5AAD37D3D959",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Adobe Dreamweaver CS5 v11.0 build 4916 y build 4909, permite a usuarios locales, y puede que atacantes remotos, ejecutar c\u00f3digo de su elecci\u00f3n y producir un ataque de secuestro de DLL, a trav\u00e9s de un troyano (1) mfc90loc.dll or (2) dwmapi.dll que est\u00e1 ubicado en la misma carpeta que un fichero CSS, PHP, ASP u otro archivo que autom\u00e1ticamente ejecute Dreamweaver."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\nCWE-426 - \u0027Untrusted Search Path Vulnerability\u0027",
"id": "CVE-2010-3132",
"lastModified": "2024-11-21T01:18:06.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-26T18:36:35.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41110"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14740"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2171"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12035"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 16:29
Modified
2024-11-21 04:47
Severity ?
Summary
Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F844C97-B0FF-4357-84E2-7F8E9CEF1E5A",
"versionEndIncluding": "19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack."
},
{
"lang": "es",
"value": "Las versiones 19.0 y anteriores de Adobe Dreamweaver, tienen una vulnerabilidad de implementaci\u00f3n de protocolo no segura. Su explotaci\u00f3n exitosa conllevar\u00eda a la divulgaci\u00f3n de datos confidenciales si la petici\u00f3n de smb est\u00e1 sujeta a un ataque de retransmisi\u00f3n."
}
],
"id": "CVE-2019-7097",
"lastModified": "2024-11-21T04:47:33.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T16:29:08.807",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-21.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-21.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-19 17:29
Modified
2024-11-21 04:07
Severity ?
Summary
Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@adobe.com | http://www.securityfocus.com/bid/103395 | Third Party Advisory, VDB Entry | |
| psirt@adobe.com | http://www.securitytracker.com/id/1040516 | Third Party Advisory, VDB Entry | |
| psirt@adobe.com | https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103395 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040516 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | dreamweaver | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABDF8CC-E362-4A1F-BA17-7A4EDB2E2B2C",
"versionEndIncluding": "18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
},
{
"lang": "es",
"value": "Adobe Dreamweaver CC, en versiones 18.0 y anteriores, tiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir la ejecuci\u00f3n arbitraria de c\u00f3digo en el contexto del usuario actual."
}
],
"id": "CVE-2018-4924",
"lastModified": "2024-11-21T04:07:43.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-19T17:29:00.807",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103395"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040516"
},
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:04
Severity ?
Summary
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | captivate | * | |
| adobe | contribute | 2 | |
| adobe | contribute | 3 | |
| adobe | director | * | |
| adobe | dreamweaver | 9.0 | |
| adobe | elicensing | * | |
| adobe | fireworks | 9.0 | |
| adobe | flash_player | * | |
| adobe | flash_player | * | |
| adobe | freehand | mx | |
| adobe | studio | mx |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:captivate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62F9591A-A127-4302-97CE-722E492A8602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:contribute:2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDB544B-76EC-49C0-94B1-E0035207A68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:contribute:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F52C901F-914B-47A1-A160-CADF9DC899A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6AC4F1-DE3D-4873-90BE-2AE1E3E60F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C183915-BF83-4446-90DF-3A2CE49BCE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:elicensing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9602D186-D707-484E-B31D-8C15D85EDC70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:fireworks:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D06FAD9-2CC0-4AAC-A2B5-6D118D00D7A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F901FB44-DC26-4284-B160-EE4A4F8F9DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:pro:*:*:*:*:*",
"matchCriteriaId": "C01FF7CE-BAD6-4539-A457-DABE0F21895A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:freehand:mx:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BD6F32-57BE-4EB4-A2B8-043A8B28369C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:studio:mx:*:*:*:*:*:*:*",
"matchCriteriaId": "3832577A-42EB-4C8F-878C-BFAF8479BAB4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
}
],
"id": "CVE-2005-4708",
"lastModified": "2024-11-21T00:04:59.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15654"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014158"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014159"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014160"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014161"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014162"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014163"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014164"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014165"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014166"
},
{
"source": "cve@mitre.org",
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/17248"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13925"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/0723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/17248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/0723"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-16 12:15
Modified
2024-12-12 21:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CFE74F-C421-442D-A374-42A1C3232B80",
"versionEndExcluding": "21.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction."
},
{
"lang": "es",
"value": "Las versiones 21.3 y anteriores de Dreamweaver Desktop se ven afectadas por una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo (\u0027inyecci\u00f3n de comando del sistema operativo\u0027) que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario por parte de un atacante. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario."
}
],
"id": "CVE-2024-30314",
"lastModified": "2024-12-12T21:10:42.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@adobe.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2024-05-16T12:15:13.280",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-09 19:02
Modified
2024-11-21 00:10
Severity ?
Summary
Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | dreamweaver | 7.0 | |
| adobe | dreamweaver | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E0BF547-FB9D-400C-8D42-7EB491823AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "195A1824-AA90-4B0A-872C-33CA44D73E6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models."
}
],
"evaluatorSolution": "This vulnerability affects all versions of Adobe, Dreamweaver, 8.0 before 8.0.2\r\nThis vulnerability is addressed in the following product releases:\r\nAdobe, Dreamweaver, 8.0.2\r\nCode update for Macromedia, Dreamweaver MX, 2004",
"id": "CVE-2006-2042",
"lastModified": "2024-11-21T00:10:25.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-09T19:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0194.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20054"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016050"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-07.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25361"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17928"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1753"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0194.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-07.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26339"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-24425
Vulnerability from cvelistv5
Published
2020-10-21 20:07
Modified
2024-09-16 23:56
Severity ?
EPSS score ?
Summary
Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Adobe | Dreamweaver |
Version: unspecified < Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dreamweaver",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "20.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element (CWE-427)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T20:07:24",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege escalation vulnerability in Dreamweaver version 20.2",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2020-10-20T23:00:00.000Z",
"ID": "CVE-2020-24425",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation vulnerability in Dreamweaver version 20.2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dreamweaver",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "20.2"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "High",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Search Path Element (CWE-427)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2020-24425",
"datePublished": "2020-10-21T20:07:24.139092Z",
"dateReserved": "2020-08-19T00:00:00",
"dateUpdated": "2024-09-16T23:56:56.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6062
Vulnerability from cvelistv5
Published
2009-02-05 01:00
Modified
2024-08-07 11:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.
References
| ▼ | URL | Tags |
|---|---|---|
| http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw | x_refsource_MISC | |
| http://www.adobe.com/support/security/bulletins/apsb07-20.html | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/249337 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/archive/1/485722/100/100/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:24.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
},
{
"name": "VU#249337",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/249337"
},
{
"name": "20080102 XSS Vulnerabilities in Common Shockwave Flash Files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485722/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
},
{
"name": "VU#249337",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/249337"
},
{
"name": "20080102 XSS Vulnerabilities in Common Shockwave Flash Files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485722/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw",
"refsource": "MISC",
"url": "http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-20.html",
"refsource": "MISC",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
},
{
"name": "VU#249337",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/249337"
},
{
"name": "20080102 XSS Vulnerabilities in Common Shockwave Flash Files",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485722/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6062",
"datePublished": "2009-02-05T01:00:00",
"dateReserved": "2009-02-04T00:00:00",
"dateUpdated": "2024-08-07T11:20:24.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2042
Vulnerability from cvelistv5
Published
2006-05-09 19:00
Modified
2024-08-07 17:35
Severity ?
EPSS score ?
Summary
Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2006-05/0194.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26339 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/20054 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/17928 | vdb-entry, x_refsource_BID | |
| http://www.adobe.com/support/security/bulletins/apsb06-07.html | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/1753 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/25361 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1016050 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060509 Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0194.html"
},
{
"name": "dreamweaver-server-sql-injection(26339)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26339"
},
{
"name": "20054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20054"
},
{
"name": "17928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-07.html"
},
{
"name": "ADV-2006-1753",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1753"
},
{
"name": "25361",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25361"
},
{
"name": "1016050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060509 Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0194.html"
},
{
"name": "dreamweaver-server-sql-injection(26339)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26339"
},
{
"name": "20054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20054"
},
{
"name": "17928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-07.html"
},
{
"name": "ADV-2006-1753",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1753"
},
{
"name": "25361",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25361"
},
{
"name": "1016050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060509 Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0194.html"
},
{
"name": "dreamweaver-server-sql-injection(26339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26339"
},
{
"name": "20054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20054"
},
{
"name": "17928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17928"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb06-07.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb06-07.html"
},
{
"name": "ADV-2006-1753",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1753"
},
{
"name": "25361",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25361"
},
{
"name": "1016050",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2042",
"datePublished": "2006-05-09T19:00:00",
"dateReserved": "2006-04-26T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7956
Vulnerability from cvelistv5
Published
2019-07-18 21:47
Modified
2024-08-04 21:02
Severity ?
EPSS score ?
Summary
Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Adobe Dreamweaver |
Version: Adobe Dreamweaver?direct download installer version 19.0 and below, 18.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:02:19.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Dreamweaver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Adobe Dreamweaver?direct download installer version 19.0 and below, 18.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Library Loading (DLL hijacking)?",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-18T21:47:32",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-7956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Dreamweaver",
"version": {
"version_data": [
{
"version_value": "Adobe Dreamweaver?direct download installer version 19.0 and below, 18.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Library Loading (DLL hijacking)?"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-7956",
"datePublished": "2019-07-18T21:47:32",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:02:19.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-30314
Vulnerability from cvelistv5
Published
2024-05-16 11:36
Modified
2024-12-12 17:22
Severity ?
EPSS score ?
Summary
Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Adobe | Dreamweaver Desktop |
Version: 0 ≤ 21.3 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:dreamweaver:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dreamweaver",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "21.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T13:56:18.684127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:32.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Dreamweaver Desktop",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "21.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) (CWE-78)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T17:22:09.719Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dreamweaver Desktop | Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) (CWE-78)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-30314",
"datePublished": "2024-05-16T11:36:01.484Z",
"dateReserved": "2024-03-26T16:04:09.510Z",
"dateUpdated": "2024-12-12T17:22:09.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-4924
Vulnerability from cvelistv5
Published
2018-05-19 17:00
Modified
2024-08-05 05:18
Severity ?
EPSS score ?
Summary
Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/103395 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040516 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Adobe Dreamweaver CC 18.0 and earlier versions |
Version: Adobe Dreamweaver CC 18.0 and earlier versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:18:26.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html"
},
{
"name": "103395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103395"
},
{
"name": "1040516",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Dreamweaver CC 18.0 and earlier versions",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Adobe Dreamweaver CC 18.0 and earlier versions"
}
]
}
],
"datePublic": "2018-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-20T09:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html"
},
{
"name": "103395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103395"
},
{
"name": "1040516",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040516"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Dreamweaver CC 18.0 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Dreamweaver CC 18.0 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html"
},
{
"name": "103395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103395"
},
{
"name": "1040516",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040516"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2018-4924",
"datePublished": "2018-05-19T17:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:18:26.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21055
Vulnerability from cvelistv5
Published
2021-02-11 20:12
Modified
2024-09-16 16:13
Severity ?
EPSS score ?
Summary
Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Adobe | Dreamweaver |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:01:13.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dreamweaver",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "21.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "20.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T20:12:37",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Dreamweaver Untrusted Search Path Vulnerability Could Lead To Information Disclosure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-02-09T23:00:00.000Z",
"ID": "CVE-2021-21055",
"STATE": "PUBLIC",
"TITLE": "Adobe Dreamweaver Untrusted Search Path Vulnerability Could Lead To Information Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dreamweaver",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "21.0"
},
{
"version_affected": "\u003c=",
"version_value": "20.2"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "High",
"attackVector": "Physical",
"availabilityImpact": "High",
"baseScore": 6.2,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path (CWE-426)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-21055",
"datePublished": "2021-02-11T20:12:37.844018Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-16T16:13:10.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4708
Vulnerability from cvelistv5
Published
2006-02-02 11:00
Modified
2024-08-07 23:53
Severity ?
EPSS score ?
Summary
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014162",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014162"
},
{
"name": "1014161",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014161"
},
{
"name": "1014165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"name": "20060131 Windows Access Control Demystified",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"name": "VU#953860",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"name": "1014166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"name": "1014159",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014159"
},
{
"name": "17248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17248"
},
{
"name": "1014163",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014163"
},
{
"name": "1014164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014164"
},
{
"name": "ADV-2005-0723",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0723"
},
{
"name": "15654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15654"
},
{
"name": "1014158",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014158"
},
{
"name": "1014160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014160"
},
{
"name": "13925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014162",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014162"
},
{
"name": "1014161",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014161"
},
{
"name": "1014165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"name": "20060131 Windows Access Control Demystified",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"name": "VU#953860",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"name": "1014166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"name": "1014159",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014159"
},
{
"name": "17248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17248"
},
{
"name": "1014163",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014163"
},
{
"name": "1014164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014164"
},
{
"name": "ADV-2005-0723",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0723"
},
{
"name": "15654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15654"
},
{
"name": "1014158",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014158"
},
{
"name": "1014160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014160"
},
{
"name": "13925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014162",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014162"
},
{
"name": "1014161",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014161"
},
{
"name": "1014165",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014165"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"name": "20060131 Windows Access Control Demystified",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"name": "VU#953860",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"name": "1014166",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014166"
},
{
"name": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf",
"refsource": "MISC",
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"name": "1014159",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014159"
},
{
"name": "17248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17248"
},
{
"name": "1014163",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014163"
},
{
"name": "1014164",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014164"
},
{
"name": "ADV-2005-0723",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0723"
},
{
"name": "15654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15654"
},
{
"name": "1014158",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014158"
},
{
"name": "1014160",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014160"
},
{
"name": "13925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4708",
"datePublished": "2006-02-02T11:00:00",
"dateReserved": "2006-02-02T00:00:00",
"dateUpdated": "2024-08-07T23:53:28.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3132
Vulnerability from cvelistv5
Published
2010-08-26 18:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/2171 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/41110 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/14740 | exploit, x_refsource_EXPLOIT-DB | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12035 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2171",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2171"
},
{
"name": "41110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41110"
},
{
"name": "14740",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14740"
},
{
"name": "oval:org.mitre.oval:def:12035",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-2171",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2171"
},
{
"name": "41110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41110"
},
{
"name": "14740",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14740"
},
{
"name": "oval:org.mitre.oval:def:12035",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2171",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2171"
},
{
"name": "41110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41110"
},
{
"name": "14740",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14740"
},
{
"name": "oval:org.mitre.oval:def:12035",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3132",
"datePublished": "2010-08-26T18:00:00",
"dateReserved": "2010-08-26T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7097
Vulnerability from cvelistv5
Published
2019-05-23 15:43
Modified
2024-08-04 20:38
Severity ?
EPSS score ?
Summary
Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/dreamweaver/apsb19-21.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Adobe | Adobe Dreamweaver |
Version: 19.0 and earlier versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:33.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-21.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Dreamweaver",
"vendor": "Adobe",
"versions": [
{
"status": "affected",
"version": "19.0 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure protocol implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T15:43:09",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-21.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-7097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Dreamweaver",
"version": {
"version_data": [
{
"version_value": "19.0 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure protocol implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-21.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb19-21.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-7097",
"datePublished": "2019-05-23T15:43:09",
"dateReserved": "2019-01-28T00:00:00",
"dateUpdated": "2024-08-04T20:38:33.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}