2.1

CVE-2006-1785

EPSS 1.36%
Veröffentlicht 13.04.2006 22:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext.  NOTE: it is not clear whether the vendor advisory addresses this issue.  In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Document Server Version6.0 Editionreader_extensions

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.36%	0.793

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:N/AC:H/Au:S/C:N/I:P/A:N

http://secunia.com/advisories/15924

Vendor Advisory

http://secunia.com/secunia_research/2005-68/advisory/

Vendor Advisory

http://www.adobe.com/support/techdocs/322699.html

Vendor Advisory

http://www.securityfocus.com/archive/1/430869/100/0/threaded

http://www.securityfocus.com/bid/17500

http://www.vupen.com/english/advisories/2006/1342

http://www.osvdb.org/24588

https://exchange.xforce.ibmcloud.com/vulnerabilities/25770

https://nvd.nist.gov/vuln/detail/CVE-2006-1785

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1785

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1785

EUVD