2.1

CVE-2006-1785

EPSS 1.36%
Published 13.04.2006 22:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext.  NOTE: it is not clear whether the vendor advisory addresses this issue.  In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Document Server Version6.0 Editionreader_extensions

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.36%	0.793

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:N/AC:H/Au:S/C:N/I:P/A:N

http://secunia.com/advisories/15924

Vendor Advisory

http://secunia.com/secunia_research/2005-68/advisory/

Vendor Advisory

http://www.adobe.com/support/techdocs/322699.html

Vendor Advisory

http://www.securityfocus.com/archive/1/430869/100/0/threaded

http://www.securityfocus.com/bid/17500

http://www.vupen.com/english/advisories/2006/1342

http://www.osvdb.org/24588

https://exchange.xforce.ibmcloud.com/vulnerabilities/25770

https://nvd.nist.gov/vuln/detail/CVE-2006-1785

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1785

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1785

EUVD