Executive Summary

Informations
Name CVE-2006-1786 First vendor Publication 2006-04-13
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1786

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
24590 Adobe Document Server for Reader Extensions AlterCast op Parameter XSS

Adobe Document Server for Reader Extensions contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'op' variable upon submission to the 'AlterCast' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
24589 Adobe Document Server for Reader Extensions ads-readerext actionID Parameter XSS

Adobe Document Server for Reader Extensions contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'actionID' variable upon submission to the "ads-readerext" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Nessus® Vulnerability Scanner

Date Description
2006-04-14 Name : The remote web server is affected by multiple flaws.
File : adobe_document_server_61.nasl - Type : ACT_ATTACK

Sources (Detail)

http://secunia.com/advisories/15924
http://secunia.com/secunia_research/2005-68/advisory/
http://www.adobe.com/support/techdocs/322699.html
http://www.osvdb.org/24589
http://www.osvdb.org/24590
http://www.securityfocus.com/archive/1/430869/100/0/threaded
http://www.securityfocus.com/bid/17500
http://www.vupen.com/english/advisories/2006/1342
https://exchange.xforce.ibmcloud.com/vulnerabilities/25771
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2024-11-28 23:20:44
  • Multiple Updates
2024-11-28 12:08:43
  • Multiple Updates
2021-05-04 12:03:55
  • Multiple Updates
2021-04-22 01:04:28
  • Multiple Updates
2020-05-23 00:17:39
  • Multiple Updates
2018-10-18 21:20:04
  • Multiple Updates
2017-07-20 09:23:30
  • Multiple Updates
2016-12-07 09:24:09
  • Multiple Updates
2016-06-28 15:43:41
  • Multiple Updates
2016-04-26 14:30:26
  • Multiple Updates
2014-02-17 10:35:27
  • Multiple Updates
2013-05-11 10:54:10
  • Multiple Updates