CVE-2006-1785

CVE Database · CVE-2006-1785

CVE-2006-1785

· N/AModified

CVSS v3.1

N/A

EPSS

1.55%

Published

Apr 13, 2006

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.

Affected Products (1)

adobe · document_servervulnerable

References (16)

http://secunia.com/advisories/15924

Vendor Advisory

http://secunia.com/secunia_research/2005-68/advisory/

Vendor Advisory

http://www.adobe.com/support/techdocs/322699.html

Vendor Advisory

http://www.osvdb.org/24588

http://www.securityfocus.com/archive/1/430869/100/0/threaded

http://www.securityfocus.com/bid/17500

http://www.vupen.com/english/advisories/2006/1342

https://exchange.xforce.ibmcloud.com/vulnerabilities/25770

http://secunia.com/advisories/15924

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs