Adobe RoboHelp Server Help Errors Log Cross-Site Scripting and SQL-Injection Vulnerabilities

Bugtraq ID:	30137
Class:	Input Validation Error
CVE:	CVE-2008-2991
Remote:	Yes
Local:	No
Published:	Jul 08 2008 12:00AM
Updated:	Jan 19 2009 10:42PM
Credit:	The Vulnerability Research Team of Assurent Secure Technologies (a TELUS company) and Greg Patton of PropertyInfo Corporation
Vulnerable:	Adobe RoboHelp Server 7 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home Adobe RoboHelp Server 6 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Home

Not Vulnerable: