Lucene search
Rich CanningsEDB-ID:30905HistoryDec 18, 2007 - 12:00 a.m.
Adobe Flash Player 8.0.34.0/9.0.x - 'main.swf?baseurl' asfunction: Protocol Handler Cross-Site Scripting
2007-12-1800:00:00
Rich Cannings
www.exploit-db.com
17
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/26949/info
Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/main.swf?baseurl=asfunction:getURL,javascript:alert(1)// Related
checkpoint_advisories
checkpoint_advisories
cve
cve
cert
cert
Adobe Flash Player asfunction protocol may enable cross-site scripting
2007-12-19 00:00:00
seebug
seebug
Adobe Flash Player ActiveXζ§δ»Άιη¨θ·¨η«θζ¬ζΌζ΄
2007-12-21 00:00:00
cvelist
cvelist
prion
prion
Cross site scripting
2007-12-20 01:46:00
Cross site scripting
2008-01-04 00:46:00
Cross site scripting
2009-02-05 01:30:00
nvd
nvd
exploitdb
exploitdb
securityvulns
securityvulns
ubuntucve
ubuntucve
CVE-2007-6637
2008-01-04 00:00:00
nessus
nessus
GLSA-200801-07 : Adobe Flash Player: Multiple vulnerabilities
2008-01-21 00:00:00
Flash Player < 7.0.73.0 / 9.0.115.0 Multiple Vulnerabilities (APSB07-20)
2007-12-19 00:00:00
openSUSE 10 Security Update : flash-player (flash-player-4855)
2007-12-24 00:00:00
redhat
redhat
(RHSA-2007:1126) Critical: flash-plugin security update
2007-12-18 00:00:00
openvas
openvas
SuSE Update for flash-player SUSE-SA:2007:069
2009-01-28 00:00:00
Gentoo Security Advisory GLSA 200801-07 (netscape-flash)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200801-07 (netscape-flash)
2008-09-24 00:00:00
suse
suse
remote code execution in flash-player
2007-12-21 16:24:32
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2008-01-20 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2007-12-18 00:00:00