CVE-2006-6779

Cross-site scripting XSS vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript...

CVE-2006-6779

Cross-site scripting XSS vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript...

CVE-2006-6779

CVE-2006-6779 describes a Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin where remote attackers can inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. The vulnerability is associated with vBulletin's SWF content and leads ...

vBulletin < 3.6.5 .swf ActionScript XSS

Binary data 3869.prm...

XSS with Vbulletin &#40;new idea !&#41;

Author : Ashraf Morad Contact : [email protected] XSS with vBulletin Attachments supported , SWF is a valid extension ! Materials : -Any SWF file with an actionscript frame : ActionScript Code : getURL"javascript:function blabvar scriptNode =...

Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin

Rapid7 Advisory R7-0026 HTTP Header Injection Vulnerabilities in the Flash Player Plugin Published: Oct 17, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0026.jsp 1. Affected Systems: KNOWN VULNERABLE: o Flash Player plugin 9.0.16 for Windows o Flash Player plugin 7.0.63 for Linux PROBAB...

CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks vi...

CVE-2006-5330

The CVE-2006-5330 issue affects Adobe Flash Player plugins prior to 7.0.69 (and earlier variants) across Windows, Linux, Solaris, and macOS, causing remote attackers to modify HTTP headers and perform HTTP Request Splitting via CRLF in arguments to ActionScript functions (XML.addRequestHeader, XM...

CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks vi...

Technical note: under some conditions, it&#39;s possible to steal HTTP credentials using Flash

Technical note: under some conditions, it's possible to steal HTTP credentials using Flash requires IE + some transparent proxies or virtual hosting The method described here is pretty simple. It works though only on HTTP not HTTPS credentials. Also, it works only when the client browses using IE...

Write-up by Amit Klein: &quot;Forging HTTP request headers with Flash&quot;

Forging HTTP request headers with Flash Amit Klein, July 2006 Flash - Introduction ==================== Flash player is a very popular browser add-on from Adobe actually, Flash was invented by Macromedia, which was acquired by Adobe. This write-up covers mostly Flash 7 and Flash 8, together...

Design/Logic Flaw

jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service application crash via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null...

CVE-2006-0585

jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service application crash via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null...

CVE-2006-0585

CVE-2006-0585 affects jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier. A remote attacker can cause a denial of service (application crash) by embedding a Shockwave Flash object that contains ActionScript code calling VBScript, which then calls Javascript’s document.write, triggerin...

CVE-2006-0585

jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service application crash via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null...

CVE-2005-3591

Macromedia Flash plugin 1 Flash.ocx 7.0.19.0 Windows and earlier and 2 libflashplayer.so before 7.0.25.0 Unix allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an...

[Full-disclosure] SEC Consult SA-20051107-1 :: Macromedia Flash Player ActionDefineFunction Memory Corruption

SEC-CONSULT Security Advisory 20051107-1 ======================================================================================= title: Macromedia Flash Player ActionDefineFunction Memory Corruption program: Macromedia Flash Plugin vulnerable version: flash.ocx v7.0.19.0 and earlier...