OrientDB < 2.0.15 / 2.1.1 XSRF

The version of OrientDB running on the remote host is prior to 2.0.15 or 2.1.1. It is, therefore, affected by a cross-site request forgery XSRF vulnerability due to the server allowing JSONP callbacks within the REST API. An unauthenticated, remote attacker can exploit this, via a crafted web pag...

CVE-2015-5571

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote...

Cross site request forgery (csrf)

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote...

UBUNTU-CVE-2015-5571

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote...

CVE-2015-5571

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote...

CVE-2015-5571

CVE-2015-5571 affects Adobe Flash Player and AIR products. It arises from incomplete SWF format restrictions, enabling CSRF against JSONP endpoints via a crafted OBJECT element containing SWF content that meets the callback API’s character-set requirements. Affected: Flash Player on Windows/OS X ...

Google Chrome < 45.0.2454.99 Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is prior to 45.0.2454.99. It is, therefore, affected by multiple vulnerabilities : - An unspecified stack corruption issue exists that allows a remote attacker to execute arbitrary code. CVE-2015-5567, CVE-2015-5579 - A vector...

Adobe Flash Player <= 18.0.0.232 Multiple Vulnerabilities (APSB15-23)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.232. It is, therefore, affected by multiple vulnerabilities : - An unspecified stack corruption issue exists that allows a remote attacker to execute arbitrary code. CVE-2015-5567,...

Adobe AIR <= 18.0.0.199 Multiple Vulnerabilities (APSB15-23)

The version of Adobe AIR installed on the remote Windows host is equal or prior to version 18.0.0.199. It is, therefore, affected by multiple vulnerabilities : - An unspecified stack corruption issue exists that allows a remote attacker to execute arbitrary code. CVE-2015-5567, CVE-2015-5579 - A...

Adobe AIR for Mac <= 18.0.0.199 Multiple Vulnerabilities (APSB15-23)

The version of Adobe AIR installed on the remote Mac OS X host is equal or prior to version 18.0.0.199. It is, therefore, affected by multiple vulnerabilities : - An unspecified stack corruption issue exists that allows a remote attacker to execute arbitrary code. CVE-2015-5567, CVE-2015-5579 - A...

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.521 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2015-5573. This...

KLA10670 Multiple vulnerabilities in Adobe products

Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Type confusion,...

AirDroid ID - Client Side JSONP Callback Vulnerability

Document Title: =============== AirDroid ID - Client Side JSONP Callback Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1544 Release Date: ============= 2015-07-10 Vulnerability Laboratory ID VL-ID: ==================================== 154...

Internet Bug Bounty: Wrong Handling of Content-Type allows Flash injection and Rosseta flash patch bypass

Hey, I spent some time reversing the mitigation of Rosetta Flash. This research helped me to discover a very interesting bug: Adobe Flash player uses "string searching" similar to indexOf over the entire response's "Content-Type" header value to match the "application/x-shockwave-flash" string...

AirDroid ID Client Side JSONP Callback

Document Title: =============== AirDroid ID - Client Side JSONP Callback Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1544 Release Date: ============= 2015-07-10 Vulnerability Laboratory ID VL-ID: ==================================== 154...

AirDroid ID - Client Side JSONP Callback Vulnerability

Document Title: =============== AirDroid ID - Client Side JSONP Callback Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1544 Release Date: ============= 2015-07-10 Vulnerability Laboratory ID VL-ID: ==================================== 154...

Baidu, Alibaba, Tencent in the column: a“watering hole attack”using JSONP hijacking tracking user-vulnerability warning-the black bar safety net

Can you imagine if an authoritarian state to get a way to obtain user privacy information of the tool, and this tool can obtain the user in a specific site on the real name, email address, gender, birthday and phone number, etc., that would be what kind of scene? You can also imagine that an...

flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe...

Adobe Flash Player JSONP Cross-Site Request Forgery (APSB15-11: CVE-2015-3096)

A cross-site request forgery CSRF vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an insufficient validation of data from JSONP callback APIs. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

AirDroid Web Application Hijacking Vulnerability Patched

AirDroid has patched an authentication flaw in its web application that could allow an attacker to remotely control and manipulate a victim’s Android device. AirDroid, which is similar to Apple’s native iMessage app, allows a user to send SMS messages, make calls, add contacts and more via a...