Adobe Flash Player Multiple Vulnerabilities-01 (Jul 2014) - Mac OS X

Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...

Flash "Rosetta" JSONP GET/POST Response Disclosure

A website that serves a JSONP endpoint that accepts a custom alphanumeric callback of 1200 chars can be abused to serve an encoded swf payload that steals the contents of a same-domain URL. Flash 'Flash "Rosetta" JSONP GET/POST Response Disclosure', 'Description' = %q A website that serves a JSON...

MGASA-2014-0291 Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.394 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update includes additional validation checks to ensure that Flash Player rejects malicious content fr...

Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.394 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update includes additional validation checks to ensure that Flash Player rejects malicious content fr...

flash-plugin: vulnerable JSONP callback APIs issue (APSB14-17)

A flaw was found that would lead to Cross-Site Request Forgery CSRF attacks...

CVE-2014-4671

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows...

CVE-2014-4671

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows...

Cross site request forgery (csrf)

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows...

UBUNTU-CVE-2014-4671

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows...

CVE-2014-4671

CVE-2014-4671 refers to a Flash/ AIR JSONP CSRF vulnerability where SWF content could bypass restrictions, enabling remote CSRF attacks against JSONP endpoints and potential data exposure. Affected products include Adobe Flash Player (Windows/macOS: up to 13.0.0.231 and 14.x up to 14.0.0.145; Lin...

CVE-2014-4671

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows...

July 2014 Adobe Flash Player patch

Popular websites such as Instagram, eBay, Tumblr and others using JSON with Padding or JSONP remain vulnerable to an exploit tool released today as a proof of concept against a vulnerability in Adobe Flash Player. Adobe today released an updated version of Flash that patches the vulnerability...

Adobe AIR < 14.0.0.137 Multiple Vulnerabilities (APSB14-17)

Binary data 8327.prm...

JSON REST API 1.1 - JSONP SOP Bypass

The json-rest-api WordPress plugin was affected by a JSONP SOP Bypass security vulnerability...

CVE-2012-5649

Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash...

CVE-2012-5649

Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash...

Design/Logic Flaw

Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash...

CVE-2012-5649

CVE-2012-5649 affects Apache CouchDB up to vulnerable branches: 1.0.4, 1.1.x up to 1.1.2, and 1.2.x up to 1.2.1. The issue allows remote attackers to execute arbitrary code via a JSONP callback related to Adobe Flash. Mitigation: upgrade to fixed releases (1.0.4+, 1.1.2+, 1.2.1+). Open detail con...

CVE-2012-5649

Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash...

Upload the file of trap-vulnerability warning-the black bar safety net

0x00 background Now many sites allow users to upload files, but they didn't realize that allow the user or attacker to upload files or even the legitimate files of the trap. What is a legitimate file? Generally, to determine whether the file is legitimate through two parameters: the file suffix,...