283 matches found
Adobe Flash - Margin Handling Heap Corruption
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1174 The attached fuzzed swf causes a crash due to heap corruption when processing the margins of a rich text field. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42018.zip...
Adobe Acrobat Pro DC Text field Validate action Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...
flash-plugin: multiple code execution issues fixed in APSB15-32
Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before...
flash-plugin: multiple code execution issues fixed in APSB15-32
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...
PT-2016-4037 · Adobe +1 · Air Sdk & Compiler +5
Name of the Vulnerable Software and Affected Versions: Adobe Air versions affected versions not specified Adobe Air SDK versions affected versions not specified Adobe Air SDK &Compiler versions affected versions not specified Adobe Flash Player versions affected versions not specified Adobe Flash...
CVE-2014-3123
Cross-site scripting XSS vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or...
Adobe Flash Player Style Sheet Null Pointer Denial of Service (APSB13-15; CVE-2013-3329)
A denial of service vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a NULL pointer value when applying malformed badly formatted HTML text field. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
CVE-2012-4942
Multiple cross-site scripting XSS vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text field...
FORMfields Upload Vulnability
Exploit for php platform in category web applications Date: 12.03.2011 Author: PretoriaN Vendor or Software Link: Version: app version Category:: Exploit Google dork: inurl:/forms/FORMfields/ Tested on: PHP Exploit:/examples/allFields/ffceallfields.phpupload Step 1: in Text Field: type any name...
Cross site scripting
Cross-site scripting XSS vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a...
Open redirect
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PD...
newt library memory corruption
Memory corruption on text field parsing...
CVE-2008-0335
Cross-site scripting XSS vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field...
CVE-2008-0335
Cross-site scripting XSS vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the nodereference module in Drupal Content Construction Kit CCK before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using 1 the plain formatter or 2 the...
CVE-2007-4363
CVE-2007-4363 affects the Drupal Content Construction Kit (CCK) nodereference module. The vulnerability exists in nodereference fields when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module, allowing remote attackers to inject arbitrary web script or HTM...
Cross site scripting
Cross-site scripting XSS vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-0924
Cross-site scripting XSS vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-0924
Cross-site scripting XSS vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-0924
Affected product : Brown Bear iCal 3.10. Vulnerability : Cross-site scripting (XSS) via the Calendar Text field when adding a new event. Impact : remote attackers can inject arbitrary web script or HTML. Root cause : insufficient sanitization/input handling in the Calendar Text field. Exploitatio...