437 matches found
GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200903-23 Adobe Flash Player: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard allows ActionScript programs to execute the method without user...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard...
Cross site scripting
Cross-site scripting XSS vulnerability in ActionScript in arbitrary Shockwave Flash SWF files created by InfoSoft FusionCharts allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the dataURL parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in ActionScript in arbitrary Shockwave Flash SWF controller files created by Techsmith Camtasia Studio before 5 allows remote attackers to inject arbitrary additional SWF content via a URL in the csPreloader parameter...
CVE-2008-6060
CVE-2008-6060 describes a Cross-site Scripting (XSS) vulnerability in ActionScript within arbitrary Shockwave Flash (SWF) files generated by InfoSoft FusionCharts. The root cause is an injection vector via a URL in the SRC attribute of an IMG element in the dataURL parameter, enabling remote atta...
Input validation
The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory vi...
CVE-2008-5361
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing 1 DefineConstantPool, 2 ActionJump, 3 ActionPush, 4 ActionTry, and unspecified other actions, which allows...
CVE-2008-5361
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing 1 DefineConstantPool, 2 ActionJump, 3 ActionPush, 4 ActionTry, and unspecified other actions, which allows...
Code injection
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing 1 DefineConstantPool, 2 ActionJump, 3 ActionPush, 4 ActionTry, and unspecified other actions, which allows...
CVE-2008-5363
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service NULL pointer...
Null pointer dereference
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service NULL pointer...
CVE-2008-5362
CVE-2008-5362 covers a vulnerability in the DefineConstantPool action of the ActionScript 2 VM in Adobe Flash Player 10.x (before 10.0.12.36) and 9.x (before 9.0.151.0), and Adobe AIR before 1.5. The issue arises when an untrusted input value is accepted for a "constant count," enabling a remote ...
CVE-2008-5361
Adobe Flash Player and Adobe AIR are affected by CVE-2008-5361. The vulnerability arises because the ActionScript 2 VM does not verify a member element’s size when performing DefineConstantPool, ActionJump, ActionPush, and ActionTry (and related actions), enabling a remote attacker to read sensit...
CVE-2008-5363
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service NULL pointer...
CVE-2008-5361
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing 1 DefineConstantPool, 2 ActionJump, 3 ActionPush, 4 ActionTry, and unspecified other actions, which allows...
Adobe Flash Multiple Vulnerabilities
iSEC Partners Security Advisory - 2008-01-flash -------------------------------------------- Adobe Flash Multiple Vulnerabilities Vendor: Adobe, Inc. Vendor URL: http://www.adobe.com Versions affected: Flash Player 9.0.124.0 and earlier, AIR 1.1, Flash CS4 Professional, Flash CS3 Professional, Fl...
security flaw
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing 1 DefineConstantPool, 2 ActionJump, 3 ActionPush, 4 ActionTry, and unspecified other actions, which allows...
Flash Player HTML injection flaw
Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...
security flaw
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service NULL pointer...
CVE-2008-4823
Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...