437 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...
CVE-2008-4823
Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...
CVE-2008-4823
Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...
CVE-2008-4823
CVE-2008-4823 affects Adobe Flash Player up to 9.0.124.0, with a vulnerability in how an ActionScript attribute is interpreted that could allow arbitrary HTML/script injection (XSS). Public advisories (RHSA-2008:0945/0980) and Gentoo GLSA-200903-23 list Flash Player updates and note upgrading to ...
FreeBSD Ports: linux-flashplugin
The remote host is missing an update to the system as announced in the referenced advisory. VID 78f456fd-9c87-11dd-a55e-00163e000016 OpenVAS Vulnerability Test $ Description: Auto generated from VID 78f456fd-9c87-11dd-a55e-00163e000016 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: linux-flashplugin
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Flash Player HTML injection flaw
Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...
security flaw
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service NULL pointer...
security flaw
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing 1 DefineConstantPool, 2 ActionJump, 3 ActionPush, 4 ActionTry, and unspecified other actions, which allows...
CVE-2008-4401
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with 1 the FileReference.browse operation in the FileReference upload API or 2 the FileReference.download operation in the FileReference download API, which allows remote attackers to create ...
CVE-2008-4401
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with 1 the FileReference.browse operation in the FileReference upload API or 2 the FileReference.download operation in the FileReference download API, which allows remote attackers to create ...
Design/Logic Flaw
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with 1 the FileReference.browse operation in the FileReference upload API or 2 the FileReference.download operation in the FileReference download API, which allows remote attackers to create ...
CVE-2008-4401
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with 1 the FileReference.browse operation in the FileReference upload API or 2 the FileReference.download operation in the FileReference download API, which allows remote attackers to create ...
CVE-2008-4401
CVE-2008-4401 affects Adobe Flash Player 9.0.124.0 and earlier. The issue arises because ActionScript FileReference.browse() and FileReference.download() can be triggered without user interaction, enabling a remote SWF to cause a browse dialog to appear and potentially other impact. Connected adv...
Design/Logic Flaw
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008...
CVE-2008-3873
CVE-2008-3873 affects Adobe Flash Player (9.0.124.0 and earlier). The flaw allows a remote, unauthenticated attacker to populate the clipboard with a URL via System.setClipboard, potentially misleading users without interaction. In practice, a malicious SWF could push an attacker-controlled URL t...
CVE-2008-3873
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008...
VulnCheck KEV: CVE-2008-3873
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008...
On the SWF that famous vulnerability-vulnerability warning-the black bar safety net
Author: zodiacsoft Source: Swan paste&&crow sauce Toooooooooooooooooold That is, the CVE-2 0 0 7-0 0 7 1, The flash9x. ocx problems, version has been the impact to the 9. 0. 1 1 5 The. The vulnerability itself is very simple, Dowd's thinking in the direction without departing from the General...
Flash Player vulnerabilities of the new use of the method-vulnerability warning-the black bar safety net
Source: Phantom maillist Two days before the recommended Mark Dowd's Paper “Exploiting Flash Reliably” Learn a little, very good very powerful. For later Flash Player exploits has opened up a new new road. Simple to say, from Flash9 to start, to achieve an ActionScript Virtual Machine AVM, the...