437 matches found
CVE-2022-25793
A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This...
CVE-2022-25793
A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This...
Stack overflow
A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This...
PT-2022-17521 · Autodesk · Autodesk 3Ds Max
Name of the Vulnerable Software and Affected Versions: Autodesk 3ds Max versions 2020 through 2022 Description: A stack-based buffer overflow issue may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-base...
jplayer Cross Site Scripting vulnerability
Multiple cross-site scripting XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 jQuery or 2 id parameters, a different vulnerability than CVE-2013-1942 and...
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service DoS...
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service DoS...
CVE-2022-25794
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in...
CVE-2022-25794
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in...
Design/Logic Flaw
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in...
PT-2022-17522 · Autodesk · Autodesk Fbx Review
Name of the Vulnerable Software and Affected Versions: Autodesk FBX Review versions 1.5.2 and prior Description: An Out-Of-Bounds Read issue may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code ABC files. These ABC files, created by the Flash...
Adobe Flash Player Use-After-Free Vulnerability
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution...
Adobe Flash Player PSDK Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Adobe Flash Player navigateToURL Same-Origin Policy Bypass Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the behavior of...
Adobe Flash Player LocalConnection Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Adobe Flash Player PSDK Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...
Adobe Flash Player Filter Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Flash Player ActionScript Vector Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Google Chrome < 61.0.3163.79 Multiple Vulnerabilities
Binary data 700345.pasl...
How in the JSON endpoint on the use of CSRF vulnerabilities-vulnerability warning-the black bar safety net
! (CSRF + Flash + HTTP 307)=don't say you have“dead”! If you want to go through a third-party attacker control of the server in the JSON endpoint using a CSRF vulnerability, I give you recommend one called json-flash-csrf-poc GitHub project【download】 it. Background story In a recent penetration...