17 matches found
EUVD-2012-1913
Malware in sbrugna...
CVE-2012-1903
XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter...
SUSE CVE-2008-3872
Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations...
Design/Logic Flaw
XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter...
CVE-2012-1903
XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter...
ThinkSAAS存储型跨站
简要描述: ThinkSAAS存在存储型跨站,可攻击任意用户或盲打管理员,盗取用户cookie等等 详细说明: ThinkSAAS对文章内容过滤不严,导致存在存储型的Flash跨站。由于Flash文件可以执行任意脚本,利用此漏洞我们可以盗取任意用户包括管理员的cookie信息,或进行其它恶意攻击。 漏洞证明: 1、涉及版本:thinksaas2.2-beta 2、登录系统,在文章模块发布文章,在内容处选择插入视频并输入flash文件路径。 3、拦截请求,将标签的allowscriptaccess属性值改为always 4、其它用户登录系统,查看文章时,漏洞触发:...
KesionCMS存储型跨站(可打管理员)
简要描述: KesionCMS存在存储型跨站,触发概率很大,可打管理员。 详细说明: KesionCMS X1.0.141014存在存储型跨站,利用此漏洞,我们可以攻击任意用户和管理员,获取任意用户和管理员cookie信息,或进行其它恶意攻击。 漏洞证明: 1、登录系统--》会员中心--》文章--》发布,在文章内容处插入flash文件。 2、发布文章时,拦截请求,将allowscriptaccess的属性值改为always 3、其它用户浏览发布的文章时,漏洞触发: 4、使用Firebug查看页面源代码,允许执行swf文件内的as代码:...
Flash Player (Flash6.ocx) AllowScriptAccess DoS PoC
No description provided by source. !-- Title : Flash Player Flash6.ocx AllowScriptAccess DoS PoC Found By : DrIDE Tested on : Windows XPSP3 VM + IE7 COM Object ID : D27CDB6E-AE6D-11cf-96B8-444553540000 Shockwave Flash Object COM Object Filename : C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx File...
Flash Player - 'Flash6.ocx' AllowScriptAccess Denial of Service (PoC)
PARAM NAME="AllowScriptAccess"...
Discuz!/phpwind flash标签的xss
flash标签的xss在以前的是很流行的,以前只要随便一个调用外面的一个swf就ok了,现在的则都不可以直接使用调用外码的swf了,这个是因为一般都设置了allowScriptAccess12.比如dz的codz: dz60904\upload\forumdata\cache\cachebbcodes.php 同样出现在cacheviewthread.php cachepost.php cacheblog.php里 00017: 0 = 'marquee width="90%" behavior="alternate" scrollamount="3"\1/marquee', 00018...
CVE-2006-6827
Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service Internet Explorer 7 crash via a long string in the Flash8b.AllowScriptAccess method...
Adobe Flash Player allowScriptAccess protection bypass vulnerability
Overview A vulnerability in Adobe Flash Player may allow a remote attacker to bypass allowScriptAccess protection. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. According to Adobe: The...
CVE-2006-4640
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors...
CVE-2006-4640
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors...
CVE-2006-4640
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors...
linux-flashplugin7 -- arbitrary code execution vulnerabilities
Adobe reports: Multiple input validation errors have been identified in Flash Player 8.0.24.0 and earlier versions that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user?s web browser, ema...
ShockwaveFlash ActiveX buffer overflow
Stack overflow stack memory exhaustion on oversized hostname in AllowScriptAccess property ftp:// URL...