979 matches found
Adobe Flash - Type Confusion in FileReference Constructor
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=799 There is a type confusion issue in the FileReference constructor. The constructor adds several properties to the constructed object before setting the type and data. If a watch...
CVE-2016-2195
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow...
CVE-2016-2195
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. The bigintmul and bigintsqr functions received the...
CVE-2016-2195
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow...
Bridge Constructor PG FREE - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Bridge Constructor PG FREE published at the 'play' market has multiple vulnerabilities...
Adobe Flash - URLStream.readObject Use-After-Free
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=611 There is a use-after-free in URLStream.readObject. If the object read is a registered class, the constructor will get invoked to create the object. If the constructor calls URLStream.close, the URLStream will get freed, and the...
Adobe Flash - URLStream.readObject Use-After-Free
Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=611 There is a use-after-free in URLStream.readObject. If the object read is a registered class, the constructor will get invoked to create the object. If the constructor calls...
Adobe Flash - SimpleButton Creation Type Confusion
Source: https://code.google.com/p/google-security-research/issues/detail?id=640 There is a type confusion vulnerability in the SimpleButton constructor. Flash stores an empty button to use to create buttons for optimization reasons. If this object is created using a SWF tag before it is created i...
Adobe Flash - SimpleButton Creation Type Confusion
Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=640 There is a type confusion vulnerability in the SimpleButton constructor. Flash stores an empty button to use to create buttons for optimization reasons. If this obje...
Adobe Flash - SimpleButton Creation Type Confusion
Adobe Flash - SimpleButton Creation Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=640 There is a type confusion vulnerability in the SimpleButton constructor. Flash stores an empty button to use to create buttons for optimization reasons. If this objec...
Adobe Flash - textfield Constructor Type Confusion
Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=701 There is a type confusion vulnerability in the TextField constructor in AS3. When a TextField is constructed, a generic backing object is created and reused when...
Adobe Flash - textfield Constructor Type Confusion
Adobe Flash - textfield Constructor Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=701 There is a type confusion vulnerability in the TextField constructor in AS3. When a TextField is constructed, a generic backing object is created and reused when...
Adobe Flash - textfield Constructor Type Confusion
Source: https://code.google.com/p/google-security-research/issues/detail?id=701 There is a type confusion vulnerability in the TextField constructor in AS3. When a TextField is constructed, a generic backing object is created and reused when subsequent TextField objects are created. However, if a...
Adobe Flash MovieClip.localToGlobal - Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=570 There is a use-after-free issue in MovieClip.localToGlobal. If the Number constructor is overwritten with a new constructor and MovieClip.localToGlobal is called with an integer parameter, the new constructor will get...
Adobe Flash MovieClip.attachMovie - Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=571 There is a use-after-free in MovieClip.attachMovie. If a string parameter has toString defined, a number parameter has valueOf defined or an object parameter has its constructor redefined, it can execute code and free...
Adobe Flash MovieClip.localToGlobal - Use-After-Free
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=570 There is a use-after-free issue in MovieClip.localToGlobal. If the Number constructor is overwritten with a new constructor and MovieClip.localToGlobal is called with...
Adobe Flash MovieClip.localToGlobal - Use-After-Free
Adobe Flash MovieClip.localToGlobal - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=570 There is a use-after-free issue in MovieClip.localToGlobal. If the Number constructor is overwritten with a new constructor and MovieClip.localToGlobal is called wi...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS attacks involving assignment on constructor properties. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. Th...
Pygments FontManager._get_nix_font_path Shell Injection Vulnerability
Pygments FontManager.getnixfontpath version 1.2.2-2.0.2 suffers from a shell injection vulnerability. Shell Injection in Pygments FontManager.getnixfontpath Product: Pygments Version: 1.2.2-2.0.2 497:fe62167596bb to 3693:655dbebddc23 Tue Nov 06 17:30:45 2007 +0000 to Aug 21, 2015. Website:...
Server: PHP arbitrary class instantiation in "files_external"
A user may instantiate arbitrary ownCloud classes due to a lack of a proper check of the mount point options provided by a user via the web front end. These may include constructor arguments and could potentially lead to a remote code execution. For more information please consult the official...