7 matches found
Nextcloud: SSRF via potential filter bypass with too lax local domain checking
Summary: Hi. Reviewing the code for filtering for ssrf, in preventLocalAddress, we can see that it calls the function ThrowIfLocalAddress. It has three common checks, first, it checks if the string is localhost, or if it ends in .local or .localhost php // Disallow localhost and local network if...
CVE-2022-31027
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...
Adobe Flash Player URL Security Domain Checking Code Execution (APSB12-07; CVE-2012-0772)
A memory corruption vulnerability has been reported in Adobe Flash Player...
Flash Player <= 10.3.183.16 / 11.1.102.63 Multiple Memory Corruption Vulnerabilities (APSB12-07)
According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.16 or 11.x equal to or earlier than 11.1.102.63. It is, therefore, reportedly affected by several critical memory corruption vulnerabilities : - Memory corruption...
Adobe AIR 3.x <= 3.1.0.4880 Multiple Memory Corruption Vulnerabilities (APSB12-07)
According to its version, the instance of Adobe AIR 3.x on the remote Windows host is 3.1.0.4880 or earlier and is reportedly affected by several critical memory corruption vulnerabilities : - Memory corruption vulnerabilities related to URL security domain checking. CVE-2012-0772 - A flaw in the...
Memory corruption
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service memory corruption via...
CVE-2012-0772
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service memory corruption via...