30 matches found
Adobe Flash Player Code Execution Vulnerability
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content...
CVE-2023-6254
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...
CVE-2023-6254
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...
Security feature bypass
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...
X (Formerly Twitter): [Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME
Hi, The following endpoints are exposed to reflected cross-site scripting by way of a vulnerable "plupload.flash.swf" component on WordPress. A comprehensive explanation of this vulnerability can be found on resolved report 134738: WordPress is vulnerable against a Same-Origin Method Execution SO...
Adobe Flash ExternalInterface addCallback Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ExternalInterface's...
Pornhub: Same-Origin Method Execution bug in plupload.flash.swf on /insights
The researcher discovered a Same-Origin Method Execution SOME vulnerability on Pornhub's Insights blog. An insecure URL sanitization process was performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars in case they have been set GET parameters but fails to do so...
Automattic: WordPress SOME bug in plupload.flash.swf leading to RCE
Intro == WordPress is vulnerable against a Same-Origin Method Execution SOME vulnerability that stems from an insecure URL sanitization problem performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they have been set GET parameters but fails to do s...
Automattic: WordPress Flash XSS in *flashmediaelement.swf*
Intro == WordPress is vulnerable against a reflected XSS that stems from an insecure URL sanitization problem performed in the file flashmediaelement.swf. The code in the file attempts to remove flashVars ¹ in case they have been set GET parameters but fails to do so, enabling XSS via...
phpwind 9.0 /res/js/dev/util_libs/jPlayer/Jplayer.swf 跨站脚本漏洞
1、漏洞文件为:http://www.phpwind.net/res/js/dev/utillibs/jPlayer/Jplayer.swf2、反编译后看代码:this.jQuery = loaderInfo.parameters.jQuery + "'" + loaderInfo.parameters.id + "'.jPlayer"; …… private function initarg1:TimerEvent:void this.myInitTimer.stop; if ExternalInterface.available ……...
xss by swf file
In confluence comment module user can embed swf file in their comment, confluence are using a atltoken parameter on GET HTTP request, if the attacker send the link of .swf file the value of src on embed tag to his victim the malicious .SWF won't execute on the victim's browser . We can bypass thi...
KesionCMS存储型跨站(可打管理员)
简要描述: KesionCMS存在存储型跨站,触发概率很大,可打管理员。 详细说明: KesionCMS X1.0.141014存在存储型跨站,利用此漏洞,我们可以攻击任意用户和管理员,获取任意用户和管理员cookie信息,或进行其它恶意攻击。 漏洞证明: 1、登录系统--》会员中心--》文章--》发布,在文章内容处插入flash文件。 2、发布文章时,拦截请求,将allowscriptaccess的属性值改为always 3、其它用户浏览发布的文章时,漏洞触发: 4、使用Firebug查看页面源代码,允许执行swf文件内的as代码:...
X (Formerly Twitter): XSS platform.twitter.com | video-js metadata
https://platform.twitter.com/video/video-js.1e43b81a2f30220a16fd493aaf072451.swf VideoJS does not escape metadata passed to JavaScript via ExternalInterface. Since VideoJS does not load a required policy file to read metadata from mp3s loaded from an external server via http we need to use rtmp...
Turbomail邮件系统正文持久型XSS漏洞
简要描述: 邮件系统对邮件内容过滤不严格,导致存储型跨站。 详细说明: 1、TurboMail邮件系统对邮件内容过滤不严格,导致存储型FLASH跨站,打开邮件即可触发漏洞,由于FLASH文件可以执行javascript代码,所以我们可以利用此漏洞进行盗取用户信息、用户邮件、钓鱼、修改用户设置、转发邮件等操作。 涉及版本v5.2.0 漏洞证明: TurboMail下载地址:http://www.turbomail.org/download.html 测试浏览器:Firefox29.0.1、Chrome33.0.1750.149 m 1、写邮件,使用代理对请求进行拦截,本次使用burp...
VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)
VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime that delivers viewing of...
Automattic: https://polldaddy.com storage.swf XSS
Hi, I found a flash based XSS located here : https://polldaddy.com/swf/storage.swf?onload=alert1 It happends in the ExternalInterface.Call Function, when a parameter is inserted unfiltered it will allow XSS, you can patch it by only allowing : A-Z a-z 0-9 Best regards, Olivier Beg...
(Pwn2Own) Adobe Flash ExternalInterface Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
DEBIAN-CVE-2012-3414
Cross-site scripting XSS vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the...
Adobe Flash Player Multiple Vulnerabilities -01 March13 (Windows)
This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbadobeflashplayermultvuln01mar13win.nasl 8178 2017-12-19 13:42:38Z cfischer $ Adobe Flash Player Multiple Vulnerabilities -01 March13 Windows Authors: Arun Kallavi Copyright:...
Adobe Flash Player Multiple Vulnerabilities -01 March13 (Mac OS X)
This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbadobeflashplayermultvuln01mar13macosx.nasl 6079 2017-05-08 09:03:33Z teissa $ Adobe Flash Player Multiple Vulnerabilities -01 March13 Mac OS X Authors: Arun Kallavi Copyright...