Lucene search
K

19 matches found

OSV
OSV
added 2023/02/15 7:15 p.m.3 views

CVE-2023-23464

Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure...

7.5CVSS7.1AI score0.00482EPSS
Exploits0References1
NVD
NVD
added 2023/02/15 7:15 p.m.11 views

CVE-2023-23464

Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure...

8.1CVSS7.9AI score0.00482EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.5 views

CVE-2023-23464 Media CP Media Control Panel – Information Disclosure

Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure...

8.1CVSS6.6AI score0.00482EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.20 views

CVE-2023-23464 Media CP Media Control Panel – Information Disclosure

Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure...

8.1CVSS8.1AI score0.00482EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.5 views

MediaCP Media Control Panel 安全漏洞

MediaCP Media Control Panel is an innovative audio and video network control panel for streaming media service providers from MediaCP, Inc. A security vulnerability exists in MediaCP Media Control Panel that stems from a Permissive Flash cross-domain policy that could allow information disclosure...

8.1CVSS7.3AI score0.00482EPSS
Exploits0References2
NVD
NVD
added 2018/01/23 12:29 a.m.13 views

CVE-2018-6014

Subsonic v6.1.3 has an insecure allow-access-from domain="" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to ste...

6.5CVSS6.3AI score0.01268EPSS
Exploits3References2
OSV
OSV
added 2018/01/23 12:29 a.m.7 views

CVE-2018-6014

Subsonic v6.1.3 has an insecure allow-access-from domain="" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to ste...

6.5CVSS5.5AI score0.01268EPSS
Exploits3References2
Cvelist
Cvelist
added 2018/01/23 12:0 a.m.19 views

CVE-2018-6014

Subsonic v6.1.3 has an insecure allow-access-from domain="" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to ste...

6.2AI score0.01268EPSS
Exploits3References2
Vulnerability Lab
Vulnerability Lab
added 2018/01/21 12:0 a.m.42 views

Subsonic v6.1.3 - Flash Cross-Domain Policy Vulnerability

Document Title: =============== Subsonic v6.1.3 - Flash Cross-Domain Policy Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2115 Video: https://www.youtube.com/watch?v=t3nYuhAHOMg http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6014...

6.5CVSS6.6AI score0.01268EPSS
Exploits3
Hacker One
Hacker One
added 2015/12/16 8:5 p.m.60 views

Pornhub: [crossdomain.xml] Dangerous Flash Cross-Domain Policy

The researcher identified a permissive Flash cross-domain policy allowing access from any domain on a Pornhub-related property...

2.4AI score
Exploits0
CNVD
CNVD
added 2015/10/16 12:0 a.m.4 views

Revive Adserver Flash cross-domain attack vulnerability

Revive Adserver is an open source ad management system from the Revive Adserver team. A security vulnerability exists in the default Flash cross-domain policy of Revive Adserver versions prior to 3.2.2, which can be exploited by remote attackers to perform cross-domain attacks...

7.5CVSS6.9AI score0.0325EPSS
Exploits1References1
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.21 views

CVE-2015-7369

The default Flash cross-domain policy crossdomain.xml in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors...

6.5AI score0.0325EPSS
Exploits1References4
Hacker One
Hacker One
added 2015/03/12 11:35 p.m.152 views

Internet Bug Bounty: Flash Cross Domain Policy Bypass by Using File Upload and Redirection - only in Chrome

CVE-2015-0337: https://helpx.adobe.com/security/products/flash-player/apsb15-05.html + https://code.google.com/p/chromium/issues/detail?can=2&start=0&num=100&q=&groupby=&sort=&id=425280 ==VULNERABILITY DETAILS== It is possible to bypass Flash Cross Domain policy in Google Chrome to read other...

5CVSS6.2AI score0.0442EPSS
Exploits0
OwnCloud
OwnCloud
added 2014/07/03 2:0 a.m.56 views

Server: Insecure Flash Cross Domain policies

Due to insecure Flash Cross Domain policies an attacker might gain access to stored files of the user. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

6.8CVSS6.2AI score0.0129EPSS
Exploits0Affected Software1
NVD
NVD
added 2014/03/14 4:55 p.m.21 views

CVE-2014-2049

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors...

5CVSS6.6AI score0.01266EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2014/03/14 4:55 p.m.27 views

CVE-2014-2049

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors...

5CVSS5.9AI score0.01266EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2014/03/14 4:55 p.m.2 views

CVE-2014-2049

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors...

5CVSS5.6AI score0.01266EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/03/14 4:0 p.m.29 views

CVE-2014-2049

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors...

6.6AI score0.01266EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2009/04/22 1:40 a.m.6 views

view-source: protocol

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...

6.8CVSS7.5AI score0.02183EPSS
Exploits0References4
Rows per page
Query Builder