19 matches found
CVE-2023-23464
Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure...
CVE-2023-23464
Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure...
CVE-2023-23464 Media CP Media Control Panel – Information Disclosure
Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure...
CVE-2023-23464 Media CP Media Control Panel – Information Disclosure
Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure...
MediaCP Media Control Panel 安全漏洞
MediaCP Media Control Panel is an innovative audio and video network control panel for streaming media service providers from MediaCP, Inc. A security vulnerability exists in MediaCP Media Control Panel that stems from a Permissive Flash cross-domain policy that could allow information disclosure...
CVE-2018-6014
Subsonic v6.1.3 has an insecure allow-access-from domain="" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to ste...
CVE-2018-6014
Subsonic v6.1.3 has an insecure allow-access-from domain="" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to ste...
CVE-2018-6014
Subsonic v6.1.3 has an insecure allow-access-from domain="" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to ste...
Subsonic v6.1.3 - Flash Cross-Domain Policy Vulnerability
Document Title: =============== Subsonic v6.1.3 - Flash Cross-Domain Policy Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2115 Video: https://www.youtube.com/watch?v=t3nYuhAHOMg http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6014...
Pornhub: [crossdomain.xml] Dangerous Flash Cross-Domain Policy
The researcher identified a permissive Flash cross-domain policy allowing access from any domain on a Pornhub-related property...
Revive Adserver Flash cross-domain attack vulnerability
Revive Adserver is an open source ad management system from the Revive Adserver team. A security vulnerability exists in the default Flash cross-domain policy of Revive Adserver versions prior to 3.2.2, which can be exploited by remote attackers to perform cross-domain attacks...
CVE-2015-7369
The default Flash cross-domain policy crossdomain.xml in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors...
Internet Bug Bounty: Flash Cross Domain Policy Bypass by Using File Upload and Redirection - only in Chrome
CVE-2015-0337: https://helpx.adobe.com/security/products/flash-player/apsb15-05.html + https://code.google.com/p/chromium/issues/detail?can=2&start=0&num=100&q=&groupby=&sort=&id=425280 ==VULNERABILITY DETAILS== It is possible to bypass Flash Cross Domain policy in Google Chrome to read other...
Server: Insecure Flash Cross Domain policies
Due to insecure Flash Cross Domain policies an attacker might gain access to stored files of the user. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
CVE-2014-2049
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors...
CVE-2014-2049
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors...
CVE-2014-2049
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors...
CVE-2014-2049
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors...
view-source: protocol
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...