13 matches found
CVE-2019-0612
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'...
Security feature bypass
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'...
CVE-2019-0612
CVE-2019-0612 is a security feature bypass in Microsoft Edge where Click2Play protection improperly handles Flash objects. The bypass does not by itself enable arbitrary code execution, but can undermine the protection mechanism. Affected product: Microsoft Edge on Windows; vulnerable component: ...
Microsoft Edge Security Bypass Vulnerability (CNVD-2019-07241)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security bypass vulnerability exists in Microsoft Edge that stems from the Click2Play protection feature incorrectly handling flash objects. An attacker could use this vulnerability to...
Microsoft Edge Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the bypass vulnerability in conjunction with another...
D-Link DCS Series Cameras Insecure Crossdomain.xml
Exploit Title: Insecure CrossDomain.XML in D-Link DCS Series Cameras Date: 22/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://us.dlink.com/product-category/home-solutions/view/network-cameras/ Version: Tested on DCS-933L with firmware version 1.03. Other...
Cross site request forgery (csrf)
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to , thus accepting requests from any domain. If a...
oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging
oletools is a package of python tools to analyze Microsoft OLE2 files also called Structured Storage, Compound File Binary Format or Compound Document File Format, such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on the...
Harvest: Stored XSS on invoice, executing on any subdomain
Summary ----------- There is a stored XSS vulnerability, which can execute on any subdomain as the vulnerability lies in an invoice. You are filtering HTML and js, but you neglect to filter out Flash objects, which can execute javascript. Steps to reproduce ------------- 1. Create an invoice and...
Mozilla Firefox Hijacking Attack Vulnerability
Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. A hijacking attack vulnerability exists in versions of Mozilla Firefox prior to 37.0, which can be exploited by remote attackers to construct malicious HTML pages, trick users into...
Scriptable plugin execution in SeaMonkey mail — Mozilla
Security researcher Georgi Guninski reported that scriptable plugin content, such as Flash objects, could be loaded and executed in SeaMonkey mail messages by embedding the content in an iframe inside the message. If a user were to reply to or forward such a message, malicious JavaScript embedded...
flash plug-horse technology-vulnerability warning-the black bar safety net
Recently in a foreign country on the website to see an article about Backdooring Flash Objects the walkthroughof the article, the translation test a bit First class Backdoor function Backdoor static function mainmc getURL"javascript:alert'hello from backdoor'"; As the initial script, written in...
Microsoft Office 2003 - Embedded Shockwave Flash Object Security Bypass
source: https://www.securityfocus.com/bid/18583/info Microsoft Office is prone to a weakness that may allow remote attackers to execute arbitrary script code contained in Shockwave Flash Objects without first requiring confirmation from users. A successful attack may allow attackers to access...