Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS

his Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...

GHSA-JQ9Q-6P42-QPR7 Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS

his Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...

Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS

This Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...

GHSA-8C85-4RR5-CHR4 Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS

This Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...

Mail.ru: Cross site scripting vulnerability in JW Player SWF

Flash-based XSS in aw-xbox.my.com...

Oracle Application Express AnyChart Flash-Based Cross Site Scripting Vulnerability

Oracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the "externalobjid" GET parameter is not properly sanitized before being passed to the...

CVE-2017-4928

The flash-based vSphere Web Client 6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers toward...

CVE-2017-4928

CVE-2017-4928 affects the Flash-based vSphere Web Client (not the HTML5 client). The issue stems from improper neutralization of URLs, enabling SSRF and CRLF injection that could allow an attacker to send a crafted POST request towards internal services and disclose information. Affected VMware p...

Authentication Bypass Vulnerability in the Background of FLASH Website Management System of Unicom

CFCMS is a self-service website building platform with full Flash as its core. Authentication bypass vulnerability exists in the background of CFCMS. The vulnerability exists in /xmlEditor/chkuser.asp, which can be exploited by attackers to bypass the background login authentication and launch...

hbl.com XSS vulnerability

Vulnerable URL: http://hbl.com/Style%20Library/assets/HBL/MediaPlayer/MediaElementPLayer/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| Yes, at 22.06.2017 Latest check for patch:| 22.06.2017 22:05 GMT Vulnerability type:| XSS Vulnerability...

wimkite.com XSS vulnerability

Vulnerable URL: http://www.wimkite.com/flashdetection88e0.swf?flashContentURL=javascript:alert/XSSPOSED/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...

Xorbin Analog Flash Clock 1.0 - Flash-based XSS

The Xorbin Analog Flash Clock WordPress plugin was affected by a Flash-based XSS security vulnerability...

Xorbin Digital Flash Clock 1.0 - Flash-based XSS

The xorbin-digital-flash-clock WordPress plugin was affected by a Flash-based XSS security vulnerability...

Cloudflare: Flash-based XSS in cdnjs.cloudflare.com subdomain

Hi, There's a Flash-based XSS on cdnjs.cloudflare.com. Proof-of-Concept: 1.Click on the link: https://cdnjs.cloudflare.com/ajax/libs/zeroclipboard/1.0.8/ZeroClipboard.swf?id=%22catcheif!self.aself.a=!alertdocument.domain//&width&height 2.You shall see a Javascript alertfunction executing in...

Xorbin Analog Flash Clock 1.0 For Joomla XSS

==================================================================== Xorbin Analog Flash Clock 1.0 Extension for Joomla Flash-based XSS ==================================================================== Description: This plugin displays analog flash clock on your website. It's easy to use and...

FreeBSD : Joomla! -- XXS and DDoS vulnerabilities (57df803e-af34-11e2-8d62-6cf0490a8c18)

The JSST and the Joomla! Security Center report : 20130405 - Core - XSS Vulnerability Inadequate filtering leads to XSS vulnerability in Voting plugin. 20130403 - Core - XSS Vulnerability Inadequate filtering allows possibility of XSS exploit in some circumstances. 20130402 - Core - Information...

Joomla! -- XXS and DDoS vulnerabilities

The JSST and the Joomla! Security Center report: 20130405 - Core - XSS Vulnerability Inadequate filtering leads to XSS vulnerability in Voting plugin. 20130403 - Core - XSS Vulnerability Inadequate filtering allows possibility of XSS exploit in some circumstances. 20130402 - Core - Information...

Preemptive Protection against Adobe Flash Media Server Directory Traversal Vulnerability (APSB09-18)

A directory traversal vulnerability has been discovered in Adobe Flash Media Server FMS. Flash Media Server FMS is an application server for Flash-based applications. This vulnerability allows a hacker to access normally-inaccessible files and directories through a specially-created HTTP request...

Mandriva Update for gnome-vfs2 MDKA-2007:060 (gnome-vfs2)

Check for the Version of gnome-vfs2 OpenVAS Vulnerability Test Mandriva Update for gnome-vfs2 MDKA-2007:060 gnome-vfs2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

Mandriva Update for gnome-vfs2 MDKA-2007:060 (gnome-vfs2)

Check for the Version of gnome-vfs2 OpenVAS Vulnerability Test Mandriva Update for gnome-vfs2 MDKA-2007:060 gnome-vfs2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...