Lucene search
K

14 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.4 views

SUSE CVE-2007-6244

Multiple cross-site scripting XSS vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via 1 a SWF file that uses the asfunction: protocol or 2 the navigateToURL function when used with the Flash Player Activ...

4.3CVSS5.9AI score0.12931EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2019/09/10 6:3 p.m.66 views

Adobe Fixes Critical Flash Player Code Execution Flaws

Adobe has issued patches for critical vulnerabilities in Flash Player which, if exploited, could lead to arbitrary code execution. Overall, as part of its September Security Bulletin, Adobe patched three vulnerabilities, including two critical-severity flaws in Flash Player and one “important”...

10CVSS8.8AI score0.06054EPSS
Exploits0References12
Zero Day Initiative
Zero Day Initiative
added 2019/09/10 12:0 a.m.32 views

Adobe Flash Player navigateToURL Same-Origin Policy Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the behavior of...

8.8CVSS3AI score0.0453EPSS
Exploits0References1
Hacker One
Hacker One
added 2016/07/12 7:56 p.m.24 views

Internet Bug Bounty: Flash “local-with-filesystem” Bypass in navigateToURL

This issue has been patched by Adobe: https://helpx.adobe.com/security/products/flash-player/apsb16-25.html CVE-2016-4178 Flash “local-with-filesystem” policy can be bypassed using the “navigateToURL” function. It is not possible to target the local files using a Flash file in a website using...

4.3CVSS6.5AI score0.03185EPSS
Exploits0
Packet Storm
Packet Storm
added 2013/06/30 12:0 a.m.78 views

Xorbin Analog Flash Clock 1.0 For Joomla XSS

==================================================================== Xorbin Analog Flash Clock 1.0 Extension for Joomla Flash-based XSS ==================================================================== Description: This plugin displays analog flash clock on your website. It's easy to use and...

4.1CVSS0.3AI score0.0245EPSS
Exploits3
Packet Storm
Packet Storm
added 2013/06/30 12:0 a.m.56 views

Xorbin Analog Flash Clock 1.0 For WordPress XSS

==================================================================== Xorbin Analog Flash Clock 1.0 Plugin for Wordpress Flash-based XSS ==================================================================== Description: This plugin displays analog flash clock on your website. It's easy to use and...

4.1CVSS0.6AI score0.0245EPSS
Exploits3
NVD
NVD
added 2010/12/14 4:0 p.m.19 views

CVE-2010-4396

Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying ...

4.3CVSS5.9AI score0.01157EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2010/12/10 12:0 a.m.33 views

RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is requires in that a target must navigate to a malicious page. The specific flaw exists within the HandleAction method of the RealPlayer ActiveX control...

9CVSS7.4AI score0.01157EPSS
Exploits0References1
exploitpack
exploitpack
added 2008/01/22 12:0 a.m.26 views

Apache 2.2.6 mod_negotiation - HTML Injection HTTP Response Splitting

Apache 2.2.6 modnegotiation - HTML Injection HTTP Response Splitting source: https://www.securityfocus.com/bid/27409/info Apache 'modnegotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input befor...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2008/01/22 12:0 a.m.207 views

Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting

source: https://www.securityfocus.com/bid/27409/info Apache 'modnegotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML o...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/12/21 12:0 a.m.59 views

Adobe Flash Player ActiveX控件通用跨站脚本漏洞

Adobe Flash Player是一款流行的FLASH播放程序。 Adobe Flash Player包含的ActiveX控件处理navigateToURL API存在缺陷,远程攻击者可以利用漏洞进行跨站脚本攻击,可获得敏感信息或进行其他攻击。 navigateToURL API函数接收两个参数,URL和要浏览的帧名,SWF动画可在javascript: URI中传递而帧名可是其他域的帧名,这可导致URI执行在其他帧安全上下文中执行,攻击者可以构建恶意WEB页,诱使用户访问来触发。 RedHat Enterprise Linux Supplementary v.5 server...

4.3CVSS0.2AI score0.12931EPSS
Exploits1
NVD
NVD
added 2007/12/20 1:46 a.m.22 views

CVE-2007-6244

Multiple cross-site scripting XSS vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via 1 a SWF file that uses the asfunction: protocol or 2 the navigateToURL function when used with the Flash Player Activ...

4.3CVSS5.6AI score0.12931EPSS
Exploits1References22
RedHat Linux
RedHat Linux
added 2007/12/18 11:52 p.m.6 views

flash: XSS via asfunction protocol

Multiple cross-site scripting XSS vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via 1 a SWF file that uses the asfunction: protocol or 2 the navigateToURL function when used with the Flash Player Activ...

4.3CVSS5.8AI score0.12931EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2007/12/18 12:0 a.m.33 views

Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting

source: https://www.securityfocus.com/bid/26960/info The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability. An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain. This issue affects Adobe Flash Player 9.0.48.0,...

7.4AI score
Exploits0
Rows per page
Query Builder