14 matches found
SUSE CVE-2007-6244
Multiple cross-site scripting XSS vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via 1 a SWF file that uses the asfunction: protocol or 2 the navigateToURL function when used with the Flash Player Activ...
Adobe Fixes Critical Flash Player Code Execution Flaws
Adobe has issued patches for critical vulnerabilities in Flash Player which, if exploited, could lead to arbitrary code execution. Overall, as part of its September Security Bulletin, Adobe patched three vulnerabilities, including two critical-severity flaws in Flash Player and one “important”...
Adobe Flash Player navigateToURL Same-Origin Policy Bypass Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the behavior of...
Internet Bug Bounty: Flash “local-with-filesystem” Bypass in navigateToURL
This issue has been patched by Adobe: https://helpx.adobe.com/security/products/flash-player/apsb16-25.html CVE-2016-4178 Flash “local-with-filesystem” policy can be bypassed using the “navigateToURL” function. It is not possible to target the local files using a Flash file in a website using...
Xorbin Analog Flash Clock 1.0 For Joomla XSS
==================================================================== Xorbin Analog Flash Clock 1.0 Extension for Joomla Flash-based XSS ==================================================================== Description: This plugin displays analog flash clock on your website. It's easy to use and...
Xorbin Analog Flash Clock 1.0 For WordPress XSS
==================================================================== Xorbin Analog Flash Clock 1.0 Plugin for Wordpress Flash-based XSS ==================================================================== Description: This plugin displays analog flash clock on your website. It's easy to use and...
CVE-2010-4396
Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying ...
RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is requires in that a target must navigate to a malicious page. The specific flaw exists within the HandleAction method of the RealPlayer ActiveX control...
Apache 2.2.6 mod_negotiation - HTML Injection HTTP Response Splitting
Apache 2.2.6 modnegotiation - HTML Injection HTTP Response Splitting source: https://www.securityfocus.com/bid/27409/info Apache 'modnegotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input befor...
Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting
source: https://www.securityfocus.com/bid/27409/info Apache 'modnegotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML o...
Adobe Flash Player ActiveX控件通用跨站脚本漏洞
Adobe Flash Player是一款流行的FLASH播放程序。 Adobe Flash Player包含的ActiveX控件处理navigateToURL API存在缺陷,远程攻击者可以利用漏洞进行跨站脚本攻击,可获得敏感信息或进行其他攻击。 navigateToURL API函数接收两个参数,URL和要浏览的帧名,SWF动画可在javascript: URI中传递而帧名可是其他域的帧名,这可导致URI执行在其他帧安全上下文中执行,攻击者可以构建恶意WEB页,诱使用户访问来触发。 RedHat Enterprise Linux Supplementary v.5 server...
CVE-2007-6244
Multiple cross-site scripting XSS vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via 1 a SWF file that uses the asfunction: protocol or 2 the navigateToURL function when used with the Flash Player Activ...
flash: XSS via asfunction protocol
Multiple cross-site scripting XSS vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via 1 a SWF file that uses the asfunction: protocol or 2 the navigateToURL function when used with the Flash Player Activ...
Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting
source: https://www.securityfocus.com/bid/26960/info The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability. An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain. This issue affects Adobe Flash Player 9.0.48.0,...