Lucene search
K

27 matches found

Hacker One
Hacker One
added 2014/11/29 7:5 a.m.23 views

OkCupid: Rosetta flash vulnerability in clientstats AJAX script

An ajax script on the main okcupid.com domain allows an attacker to set an arbitrary callback function name, allowing exploitation of the Rosetta Flash vulnerability to steal any data from the victim's account. Note that the vulnerability exploits an issue with Flash which was fixed in 14.0.0.176...

6.8AI score
Exploits0
myhack58
myhack58
added 2014/07/14 12:0 a.m.14 views

Upload the file of trap II pure alphanumeric. swf is a vulnerability?- Vulnerability warning-the black bar safety net

0x00 background In a previous uploaded file trap , the author mentioned for flash cross-domain data hijacking,sometimes does not need us to upload a file. Because we can simply use the JSONP interface,the flash content is assigned to the callback to be used. Just like in the comments@Sogili...

7.2AI score
Exploits0
0day.today
0day.today
added 2014/07/13 12:0 a.m.44 views

Flash "Rosetta" JSONP GET/POST Response Disclosure Exploit

A website that serves a JSONP endpoint that accepts a custom alphanumeric callback of 1200 chars can be abused to serve an encoded swf payload that steals the contents of a same-domain URL. Flash 'Flash "Rosetta" JSONP GET/POST Response Disclosure', 'Description' = %q A website that serves a JSON...

6.8AI score0.23024EPSS
Exploits4
ThreatPost
ThreatPost
added 2014/07/11 1:7 p.m.8 views

Apple Updates OSX Blacklist Following Flash Vulnerability

Apple acknowledged on Thursday that it has updated its OSX plugin blacklist to reflect a critical vulnerability in Adobe Flash made public earlier this week. Going forward in Safari, Apple will block any versions of the mechanism prior to 14.0.0.145 and 13.0.0.231, on older systems. An advisory o...

0.9AI score
Exploits0References5
ThreatPost
ThreatPost
added 2014/07/08 1:27 p.m.18 views

July 2014 Adobe Flash Player patch

Popular websites such as Instagram, eBay, Tumblr and others using JSON with Padding or JSONP remain vulnerable to an exploit tool released today as a proof of concept against a vulnerability in Adobe Flash Player. Adobe today released an updated version of Flash that patches the vulnerability...

0.6AI score
Exploits0References3
Snyk
Snyk
added 2014/07/08 11:12 a.m.1 views

Cross-Site Request Forgery (CSRF)

Overview faye is a simple pub/sub messaging for the web. Affected versions of this package are vulnerable to Cross-Site Request Forgery CSRF. Rosetta Flash alphanum only swf converter can be used as a callback at a JSONP endpoint, and as a result, send data across domains. Remediation Upgrade fay...

7.4CVSS6.9AI score
Exploits0References2
ThreatPost
ThreatPost
added 2012/02/06 5:9 p.m.13 views

New Patch Issued to Fix Problems With OS X

Apple has issued a new patch for Mac OS X Snow Leopard to fix a problem that users were reporting with application-compaitibility with the original fix issued last week. The new patch is designed to alleviate problems with the Rosetta technology in Snow Leopard. The original version of the huge...

1.2AI score
Exploits0References6
Rows per page
Query Builder