184 matches found
Design/Logic Flaw
The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows attackers to obtain sensitive information vi...
Adobe Flash Player Security Bypass (APSB16-18: CVE-2016-4139)
When calling window location toString or comparing window location toString is called an attacker can return arbitrary values. An attacker can make the applet believe that it is embedded inside the hosting page, by overriding window location toString. Hence, an attacker can call any method that i...
The vulnerability of the Flash Player and Adobe Integrated Runtime software allows a perpetrator to execute arbitrary code.
The vulnerabilities of the Flash Player and Adobe Integrated Runtime programs are caused by an overflow in the dynamic memory buffer. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary code using a specially created XML object during a call to the toString method...
Adobe Flash TextField.type Setter - Use-After-Free
Adobe Flash TextField.type Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=577 There is a use-after-free in the TextField.type setter. If the type the field is set to is an object with toString defined, the toString function can free the field's...
Adobe Flash TextField.type Setter - Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=577 There is a use-after-free in the TextField.type setter. If the type the field is set to is an object with toString defined, the toString function can free the field's parent object, which is then used. A minimal PoC i...
Adobe Flash - TextField.Variable Setter Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=579 There is a use-after-free in the TextField.variable setter. If the variable name that is added is an object with toString defined, the toString function can free the field's parent object, which is then used. A minima...
Adobe Flash TextField.replaceSel - Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=585 There is a use-after-free in TextField.replaceSel. If the string parameter of the method is set to an object with toString defined, this method can delete the TextField's parent, leading to a use-after-free. A minimal...
Adobe Flash MovieClip.attachMovie - Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=571 There is a use-after-free in MovieClip.attachMovie. If a string parameter has toString defined, a number parameter has valueOf defined or an object parameter has its constructor redefined, it can execute code and free...
Adobe Flash TextField.type Setter - Use-After-Free
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=577 There is a use-after-free in the TextField.type setter. If the type the field is set to is an object with toString defined, the toString function can free the field's...
Adobe Flash TextField Variable - Use-After Free
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=583 If a TextField variable is set to a value with toString defined, and the TextField is updated, a use-after-free can occur if the toString method frees the TextField's...
Adobe Flash MovieClip.lineStyle - Use-After-Frees
Adobe Flash MovieClip.lineStyle - Use-After-Frees Source: https://code.google.com/p/google-security-research/issues/detail?id=558 There are a number of use-after-frees in MovieClip.lineStyle. If any of the String parameters are an object with toString defined, the toString method can delete the...
Adobe Flash TextField.gridFitType Setter - Use-After-Free
Adobe Flash TextField.gridFitType Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=559 There is a use-after-free in the TextField gridFitType setter. If it is set to an object with a toString method that frees the TextField, the property will be...
Adobe Flash GradientFill - Use-After-Frees
Adobe Flash GradientFill - Use-After-Frees Source: https://code.google.com/p/google-security-research/issues/detail?id=557 There are a number of use-after-free vulnerabilities in MovieClip.beginGradientFill. If the spreadMethod or any other string parameter is an object with toString defined, thi...
Adobe Flash TextField.gridFitType Setter - Use-After-Free
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=559 There is a use-after-free in the TextField gridFitType setter. If it is set to an object with a toString method that frees the TextField, the property will be written...
UBUNTU-CVE-2015-8438
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...
flash-plugin: multiple code execution issues fixed in APSB15-32
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...
OpenJDK: key data leak via toString() methods (Libraries, 8011071)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to...
OpenJDK: key data leak via toString() methods (Libraries, 8011071)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to...
OpenJDK: key data leak via toString() methods (Libraries, 8011071)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to...
OpenJDK: key data leak via toString() methods (Libraries, 8011071)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to...