EUVD-2018-17777

Malware in sbrugna...

ThinkPHP deserialization vulnerability

A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...

Cross site scripting

Subsonic v6.1.3 has an insecure allow-access-from domain="" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to ste...

CVE-2018-6014

Subsonic v6.1.3 has an insecure allow-access-from domain="" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to ste...

CVE-2018-6014

CVE-2018-6014 affects Subsonic v6.1.3, where an insecure Flash cross-domain policy (allow-access-from domain="*") can enable an attacker to retrieve sensitive user information via a read request. Exploitation requires convincing a user to visit a site containing a specially crafted SWF file to st...

CVE-2018-6014

Subsonic v6.1.3 has an insecure allow-access-from domain="" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to ste...

Subsonic v6.1.3 - Flash Cross-Domain Policy Vulnerability

Document Title: =============== Subsonic v6.1.3 - Flash Cross-Domain Policy Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2115 Video: https://www.youtube.com/watch?v=t3nYuhAHOMg http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6014...