54 matches found
CVE-2021-23566
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...
CVE-2021-23566
CVE-2021-23566 affects nanoid versions 3.0.0 through before 3.1.31, where Information Exposure is possible via valueOf(), allowing reproduction of the last generated ID. Root cause is an information disclosure in valueOf(). Remediation: upgrade to nanoid 3.1.31 or later (the fixed version). Note:...
CVE-2021-23566
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...
PT-2022-9413 · Nanoid · Nanoid
Name of the Vulnerable Software and Affected Versions: nanoid versions 3.0.0 through 3.1.30 Description: The issue allows for Information Exposure via the valueOf function, enabling the reproduction of the last generated id. Recommendations: For nanoid versions 3.0.0 through 3.1.30, update to...
nanoid 代码问题漏洞
nanoid is a small, secure, URL-friendly, unique string ID generator for JavaScript. nanoid is vulnerable, stemming from nanoid's vulnerability to information exposure via the valueOf function, which allows the last generated id to be reproduced. no details of the vulnerability are currently...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated. PoC javascript import nanoid from 'nanoid'; const makeProxyNumberToReproducePreviousID = = let step = 0; return valueOf // // if !pool ||...
Cross-site Scripting (XSS)
Mozilla Firefox and Thunderbird is vulnerable to cross-site scripting XSS. The use of valueOf method to shadow the location object window.location is not prevented, allowing for remote attackers to inject arbitrary Javascript into a victim's web browser via a malicious plugin...
Microsoft Edge: Use-after-free in TypedArray.sort(CVE-2016-7288)
There is a use-after-free in the TypedArray. sort. In TypedArrayCompareElementsHelper https://chromium.googlesource.com/external/github.com/Microsoft/ChakraCore/+/TimeTravelDebugging/lib/Runtime/Library/TypedArray.cpp, the comparison function is called with the following code: Var retVal =...
Adobe Flash TextField.thickness Setter - Use-After-Free
Adobe Flash TextField.thickness Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=587 There is a use-after-free in the TextField thickness setter. If the thickness parameter is an object with valueOf set to a function which frees the TextField...
Adobe Flash TextField.tabIndex Setter - Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=574 There is a use-after-free in the TextField.tabIndex setter. If the integer parameter is an object with valueOf defined, then it can free the TextField's parent, leading to a use-after-free. A minimal PoC follows: var...
Adobe Flash MovieClip.attachMovie - Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=571 There is a use-after-free in MovieClip.attachMovie. If a string parameter has toString defined, a number parameter has valueOf defined or an object parameter has its constructor redefined, it can execute code and free...
Adobe Flash Selection.SetSelection - Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=590 There is a use-after-free in Selection.SetSelection. If it is called with a number parameter, which is an object with valueOf defined, and this function frees the parent of the TextField parameter, the object is used...
Adobe Flash MovieClip.startDrag - Use-After-Free
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=592 There is a use-after-free in MovieClip.startDrag. If a parameter an object with valueOf defined, this method can free the MovieClip, which is then used. A minimal POC...
Adobe Flash TextField.tabIndex Setter - Use-After-Free
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=574 There is a use-after-free in the TextField.tabIndex setter. If the integer parameter is an object with valueOf defined, then it can free the TextField's parent, leadi...
lib32-flashplugin: arbitrary code execution
CVE-2015-5122 arbitrary code execution Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content that leverages improper handling of...
PT-2015-1512 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 11.x through 11.2.202.481 Adobe Flash Player versions 12.x through 18.0.0.204 Adobe Flash Player versions 13.x through 13.0.0.302 Adobe Flash Player versions 14.x through 18.0.0.203 Description: The issue is relate...
Adobe Flash Player ActionScript 3 Memory Misreference Vulnerability
Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A memory misreference vulnerability exists in the 'ByteArray' class in the ActionScript 3 AS3 implementation of...
Design/Logic Flaw
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...
UBUNTU-CVE-2015-5119
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2015-5119
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...