CVE-2011-2461
https://notcve.org/view.php?id=CVE-2011-2461
Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Flex SDK v3.x y v4.x anteriores a v4.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con la carga de módulos desde distintos dominios. • https://github.com/u-maxx/magento-swf-patched-CVE-2011-2461 http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html http://kb2.adobe.com/cps/915/cpsid_91544.html http://packetstormsecurity.com/files/131376/Magento-eCommerce-Vulnerable-Adobe-Flex-SDK.html http://secunia.com/advisories/47053 http://www.adobe.com/support/security/bulletins/apsb11-25.html https://threatpost. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-1879 – Adobe Flex SDK 3.x - 'index.template.html' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1879
Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.template.html en las plantillas express-install en el SDK de Adobe Flex en versiones anteriores a la 3.4, cuando la versión de Flash instalada es anterior a la especificada en el valor requiredMajorVersion, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante la cadena de petición. • https://www.exploit-db.com/exploits/33180 http://secunia.com/advisories/36374 http://securitytracker.com/id?1022748 http://www.adobe.com/support/security/bulletins/apsb09-13.html http://www.gdssecurity.com/l/b/2009/08/20/adobe-flex-3-3-sdk-dom-based-xss http://www.securityfocus.com/archive/1/505948/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/52608 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-3311
https://notcve.org/view.php?id=CVE-2006-3311
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. Desbordamiento de búfer en Adobe Flash Player 8.0.24.0 y anteriores, Flash Professional 8, Flash MX 2004, y Flex 1.5 permite a un atacante con la complicidad del usuario ejecutar código de su elección a través de una cadena grande y creada dinamicamente en una película SWF. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/21865 http://secunia.com/advisories/21901 http://secunia.com/advisories/22054 http://secunia.com/advisories/22187 http://secunia.com/advisories/22268 http://secunia.com/advisories/22882 http://security.gentoo.org/glsa/glsa-200610-02.xml http://securityreason.com/securityalert/1546 http://securitytracker.com/id?1016829 http://www.adobe.com/support/security/bulletins/apsb06-11.html •