CVSS: 9.1EPSS: 2%CPEs: 20EXPL: 0CVE-2008-4822 – Flash Player policy file interpretation flaw
https://notcve.org/view.php?id=CVE-2008-4822
10 Nov 2008 — Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy. Adobe Flash Player v9.0.124.0 y anteriores no interpretan de forma adecuada los ficheros de políticas, lo que permite a atacantes remotos saltarse la política de dominio “non-root” • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2008-4818 – Flash Player XSS
https://notcve.org/view.php?id=CVE-2008-4818
10 Nov 2008 — Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player v9.0.124.0 y versiones anteriores permite a atacantes remotos inyectar web script o HTML a través de vectores envueltos en cabeceras de respuesta HTTP. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2008-4820
https://notcve.org/view.php?id=CVE-2008-4820
10 Nov 2008 — Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en el control ActiveX de Flash Player en Adobe Flash Player v9.0.124.0 y anteriores para Windows; permite a los atacantes obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 20EXPL: 0CVE-2008-4823 – Flash Player HTML injection flaw
https://notcve.org/view.php?id=CVE-2008-4823
10 Nov 2008 — Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player v9.0.124.0 y versiones anteriores permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores relacionados con una interpretación perdida de un atributo ActionScript. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 20EXPL: 0CVE-2008-4819 – Flash Player DNS rebind attack
https://notcve.org/view.php?id=CVE-2008-4819
10 Nov 2008 — Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. Vulnerabilidad no específica en Adobe Flash Player v9.0.124.0 y anteriores, facilitan a atacantes remotos conducir ataques de revinvulación DNS, mediante vectores desconocidos. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html •
CVSS: 10.0EPSS: 2%CPEs: 20EXPL: 0CVE-2008-4401 – flash-plugin: upload/download user interaction
https://notcve.org/view.php?id=CVE-2008-4401
17 Oct 2008 — ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file. ActionScript en Adobe Flash Player 9.0.124.0 y anteriores no requiere interacción del usuario en conjunción con (1) la operación ... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 2CVE-2008-4546 – Adobe Flash Player 9/10 - SWF Version Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2008-4546
14 Oct 2008 — Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers. Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, y 10.0.12.10 permite a los servidores web remotos causar una denegación de servicio (referenc... • https://www.exploit-db.com/exploits/32452 • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 2%CPEs: 23EXPL: 0CVE-2008-4503 – Adobe Flash Player clickjacking
https://notcve.org/view.php?id=CVE-2008-4503
09 Oct 2008 — The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking." El Administrador de configuración en el Adobe Flash Player v9.0.124.0 y versiones anteriores permite a atacantes remotos que los usuarios hagan clic sin saberlo en unos controles que no se distinguen de los norma... • http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3872
https://notcve.org/view.php?id=CVE-2008-3872
06 Oct 2008 — Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations. En el programa Adobe Flash Player versión 8.0.39.0 y versiones anteriores, y versión 9.x hasta 9.0.115.0, hay una vulnerabilidad que permite a los atacantes remotos omitir la configuración del parámetro allowScriptAccess por medio de un archivo SWF creado con manipulaciones no especificadas de "Filt... • http://taviso.decsystem.org/research.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 95%CPEs: 2EXPL: 0CVE-2007-0071 – Adobe Flash DefineSceneAndFrameLabelData Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2007-0071
09 Apr 2008 — Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. El desbordamiento de enteros en Adobe Flash Player versión 9.0.115.0 y versiones anteriores, y versión 8.0.39.0 y versiones anteriores, permite que los atacantes remotos ejecuten código arbitrario por medio de ... • http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html • CWE-20: Improper Input Validation CWE-189: Numeric Errors •