Page 188 of 944 results (0.011 seconds)

CVSS: 9.3EPSS: 96%CPEs: 9EXPL: 1

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative. El desbordamiento de enteros en Adobe Flash Player versiones 9.0.45.0 y anteriores, podría permitir a los atacantes remotos ejecutar código arbitrario por medio de un valor de longitud grande para un (1) cadena larga o (2) tipo de variable XML en un archivo creado (a) FLV o (b) SWF, relacionado con un "input validation error" incluyendo una comparación firmada de valores que se supone que no son negativos • https://www.exploit-db.com/exploits/30288 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://osvdb.org/38054 http://secunia.com/advisories/26027 http://secunia.com/advisories/26057 http://secunia.com/advisories/26118 http://secunia.com/advisories/26357 http://secunia.com/advisories/27643 http://secunia.com/advisories/28068 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1 h • CWE-20: Improper Input Validation CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. Una vulnerabilidad de inyección SQL en el archivo inferno.php en el Inferno Technologies RPG Inferno versión 2.4 y anteriores, un módulo vBulletin, permite a atacantes autenticados remotos ejecutar comandos SQL arbitrarios por medio del parámetro id en una acción ScanMember do. • http://secunia.com/advisories/26027 http://secunia.com/advisories/26118 http://secunia.com/advisories/26357 http://secunia.com/advisories/28068 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1 http://www.adobe.com/support/security/bulletins/apsb07-12.html http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml http://www.kb.cert.org/vuls/id/138457 http://www.novell.com/linux/ • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. Vulnerabilidad de inyección CRLF en Adobe Flash Player plugin 9.0.16 y anteriores para Windows, 7.0.63 y anteriores para Linux, 7.x anterior a 7.0 r67 para Solaris y anterior a 9.0.28.0 para Mac OS X, permite a atacantes remotos modificar cabeceras HTTP de las peticiones del cliente y dirigir ataques de división de petición HTTP mediante secuencias CRLF en argumentos a las funciones ActionScript (1) XML.addRequestHeader y (2) XML.contentType. NOTA: la flexibilidad del ataque varía dependiendo del tipo de navegador web utilizado. • http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html http://secunia.com/advisories/22467 http://secunia.com/advisories/23324 http://secunia.com/advisories/23581 http://secunia.com/advisories/24479 http://secunia.com/advisories/25467 http://securityreason.com/securityalert/1737 http://securitytracker.com/id?1017078 http://sunsolve.sun.com&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 18%CPEs: 4EXPL: 0

Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. Vulnerabilidad no especificada en Adobe Flash Player anterior 9.0.16.0 permite a un atacante remoto con la complicidad del usuario puentear la protección de allowScriptAccess a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/21865 http://secunia.com/advisories/22054 http://secunia.com/advisories/22187 http://secunia.com/advisories/22882 http://www.adobe.com/support/security/bulletins/apsb06-11.html http://www.kb.cert.org/vuls/id/168372 http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html http://www.osvdb.org/28734 http://www.securityfocus.com/bid/19980 http://www.us& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.1EPSS: 79%CPEs: 4EXPL: 1

Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. Desbordamiento de búfer en Adobe Flash Player 8.0.24.0 y anteriores, Flash Professional 8, Flash MX 2004, y Flex 1.5 permite a un atacante con la complicidad del usuario ejecutar código de su elección a través de una cadena grande y creada dinamicamente en una película SWF. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/21865 http://secunia.com/advisories/21901 http://secunia.com/advisories/22054 http://secunia.com/advisories/22187 http://secunia.com/advisories/22268 http://secunia.com/advisories/22882 http://security.gentoo.org/glsa/glsa-200610-02.xml http://securityreason.com/securityalert/1546 http://securitytracker.com/id?1016829 http://www.adobe.com/support/security/bulletins/apsb06-11.html •