Page 206 of 1042 results (0.008 seconds)

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. Vulnerabilidad de inyección CRLF en Adobe Flash Player plugin 9.0.16 y anteriores para Windows, 7.0.63 y anteriores para Linux, 7.x anterior a 7.0 r67 para Solaris y anterior a 9.0.28.0 para Mac OS X, permite a atacantes remotos modificar cabeceras HTTP de las peticiones del cliente y dirigir ataques de división de petición HTTP mediante secuencias CRLF en argumentos a las funciones ActionScript (1) XML.addRequestHeader y (2) XML.contentType. NOTA: la flexibilidad del ataque varía dependiendo del tipo de navegador web utilizado. • http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html http://secunia.com/advisories/22467 http://secunia.com/advisories/23324 http://secunia.com/advisories/23581 http://secunia.com/advisories/24479 http://secunia.com/advisories/25467 http://securityreason.com/securityalert/1737 http://securitytracker.com/id?1017078 http://sunsolve.sun.com&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 18%CPEs: 4EXPL: 0

Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. Vulnerabilidad no especificada en Adobe Flash Player anterior 9.0.16.0 permite a un atacante remoto con la complicidad del usuario puentear la protección de allowScriptAccess a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/21865 http://secunia.com/advisories/22054 http://secunia.com/advisories/22187 http://secunia.com/advisories/22882 http://www.adobe.com/support/security/bulletins/apsb06-11.html http://www.kb.cert.org/vuls/id/168372 http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html http://www.osvdb.org/28734 http://www.securityfocus.com/bid/19980 http://www.us& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.1EPSS: 79%CPEs: 4EXPL: 1

Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. Desbordamiento de búfer en Adobe Flash Player 8.0.24.0 y anteriores, Flash Professional 8, Flash MX 2004, y Flex 1.5 permite a un atacante con la complicidad del usuario ejecutar código de su elección a través de una cadena grande y creada dinamicamente en una película SWF. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/21865 http://secunia.com/advisories/21901 http://secunia.com/advisories/22054 http://secunia.com/advisories/22187 http://secunia.com/advisories/22268 http://secunia.com/advisories/22882 http://security.gentoo.org/glsa/glsa-200610-02.xml http://securityreason.com/securityalert/1546 http://securitytracker.com/id?1016829 http://www.adobe.com/support/security/bulletins/apsb06-11.html •

CVSS: 2.6EPSS: 19%CPEs: 1EXPL: 0

Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587. Vulnerabilidad no especificada en Adobe (Macromedia) Flash Player 8.0.24.0 permite a atacantes remotos provocar una denegación de servicio (caída del navegador) mediante un fichero .swf comprimido mal formado, un asunto diferente de CVE-2006-3587. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/21865 http://secunia.com/advisories/21901 http://secunia.com/advisories/22054 http://secunia.com/advisories/22187 http://secunia.com/advisories/22268 http://secunia.com/advisories/22882 http://security.gentoo.org/glsa/glsa-200610-02.xml http://securitytracker.com/id?1016449 http://securitytracker.com/id?1016829 http://www.adobe.com/support/security/bulletins/apsb06-11.html http&# •

CVSS: 5.1EPSS: 12%CPEs: 1EXPL: 0

Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors. Vulnerabilidad no especificada en Adobe (Macromedia) Flash Player 8.0.24.0 permite a atacantes remotos ejecutar comandos de su elección mediante un archivo .swf mal formado que resulta en "múltiples errores de acceso inapropiado a memoria". • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/20971 http://secunia.com/advisories/21865 http://secunia.com/advisories/21901 http://secunia.com/advisories/22054 http://secunia.com/advisories/22187 http://secunia.com/advisories/22268 http://secunia.com/advisories/22882 http://security.gentoo.org/glsa/glsa-200610-02.xml http://securitytracker.com/id?1016448 http://securitytracker.com/id?1016829 http://www.adobe.com/support •