CVSS: 9.3EPSS: 61%CPEs: 2EXPL: 0CVE-2008-4824
https://notcve.org/view.php?id=CVE-2008-4824
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors." Múltiples vulnerabilidades no especificadas en Adobe Flash Player 10.x versiones anteriores a v10.0.12.36 y 9.x versiones anteriores a v9.0.151.0 • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://osvdb.org/49958 http://secunia.com/advisories/32702 http://secunia.com/advisories/32772 http://secunia.com/advisories/33179 http://secunia.com/advisories/33390 http://secunia.com/advisories/34226 http://security.gentoo.org/glsa/glsa-200903-23.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.apple.com/kb/HT3338 http://support.avaya.com/elmodocs2/sec • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2008-4818 – Flash Player XSS
https://notcve.org/view.php?id=CVE-2008-4818
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player v9.0.124.0 y versiones anteriores permite a atacantes remotos inyectar web script o HTML a través de vectores envueltos en cabeceras de respuesta HTTP. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/32702 http://secunia.com/advisories/33179 http://secunia.com/advisories/33390 http://secunia.com/advisories/34226 http://security.gentoo.org/glsa/glsa-200903-23.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.apple.com/kb/HT3338 http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm http://support.avaya.com/elmodocs2/securit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2008-4823 – Flash Player HTML injection flaw
https://notcve.org/view.php?id=CVE-2008-4823
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player v9.0.124.0 y versiones anteriores permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores relacionados con una interpretación perdida de un atributo ActionScript. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/32702 http://secunia.com/advisories/33179 http://secunia.com/advisories/33390 http://secunia.com/advisories/34226 http://security.gentoo.org/glsa/glsa-200903-23.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.apple.com/kb/HT3338 http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm http://support.avaya.com/elmodocs2/securit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 21EXPL: 0CVE-2008-4820
https://notcve.org/view.php?id=CVE-2008-4820
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en el control ActiveX de Flash Player en Adobe Flash Player v9.0.124.0 y anteriores para Windows; permite a los atacantes obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://secunia.com/advisories/33390 http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.apple.com/kb/HT3338 http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid= http://www.adobe.com/support/security/bulletins/apsb08-20.html http://www.securityfocus.c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 5%CPEs: 20EXPL: 0CVE-2008-4819 – Flash Player DNS rebind attack
https://notcve.org/view.php?id=CVE-2008-4819
Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. Vulnerabilidad no específica en Adobe Flash Player v9.0.124.0 y anteriores, facilitan a atacantes remotos conducir ataques de revinvulación DNS, mediante vectores desconocidos. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/32702 http://secunia.com/advisories/33179 http://secunia.com/advisories/33390 http://secunia.com/advisories/34226 http://security.gentoo.org/glsa/glsa-200903-23.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.apple.com/kb/HT3338 http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm http://support.avaya.com/elmodocs2/securit •