CVSS: 6.8EPSS: 87%CPEs: 1EXPL: 0CVE-2007-6242 – flash: abitrary code execution
https://notcve.org/view.php?id=CVE-2007-6242
Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." Vulnerabilidad no especificada en Adobe Flash Player 9.0.48.0 y anteriores podría permitir a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, relacionado con "error de validación de entrada". • http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://securitytracker.com/id?1019116 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 http://www.adobe.com/support/security/bulletins/apsb07-20.html http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 2%CPEs: 3EXPL: 0CVE-2007-6245 – flash: HTTP headers modification
https://notcve.org/view.php?id=CVE-2007-6245
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. Adobe Flash Player 9.x hasta 9.0.48.0, 8.x hasta 8.0.35.0, y 7.x hasta 7.0.70.0 permite a atacantes remotos modificar las cabeceras HTTP para peticiones de cliente y llevar a cabo ataques de División de Petición HTTP. • http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://securitytracker.com/id?1019116 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 http://www.adobe.com/support/security/bulletins/apsb07-20.html http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 94%CPEs: 2EXPL: 2CVE-2007-6244 – Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting
https://notcve.org/view.php?id=CVE-2007-6244
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en Adobe Flash Player 9.x hasta la 9.0.48.0 y 8.x hasta la 8.0.35.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un (1) archivo SWF que utiliza la función as: protocol o (2) la función navigateToURL cuando se utiliza con el Control ActiveX Flash Player en Internet Explorer. • https://www.exploit-db.com/exploits/30907 https://www.exploit-db.com/exploits/30905 http://crypto.stanford.edu/advisories/CVE-2007-6244 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://securitytracker.com/id?1019116 http://sunsolve.sun.com/search/document.do?assetkey=1&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 103EXPL: 0CVE-2007-5476
https://notcve.org/view.php?id=CVE-2007-5476
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. Vulnerabilidad no especificada en en Adobe Flash Player 9.0.47.0 y anteriores, cuando se ejecuta sobre Opera anterior a 9.24 en Mac OS X, tiene impacto "Altamente Severo" desconocido y vectores de ataque desconocidos. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/28136 http://secunia.com/advisories/28161 http://secunia.com/advisories/30507 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 http://www.adobe.com/support/security/advisories/apsa07-05.html http://www.adobe.com/support/security/bulletins/apsb07-20.html http://www.opera.com/support/search/view/868 http:&# •
CVSS: 5.0EPSS: 16%CPEs: 1EXPL: 0CVE-2007-4324 – Flash movie can determine whether a TCP port is open
https://notcve.org/view.php?id=CVE-2007-4324
ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. ActionScript versión 3 (AS3) en Adobe Flash Player versiones 9.0.47.0 y 9.0.124.0 y anteriores, permite a atacantes remotos omitir el Security Sandbox Model, obtener información confidencial y analizar puertos hosts arbitrarios por medio de una película Flash (SWF) que especifica una conexión a realizar y, a continuación, usa discrepancias de tiempo del error SecurityErrorEvent para determinar si un puerto está abierto o no. NOTA: la versión 9.0.115.0 introduce soporte para una solución alternativa, pero no corrige esta vulnerabilidad. • http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://scan.flashsec.org http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://secunia.com/advisories/32270 http://secunia.com/ad • CWE-264: Permissions, Privileges, and Access Controls •