CVSS: 5.8EPSS: 2%CPEs: 3EXPL: 0CVE-2007-6245 – flash: HTTP headers modification
https://notcve.org/view.php?id=CVE-2007-6245
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. Adobe Flash Player 9.x hasta 9.0.48.0, 8.x hasta 8.0.35.0, y 7.x hasta 7.0.70.0 permite a atacantes remotos modificar las cabeceras HTTP para peticiones de cliente y llevar a cabo ataques de División de Petición HTTP. • http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://securitytracker.com/id?1019116 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 http://www.adobe.com/support/security/bulletins/apsb07-20.html http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 94%CPEs: 2EXPL: 2CVE-2007-6244 – Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting
https://notcve.org/view.php?id=CVE-2007-6244
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en Adobe Flash Player 9.x hasta la 9.0.48.0 y 8.x hasta la 8.0.35.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un (1) archivo SWF que utiliza la función as: protocol o (2) la función navigateToURL cuando se utiliza con el Control ActiveX Flash Player en Internet Explorer. • https://www.exploit-db.com/exploits/30907 https://www.exploit-db.com/exploits/30905 http://crypto.stanford.edu/advisories/CVE-2007-6244 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://securitytracker.com/id?1019116 http://sunsolve.sun.com/search/document.do?assetkey=1&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 103EXPL: 0CVE-2007-5476
https://notcve.org/view.php?id=CVE-2007-5476
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. Vulnerabilidad no especificada en en Adobe Flash Player 9.0.47.0 y anteriores, cuando se ejecuta sobre Opera anterior a 9.24 en Mac OS X, tiene impacto "Altamente Severo" desconocido y vectores de ataque desconocidos. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/28136 http://secunia.com/advisories/28161 http://secunia.com/advisories/30507 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 http://www.adobe.com/support/security/advisories/apsa07-05.html http://www.adobe.com/support/security/bulletins/apsb07-20.html http://www.opera.com/support/search/view/868 http:&# •
CVSS: 5.0EPSS: 16%CPEs: 1EXPL: 0CVE-2007-4324 – Flash movie can determine whether a TCP port is open
https://notcve.org/view.php?id=CVE-2007-4324
ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. ActionScript versión 3 (AS3) en Adobe Flash Player versiones 9.0.47.0 y 9.0.124.0 y anteriores, permite a atacantes remotos omitir el Security Sandbox Model, obtener información confidencial y analizar puertos hosts arbitrarios por medio de una película Flash (SWF) que especifica una conexión a realizar y, a continuación, usa discrepancias de tiempo del error SecurityErrorEvent para determinar si un puerto está abierto o no. NOTA: la versión 9.0.115.0 introduce soporte para una solución alternativa, pero no corrige esta vulnerabilidad. • http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://scan.flashsec.org http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://secunia.com/advisories/32270 http://secunia.com/ad • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3457
https://notcve.org/view.php?id=CVE-2007-3457
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. Una vulnerabilidad de inyección SQL en el archivo inferno.php en el Inferno Technologies RPG Inferno versión 2.4 y anteriores, un módulo vBulletin, permite a atacantes autenticados remotos ejecutar comandos SQL arbitrarios por medio del parámetro id en una acción ScanMember do. • http://secunia.com/advisories/26027 http://secunia.com/advisories/26118 http://secunia.com/advisories/26357 http://secunia.com/advisories/28068 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1 http://www.adobe.com/support/security/bulletins/apsb07-12.html http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml http://www.kb.cert.org/vuls/id/138457 http://www.novell.com/linux/ • CWE-352: Cross-Site Request Forgery (CSRF) •