CVSS: 9.8EPSS: 52%CPEs: 42EXPL: 2CVE-2007-6019 – Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability
https://notcve.org/view.php?id=CVE-2007-6019
08 Apr 2008 — Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. Adobe Flash Player 9.0.115.0 y versiones anteriores, y 8.0.39.0 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección a través de un fichero SWF con una etiqueta modificada DeclareFunction2 Actionscript, lo cual evita que un objeto sea ins... • https://www.exploit-db.com/exploits/31630 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 34%CPEs: 18EXPL: 0CVE-2007-6637 – Adobe Flash Script Injection Cross Domain Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2007-6637
04 Jan 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante un fichero SWF... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 46%CPEs: 1EXPL: 0CVE-2007-6243 – Flash Player cross-domain and cross-site scripting flaws
https://notcve.org/view.php?id=CVE-2007-6243
20 Dec 2007 — Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. Adobe Flash Player 9.x hasta 9.0.48.0, 8.x hasta 8.0.35.0, y 7.x hasta 7.0.70.0 no restringe suficientemente la interpretación y uso de los ficheros de políticas de cruce de dominios, lo cual facilita a atacantes remotos llevar a cab... • http://jvn.jp/jp/JVN%2345675516/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 29%CPEs: 3EXPL: 0CVE-2007-6245 – flash: HTTP headers modification
https://notcve.org/view.php?id=CVE-2007-6245
20 Dec 2007 — Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. Adobe Flash Player 9.x hasta 9.0.48.0, 8.x hasta 8.0.35.0, y 7.x hasta 7.0.70.0 permite a atacantes remotos modificar las cabeceras HTTP para peticiones de cliente y llevar a cabo ataques de División de Petición HTTP. • http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6246 – flash: privilege escalation
https://notcve.org/view.php?id=CVE-2007-6246
20 Dec 2007 — Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. Adobe Flash Player 9.x hasta 9.0.48.0, 8.x hasta 8.0.35.0, y 7.x hasta 7.0.70.0, cuando se ejecuta en Linux, usa permisos inseguros para la memoria, lo cual podría permitir a usuarios locales obtener privilegios. • http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 20%CPEs: 103EXPL: 0CVE-2007-5476
https://notcve.org/view.php?id=CVE-2007-5476
18 Oct 2007 — Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. Vulnerabilidad no especificada en en Adobe Flash Player 9.0.47.0 y anteriores, cuando se ejecuta sobre Opera anterior a 9.24 en Mac OS X, tiene impacto "Altamente Severo" desconocido y vectores de ataque desconocidos. • http://docs.info.apple.com/article.html?artnum=307179 •
CVSS: 7.5EPSS: 26%CPEs: 1EXPL: 0CVE-2007-4324 – Flash movie can determine whether a TCP port is open
https://notcve.org/view.php?id=CVE-2007-4324
14 Aug 2007 — ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. ActionScript vers... • http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 7%CPEs: 1EXPL: 0CVE-2007-3457
https://notcve.org/view.php?id=CVE-2007-3457
11 Jul 2007 — Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. Una vulnerabilidad de inyección SQL en el archivo inferno.php en el Inferno Technologies RPG Inferno versión 2.4 y anteriores, un módulo vBulletin, permite a atacantes autenticados remotos ejecutar comandos SQL arbitrarios por medio del parámetro id en una acción ScanMember do. • http://secunia.com/advisories/26027 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 74%CPEs: 9EXPL: 1CVE-2007-3456 – Adobe Flash Player 8.0.24 - '.SWF' File Handling Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-3456
11 Jul 2007 — Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative. El desbordamiento de enteros en Adobe Flash Player versiones 9.0.45.0 y anteriores, podría permitir a los atacantes remotos ejecutar código arbitrario por medio de un val... • https://www.exploit-db.com/exploits/30288 • CWE-20: Improper Input Validation CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 18%CPEs: 76EXPL: 0CVE-2007-2022 – kdebase3 flash-player interaction problem
https://notcve.org/view.php?id=CVE-2007-2022
13 Apr 2007 — Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. Adobe Macromedia Flash Player versiones 7 y 9, cuando es usado con Opera versiones anteriores a 9.20 o Konqueror anteriores a 20070613, permite a atacantes remotos obtener información confidencial (pulsaciones de teclas del navegador), que son filtradas en la applet de Flash Player. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •