CVSS: 7.5EPSS: 20%CPEs: 4EXPL: 0CVE-2006-5330
https://notcve.org/view.php?id=CVE-2006-5330
17 Oct 2006 — CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. Vulnerabilida... • http://docs.info.apple.com/article.html?artnum=305214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 30%CPEs: 4EXPL: 0CVE-2006-4640
https://notcve.org/view.php?id=CVE-2006-4640
12 Sep 2006 — Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. Vulnerabilidad no especificada en Adobe Flash Player anterior 9.0.16.0 permite a un atacante remoto con la complicidad del usuario puentear la protección de allowScriptAccess a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 57%CPEs: 4EXPL: 1CVE-2006-3311
https://notcve.org/view.php?id=CVE-2006-3311
12 Sep 2006 — Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. Desbordamiento de búfer en Adobe Flash Player 8.0.24.0 y anteriores, Flash Professional 8, Flash MX 2004, y Flex 1.5 permite a un atacante con la complicidad del usuario ejecutar código de su elección a través de una cadena grande y creada dinamicamente en una película SWF. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html •
CVSS: 8.8EPSS: 14%CPEs: 14EXPL: 0CVE-2006-0024
https://notcve.org/view.php?id=CVE-2006-0024
15 Mar 2006 — Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file. • http://docs.info.apple.com/article.html?artnum=307179 •
CVSS: 9.8EPSS: 33%CPEs: 8EXPL: 3CVE-2005-3591 – Macromedia Flash Plugin 7.0.19.0 - 'action' Denial of Service
https://notcve.org/view.php?id=CVE-2005-3591
16 Nov 2005 — Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. • https://www.exploit-db.com/exploits/1331 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 32%CPEs: 8EXPL: 0CVE-2005-2628
https://notcve.org/view.php?id=CVE-2005-2628
05 Nov 2005 — Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html •