CVSS: 9.1EPSS: 2%CPEs: 23EXPL: 0CVE-2008-4503 – Adobe Flash Player clickjacking
https://notcve.org/view.php?id=CVE-2008-4503
09 Oct 2008 — The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking." El Administrador de configuración en el Adobe Flash Player v9.0.124.0 y versiones anteriores permite a atacantes remotos que los usuarios hagan clic sin saberlo en unos controles que no se distinguen de los norma... • http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3872
https://notcve.org/view.php?id=CVE-2008-3872
06 Oct 2008 — Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations. En el programa Adobe Flash Player versión 8.0.39.0 y versiones anteriores, y versión 9.x hasta 9.0.115.0, hay una vulnerabilidad que permite a los atacantes remotos omitir la configuración del parámetro allowScriptAccess por medio de un archivo SWF creado con manipulaciones no especificadas de "Filt... • http://taviso.decsystem.org/research.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 95%CPEs: 2EXPL: 0CVE-2007-0071 – Adobe Flash DefineSceneAndFrameLabelData Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2007-0071
09 Apr 2008 — Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. El desbordamiento de enteros en Adobe Flash Player versión 9.0.115.0 y versiones anteriores, y versión 8.0.39.0 y versiones anteriores, permite que los atacantes remotos ejecuten código arbitrario por medio de ... • http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html • CWE-20: Improper Input Validation CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 0CVE-2008-1655 – Flash Player DNS rebind flaw
https://notcve.org/view.php?id=CVE-2008-1655
09 Apr 2008 — Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. Vulnerabilidad no especificada en Adobe Flash Player 9.0.115.0 y versiones anteriores, y 8.0.39.0 y versiones anteriores, hace más fácil a atacantes remotos llevar a cabo ataques DNS a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 44%CPEs: 42EXPL: 2CVE-2007-6019 – Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability
https://notcve.org/view.php?id=CVE-2007-6019
08 Apr 2008 — Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. Adobe Flash Player 9.0.115.0 y versiones anteriores, y 8.0.39.0 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección a través de un fichero SWF con una etiqueta modificada DeclareFunction2 Actionscript, lo cual evita que un objeto sea ins... • https://www.exploit-db.com/exploits/31630 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 2%CPEs: 18EXPL: 0CVE-2007-6637 – Adobe Flash Script Injection Cross Domain Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2007-6637
04 Jan 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante un fichero SWF... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 63%CPEs: 1EXPL: 0CVE-2007-4324 – Flash movie can determine whether a TCP port is open
https://notcve.org/view.php?id=CVE-2007-4324
14 Aug 2007 — ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. ActionScript vers... • http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 68%CPEs: 4EXPL: 1CVE-2006-3311
https://notcve.org/view.php?id=CVE-2006-3311
12 Sep 2006 — Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. Desbordamiento de búfer en Adobe Flash Player 8.0.24.0 y anteriores, Flash Professional 8, Flash MX 2004, y Flex 1.5 permite a un atacante con la complicidad del usuario ejecutar código de su elección a través de una cadena grande y creada dinamicamente en una película SWF. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html •
CVSS: 9.1EPSS: 11%CPEs: 4EXPL: 0CVE-2006-4640
https://notcve.org/view.php?id=CVE-2006-4640
12 Sep 2006 — Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. Vulnerabilidad no especificada en Adobe Flash Player anterior 9.0.16.0 permite a un atacante remoto con la complicidad del usuario puentear la protección de allowScriptAccess a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •