CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3872
https://notcve.org/view.php?id=CVE-2008-3872
06 Oct 2008 — Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations. En el programa Adobe Flash Player versión 8.0.39.0 y versiones anteriores, y versión 9.x hasta 9.0.115.0, hay una vulnerabilidad que permite a los atacantes remotos omitir la configuración del parámetro allowScriptAccess por medio de un archivo SWF creado con manipulaciones no especificadas de "Filt... • http://taviso.decsystem.org/research.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 95%CPEs: 2EXPL: 0CVE-2007-0071 – Adobe Flash DefineSceneAndFrameLabelData Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2007-0071
09 Apr 2008 — Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. El desbordamiento de enteros en Adobe Flash Player versión 9.0.115.0 y versiones anteriores, y versión 8.0.39.0 y versiones anteriores, permite que los atacantes remotos ejecuten código arbitrario por medio de ... • http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html • CWE-20: Improper Input Validation CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 0CVE-2008-1655 – Flash Player DNS rebind flaw
https://notcve.org/view.php?id=CVE-2008-1655
09 Apr 2008 — Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. Vulnerabilidad no especificada en Adobe Flash Player 9.0.115.0 y versiones anteriores, y 8.0.39.0 y versiones anteriores, hace más fácil a atacantes remotos llevar a cabo ataques DNS a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 44%CPEs: 42EXPL: 2CVE-2007-6019 – Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability
https://notcve.org/view.php?id=CVE-2007-6019
08 Apr 2008 — Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. Adobe Flash Player 9.0.115.0 y versiones anteriores, y 8.0.39.0 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección a través de un fichero SWF con una etiqueta modificada DeclareFunction2 Actionscript, lo cual evita que un objeto sea ins... • https://www.exploit-db.com/exploits/31630 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 2%CPEs: 18EXPL: 0CVE-2007-6637 – Adobe Flash Script Injection Cross Domain Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2007-6637
04 Jan 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante un fichero SWF... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 72%CPEs: 1EXPL: 0CVE-2007-6242 – flash: abitrary code execution
https://notcve.org/view.php?id=CVE-2007-6242
20 Dec 2007 — Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." Vulnerabilidad no especificada en Adobe Flash Player 9.0.48.0 y anteriores podría permitir a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, relacionado con "error de validación de entrada". • http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 67%CPEs: 1EXPL: 0CVE-2007-6243 – Flash Player cross-domain and cross-site scripting flaws
https://notcve.org/view.php?id=CVE-2007-6243
20 Dec 2007 — Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. Adobe Flash Player 9.x hasta 9.0.48.0, 8.x hasta 8.0.35.0, y 7.x hasta 7.0.70.0 no restringe suficientemente la interpretación y uso de los ficheros de políticas de cruce de dominios, lo cual facilita a atacantes remotos llevar a cab... • http://jvn.jp/jp/JVN%2345675516/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6246 – flash: privilege escalation
https://notcve.org/view.php?id=CVE-2007-6246
20 Dec 2007 — Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. Adobe Flash Player 9.x hasta 9.0.48.0, 8.x hasta 8.0.35.0, y 7.x hasta 7.0.70.0, cuando se ejecuta en Linux, usa permisos inseguros para la memoria, lo cual podría permitir a usuarios locales obtener privilegios. • http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 103EXPL: 0CVE-2007-5476
https://notcve.org/view.php?id=CVE-2007-5476
18 Oct 2007 — Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. Vulnerabilidad no especificada en en Adobe Flash Player 9.0.47.0 y anteriores, cuando se ejecuta sobre Opera anterior a 9.24 en Mac OS X, tiene impacto "Altamente Severo" desconocido y vectores de ataque desconocidos. • http://docs.info.apple.com/article.html?artnum=307179 •
CVSS: 7.5EPSS: 63%CPEs: 1EXPL: 0CVE-2007-4324 – Flash movie can determine whether a TCP port is open
https://notcve.org/view.php?id=CVE-2007-4324
14 Aug 2007 — ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. ActionScript vers... • http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2 • CWE-264: Permissions, Privileges, and Access Controls •