CVSS: 9.8EPSS: 96%CPEs: 9EXPL: 1CVE-2007-3456 – Adobe Flash Player 8.0.24 - '.SWF' File Handling Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-3456
11 Jul 2007 — Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative. El desbordamiento de enteros en Adobe Flash Player versiones 9.0.45.0 y anteriores, podría permitir a los atacantes remotos ejecutar código arbitrario por medio de un val... • https://www.exploit-db.com/exploits/30288 • CWE-20: Improper Input Validation CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 7%CPEs: 76EXPL: 0CVE-2007-2022 – kdebase3 flash-player interaction problem
https://notcve.org/view.php?id=CVE-2007-2022
13 Apr 2007 — Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. Adobe Macromedia Flash Player versiones 7 y 9, cuando es usado con Opera versiones anteriores a 9.20 o Konqueror anteriores a 20070613, permite a atacantes remotos obtener información confidencial (pulsaciones de teclas del navegador), que son filtradas en la applet de Flash Player. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2006-5330
https://notcve.org/view.php?id=CVE-2006-5330
17 Oct 2006 — CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. Vulnerabilida... • http://docs.info.apple.com/article.html?artnum=305214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 68%CPEs: 4EXPL: 1CVE-2006-3311
https://notcve.org/view.php?id=CVE-2006-3311
12 Sep 2006 — Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. Desbordamiento de búfer en Adobe Flash Player 8.0.24.0 y anteriores, Flash Professional 8, Flash MX 2004, y Flex 1.5 permite a un atacante con la complicidad del usuario ejecutar código de su elección a través de una cadena grande y creada dinamicamente en una película SWF. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html •
CVSS: 9.1EPSS: 11%CPEs: 4EXPL: 0CVE-2006-4640
https://notcve.org/view.php?id=CVE-2006-4640
12 Sep 2006 — Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. Vulnerabilidad no especificada en Adobe Flash Player anterior 9.0.16.0 permite a un atacante remoto con la complicidad del usuario puentear la protección de allowScriptAccess a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •