CVSS: 4.3EPSS: 4%CPEs: 1EXPL: 0CVE-2015-1773
https://notcve.org/view.php?id=CVE-2015-1773
Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. Vulnerabilidad de XSS en asdoc/templates/index.html en Apache Flex anterior a 4.14.1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML mediante la provisión de una URI manipulada a código JavaScript generado por el componente asdoc. • http://seclists.org/bugtraq/2015/Apr/42 http://www.securityfocus.com/bid/73954 http://www.securitytracker.com/id/1032107 https://helpx.adobe.com/security/products/flex/apsb15-08.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 3%CPEs: 14EXPL: 2CVE-2011-2461
https://notcve.org/view.php?id=CVE-2011-2461
Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Flex SDK v3.x y v4.x anteriores a v4.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con la carga de módulos desde distintos dominios. • https://github.com/u-maxx/magento-swf-patched-CVE-2011-2461 http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html http://kb2.adobe.com/cps/915/cpsid_91544.html http://packetstormsecurity.com/files/131376/Magento-eCommerce-Vulnerable-Adobe-Flex-SDK.html http://secunia.com/advisories/47053 http://www.adobe.com/support/security/bulletins/apsb11-25.html https://threatpost. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 94%CPEs: 12EXPL: 2CVE-2009-3960 – Adobe BlazeDS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2009-3960
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents. Vulnerabilidad sin especificar en BlazeDS v3.2 y anteriores, tal como es utilizado en LiveCycle v8.0.1, v8.2.1 y v9.0, LiveCycle Data Services v2.5.1, v2.6.1 y v3.0, Flex Data Services v2.0.1 y ColdFusion v7.0.2, v8.0, v8.0.1 y v9.0. Permite a atacantes remotos obtener información confidencial a través de vectores de ataque asociados con una petición, y relacionados con una etiqueta inyectada y una referencia a una entidad externa en documentos XML. Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and 2.5.1, Flex Data Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2. • https://www.exploit-db.com/exploits/11529 https://www.exploit-db.com/exploits/41855 http://secunia.com/advisories/38543 http://securitytracker.com/id?1023584 http://www.adobe.com/support/security/bulletins/apsb10-05.html http://www.osvdb.org/62292 http://www.securityfocus.com/bid/38197 •
CVSS: 9.3EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1864 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1864
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 http://www.adobe.com/support/secu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1866 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1866
Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en pila en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://osvdb.org/56774 http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •