Vulnerabilities > Adobe > Flash Player
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-04-09 | CVE-2008-1655 | Cross-Site Scripting vulnerability in Adobe Air, Flash Player and Flex Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. | 4.3 |
2008-04-09 | CVE-2007-6019 | Remote Code Execution vulnerability in Adobe Flash Player SWF File 'DeclareFunction2' ActionScript Tag Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. | 9.3 |
2008-04-09 | CVE-2007-0071 | Numeric Errors vulnerability in Adobe Flash Player Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. | 9.3 |
2008-04-02 | CVE-2008-1654 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Flash Player Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. | 4.3 |
2008-01-04 | CVE-2007-6637 | Cross-Site Scripting vulnerability in Adobe Flash Player Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. | 4.3 |
2007-12-20 | CVE-2007-6246 | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. | 4.4 |
2007-12-20 | CVE-2007-6245 | Buffer Errors vulnerability in Adobe Flash Player 7.0/8.0/9.0 Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. | 5.8 |
2007-12-20 | CVE-2007-6244 | Cross-Site Scripting vulnerability in Adobe Flash Player 8.0/9.0 Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. | 4.3 |
2007-12-20 | CVE-2007-6243 | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. | 9.3 |
2007-12-20 | CVE-2007-6242 | Improper Input Validation vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." | 6.8 |