There is an out-of-bounds read in H264 parsing and a fuzzed file is included in this archive. To load, load LoadMP4.swf with the URL parameter file=compute_poc.flv from a remote server.
>> ARCHIVE: 2016-02
The included flv file causes stack corruption when loaded into Flash. To use the PoC, load LoadMP42.swf?file=lownull.flv from a remote server.
The included file causes a crash due to a heap overflow, probably due to an issue in ATF processing by the URLStream class.
There is a use-after-free in LoadVars.decode. If a watch is set on the object that the parameters are being decoded into, and the watch deletes the object, then other methods…
There is a dangling pointer that can be read, but not written to in loadPCMFromByteArray. A proof of concept is included.
There is a type confusion vulnerability in the TextField constructor in AS3. When a TextField is constructed, a generic backing object is created and reused when subsequent TextField objects are…
The Cisco ASA VPN Portal password recovery page suffers from a cross site scripting vulnerability.
ADOdb < 4.71 – Cross Site Scripting
Vesta Control Panel <= 0.9.8-15 – Persistent XSS Vulnerability
DirectAdmin 1.491 – CSRF Vulnerability