RSS   Vulnerabilities for 'Phonegap'   RSS

2014-03-02
 
CVE-2014-1884

CWE-264
 

 
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.

 
 
CVE-2014-1883

CWE-264
 

 
Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.

 
 
CVE-2014-1882

CWE-264
 

 
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.

 
 
CVE-2014-1881

CWE-264
 

 
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization.

 
 
CVE-2012-6637

CWE-20
 

 
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring.

 

 >>> Vendor: Adobe 146 Products
Framemaker
Coldfusion
Dreamweaver
Acrobat reader
Studio
JRUN
Acrobat
Acrobat business tools
Flash
Flash player
Digital editions
Adobe content server
Shockwave
Photodeluxe
Director
Contribute
Creative suite
Photoshop
Premiere
Svg viewer
Version cue
Shockwave player
Flash media server
Captivate
Elicensing
Fireworks
Freehand
FLEX
Illustrator
Indesign
Pagemaker
Document server
Graphics server
Livecycle form manager
Download manager
Flex sdk
Breeze licensed server
Adobe php ria sdk
Acrobat 3d
AIR
Bridge
Robohelp
Robohelp server
Golive
Photoshop elements
Adobe air
Connect enterprise server
Flash media server 2
Form client
Form designer
Reader
Livecycle workflow
Flex builder
Presenter
Commerce
Flash playe for linux
Flash player for linux
Blazeds
Flex data services
Lifecycle
Lifecycle data services
Photoshop cs4
Indesign cs3
Device central cs5
Premier pro cs4
Onlocation cs4
Indesign cs4
Extension manager cs5
Extendedscript toolkit cs5
Audition
Connect
Livecycle
Livecycle data services
Adobe reader
Flash player for android
Flash cs3
Flash cs4
Flash cs5.5
Illustrator cs5.5
Photoshop cs5.5
Adobe air sdk
Photoshop cs6
Livecycle designer es2
Livecycle designer
Device central cs4
Camera raw
Acrobat r2000eader
Adobe air sdk and compiler
Phonegap
Photoshop cs5
Photoshop cs5.1
Air sdk
Air sdk & compiler
Air sdk and compiler
Photoshop cc
Acrobat dc
Acrobat reader dc
Premiere clip
Air sdk \& compiler
Experience manager
See all Products for Vendor Adobe


Copyright 2024, cxsecurity.com

 

Back to Top