RSS   Vulnerabilities for 'Phonegap'   RSS

2014-03-02
 
CVE-2014-1884

CWE-264
 

 
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.

 
 
CVE-2014-1883

CWE-264
 

 
Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.

 
 
CVE-2014-1882

CWE-264
 

 
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.

 
 
CVE-2014-1881

CWE-264
 

 
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization.

 
 
CVE-2012-6637

CWE-20
 

 
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring.

 

 >>> Vendor: Adobe 137 Products
Framemaker
Acrobat reader
Acrobat
Acrobat business tools
Digital editions
Adobe content server
Photodeluxe
Creative suite
Photoshop
Premiere
Svg viewer
Version cue
Shockwave player
Captivate
Contribute
Director
Dreamweaver
Elicensing
Fireworks
Flash player
Freehand
Studio
Illustrator
Indesign
Pagemaker
Document server
Graphics server
Livecycle form manager
Flex sdk
Coldfusion
Breeze licensed server
Adobe php ria sdk
Download manager
JRUN
Acrobat 3d
AIR
FLEX
Bridge
Robohelp
Robohelp server
Golive
Photoshop elements
Adobe air
Connect enterprise server
Flash
Flash media server 2
Form client
Form designer
Livecycle workflow
Flex builder
Presenter
Reader
Flash media server
Flash playe for linux
Flash player for linux
Blazeds
Flex data services
Lifecycle
Lifecycle data services
Photoshop cs4
Indesign cs3
Device central cs5
Premier pro cs4
Onlocation cs4
Indesign cs4
Extension manager cs5
Extendedscript toolkit cs5
Audition
Livecycle
Livecycle data services
Adobe reader
Flash player for android
Flash cs3
Flash cs4
Flash cs5.5
Illustrator cs5.5
Photoshop cs5.5
Adobe air sdk
Photoshop cs6
Livecycle designer es2
Livecycle designer
Device central cs4
Camera raw
Acrobat r2000eader
Adobe air sdk and compiler
Phonegap
Photoshop cs5
Photoshop cs5.1
Air sdk
Air sdk & compiler
Air sdk and compiler
Connect
Photoshop cc
Acrobat dc
Acrobat reader dc
Premiere clip
Air sdk \& compiler
Experience manager
Bridge cc
Photoshop cc 2015
See all Products for Vendor Adobe


Copyright 2021, cxsecurity.com

 

Back to Top