focus software vulnerabilities
vulnerabilities.aspcode.net
Searching focus software vulnerabilities
Microsoft Internet Explorer 6.0 and earlier all
showModelessDialog
|
Microsoft
|
released
|
infinite
|
modeless
|
Explorer
|
Internet
|
service
|
earlier
|
dialogs
|
dialog
|
causes
|
denial
|
allows
|
focus
|
usage
|
while
|
local
|
cause
|
users
|
which
|
loop
|
via
|
not
|
CPU
|
Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released.
Firefox before 1.0 and Mozilla before 1.7.5 all
Mozilla
|
Firefox
|
before
|
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
Microsoft Internet Explorer 5.0 through 6.0 all
restrictions
|
cross-frame
|
Javascript
|
attackers
|
Microsoft
|
scripting
|
keyboard
|
frameset
|
includes
|
maintain
|
document
|
Explorer
|
Internet
|
forcing
|
through
|
outside
|
capture
|
domains
|
bypass
|
domain
|
target
|
allows
|
remote
|
events
|
focus
|
other
|
HTML
|
then
|
via
|
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
rdesktop 1.3.1 with xscreensaver 4.14, and poss
rdesktop
|
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.
Firefox before 1.0.1 and Mozilla before 1.7.6,
Firefox
|
before
|
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
B-FOCuS Router 312+ allows remote attackers to
authentication
|
unauthorized
|
firmwarecfg
|
attackers
|
B-FOCuS
|
request
|
access
|
direct
|
Router
|
allows
|
remote
|
bypass
|
gain
|
312+
|
via
|
B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg.
mshtml.dll in Microsoft Windows XP, Server 2003
Microsoft
|
mshtmldll
|
Windows
|
Server
|
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13,
Firefox
|
Mozilla
|
Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2, and Netscape 8.1 and earlier allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
Internet Explorer 6 allows user-assisted remote
user-assisted
|
characters
|
OnKeyPress
|
Javascript
|
arbitrary
|
keystroke
|
OnKeyDown
|
attackers
|
filename
|
Explorer
|
inserted
|
Internet
|
tricking
|
OnKeyUp
|
submits
|
control
|
allows
|
upload
|
change
|
events
|
target
|
typing
|
remote
|
those
|
cause
|
input
|
which
|
files
|
using
|
focus
|
form
|
then
|
into
|
text
|
user
|
file
|
read
|
box
|
can
|
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
Simpliciti Locked Browser does not properly lim
CTRL-SHIFT-ESC
|
unauthorized
|
environment
|
Simpliciti
|
windowblur
|
JavaScript
|
Internet
|
intended
|
Explorer
|
executes
|
visiting
|
properly
|
pressing
|
perform
|
Manager
|
Browser
|
actions
|
invoke
|
remove
|
user's
|
within
|
window
|
Locked
|
allows
|
focus
|
local
|
which
|
limit
|
users
|
site
|
Task
|
does
|
ones
|
loop
|
then
|
web
|
not
|
Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager.
ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ R
configuration
|
demonstrated
|
/html/defs/
|
attackers
|
arbitrary
|
80211b/g
|
Wireless
|
Telecom
|
request
|
certain
|
B-FOCuS
|
related
|
Router
|
ADSL2+
|
remote
|
allows
|
files
|
file
|
read
|
HTTP
|
URI
|
ECI
|
via
|
ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote attackers to read arbitrary files via a certain HTTP request, as demonstrated by a request for a router configuration file, related to the /html/defs/ URI.
VMware Workstation 5.5.3 34685, when the "Enabl
Workstation
|
VMware
|
VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system.
PHP remote file inclusion vulnerability in modu
modules/Discipline/CategoryBreakdownTimephp
|
vulnerability
|
parameter
|
Focus/SIS
|
attackers
|
arbitrary
|
inclusion
|
FocusPath
|
execute
|
remote
|
allows
|
code
|
file
|
PHP
|
via
|
URL
|
PHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
staticpath
|
Focus/SIS
|
attackers
|
arbitrary
|
parameter
|
inclusion
|
Multiple
|
execute
|
remote
|
allow
|
file
|
code
|
PHP
|
via
|
URL
|
Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php.
PHP remote file inclusion vulnerability in modu
modules/Discipline/StudentFieldBreakdownphp
|
vulnerability
|
CVE-2007-4806
|
FocusPath
|
attackers
|
arbitrary
|
Focus/SIS
|
inclusion
|
different
|
parameter
|
execute
|
allows
|
remote
|
vector
|
than
|
code
|
file
|
PHP
|
URL
|
via
|
PHP remote file inclusion vulnerability in modules/Discipline/StudentFieldBreakdown.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter, a different vector than CVE-2007-4806. NOTE: the provenance of this information is unknown.
The focus handling for the onkeydown event in M
CVE-2007-3511
|
demonstrated
|
keystrokes
|
JavaScript
|
attackers
|
attribute
|
onkeydown
|
Microsoft
|
handling
|
Internet
|
changing
|
textarea
|
Explorer
|
related
|
htmlFor
|
certain
|
remote
|
change
|
allows
|
upload
|
event
|
issue
|
field
|
focus
|
file
|
copy
|
via
|
use
|
The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511.
Software vulnerabilities results 1 to 17 of 17
Page:
1