onkeydown software vulnerabilities
vulnerabilities.aspcode.net
Searching onkeydown software vulnerabilities
Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13,
Firefox
|
Mozilla
|
Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2, and Netscape 8.1 and earlier allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
Internet Explorer 6 allows user-assisted remote
user-assisted
|
characters
|
OnKeyPress
|
Javascript
|
arbitrary
|
keystroke
|
OnKeyDown
|
attackers
|
filename
|
Explorer
|
inserted
|
Internet
|
tricking
|
OnKeyUp
|
submits
|
control
|
allows
|
upload
|
change
|
events
|
target
|
typing
|
remote
|
those
|
cause
|
input
|
which
|
files
|
using
|
focus
|
form
|
then
|
into
|
text
|
user
|
file
|
read
|
box
|
can
|
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
The focus handling for the onkeydown event in M
CVE-2007-3511
|
demonstrated
|
keystrokes
|
JavaScript
|
attackers
|
attribute
|
onkeydown
|
Microsoft
|
handling
|
Internet
|
changing
|
textarea
|
Explorer
|
related
|
htmlFor
|
certain
|
remote
|
change
|
allows
|
upload
|
event
|
issue
|
field
|
focus
|
file
|
copy
|
via
|
use
|
The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511.
Software vulnerabilities results 1 to 4 of 4
Page:
1