paste software vulnerabilities
vulnerabilities.aspcode.net
Searching paste software vulnerabilities
Microsoft Office Web Components (OWC) 2000 and
Components
|
Microsoft
|
Office
|
Web
|
Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
Vtun 2.5b1 does not authenticate forwarded pack
cut-and-paste
|
authenticate
|
forwarded
|
attackers
|
detection
|
sessions
|
possibly
|
contents
|
attacks
|
without
|
control
|
packets
|
allows
|
inject
|
remote
|
which
|
does
|
25b1
|
Vtun
|
user
|
into
|
data
|
ECB
|
not
|
via
|
Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB.
tinc 1.0pre3 and 1.0pre4 VPN does not authentic
cut-and-paste
|
authenticate
|
detection
|
forwarded
|
attackers
|
sessions
|
contents
|
possibly
|
without
|
attacks
|
control
|
packets
|
inject
|
10pre4
|
allows
|
remote
|
10pre3
|
which
|
tinc
|
into
|
data
|
user
|
does
|
CBC
|
not
|
VPN
|
via
|
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.
Certain weaknesses in the implementation of ver
implementation
|
weaknesses
|
Kerberos
|
protocol
|
Certain
|
version
|
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
Buffer overflow in the HTML Converter (HTML32.c
Converter
|
overflow
|
Buffer
|
HTML
|
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
InnoMedia VideoPhone allows remote attackers to
Authorization
|
VideoPhone
|
InnoMedia
|
attackers
|
request
|
bypass
|
allows
|
remote
|
Basic
|
HTTP
|
via
|
InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains a trailing / (slash). NOTE: the original report mentioned AXIS 2100 Network Camera, but this was likely a cut-and-paste error.
Internet Explorer on Windows XP does not proper
security-sensitive
|
configuration
|
inconsistent
|
operations
|
"Disable"
|
"Prompt"
|
Explorer
|
Internet
|
properly
|
intended
|
setting
|
Windows
|
enable
|
modify
|
files"
|
user's
|
"Drag
|
which
|
paste
|
user
|
does
|
Drop
|
copy
|
sets
|
may
|
not
|
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
Firefox before 1.0 and Mozilla before 1.7.5 all
Mozilla
|
Firefox
|
before
|
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.
PHP remote file inclusion vulnerability in Czar
vulnerability
|
inclusion
|
attackers
|
parameter
|
arbitrary
|
CzarNews
|
execute
|
allows
|
remote
|
tpath
|
code
|
113b
|
file
|
PHP
|
via
|
PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14.
Unspecified vulnerability in main.php in an uns
vulnerability
|
Development
|
Unspecified
|
Bruinsma"
|
possibly
|
FleXiBle
|
mainphp
|
created
|
Andries
|
"file
|
Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specific vulnerability type. In addition, there is little public information on the named product. Finally, an XSS vector is implied in the subject line, but because there is no other information and evidence of a cut-and-paste error, it will not be assigned a separate CVE identifier unless additional information is provided.
VMware Workstation 5.5.3 34685 does not immedia
Workstation
|
VMware
|
VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems.
VMware Workstation 5.5.3 34685, when the "Enabl
Workstation
|
VMware
|
VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system.
The Find feature in Palm OS Treo smart phones o
information
|
attackers
|
sensitive
|
operates
|
password
|
physical
|
despite
|
feature
|
allows
|
access
|
obtain
|
phones
|
system
|
smart
|
which
|
Find
|
lock
|
Treo
|
Palm
|
The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys.
Software vulnerabilities results 1 to 14 of 14
Page:
1