3 results (0.028 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions. • https://bugzilla.suse.com/show_bug.cgi?id=1197930 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.1EPSS: 4%CPEs: 1EXPL: 0

Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem. Paste Script v1.7.5 y versiones anteriores no ajustan correctamente los miembros del grupo durante la ejecución con privilegios de root, lo que podría permitir a atacantes remotos evitar restricciones de acceso a archivos mediante el aprovechamiento de una aplicación web que utiliza el sistema de ficheros local. • http://groups.google.com/group/paste-users/browse_thread/thread/2aa651ba331c2471 http://rhn.redhat.com/errata/RHSA-2012-1206.html http://secunia.com/advisories/48812 http://secunia.com/advisories/50410 http://www.openwall.com/lists/oss-security/2012/02/23/1 http://www.openwall.com/lists/oss-security/2012/02/23/4 https://bitbucket.org/ianb/pastescript/changeset/a19e462769b4 https://bitbucket.org/ianb/pastescript/pull-request/3/fix-group-permissions-for-pastescriptserve https://bugzi • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound. Varias vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la aplicación paste.httpexceptions en Paste antes de v1.7.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con código 404, en relación con (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, y (4) HTTPNotFound. • http://bitbucket.org/ianb/paste/changeset/fcae59df8b56 http://groups.google.com/group/paste-users/browse_thread/thread/3b3fff3dadd0b1e5?pli=1 http://groups.google.com/group/pylons-discuss/msg/8c256dc076a408d8?dmode=source&output=gplain http://marc.info/?l=oss-security&m=127785414818815&w=2 http://marc.info/?l=oss-security&m=127792576822169&w=2 http://pylonshq.com/articles/archives/2010/6/paste_174_released_addresses_xss_security_hole http://secunia.com/advisories/42500 http://www.securityf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •