CVE-2010-2477

CVE-2010-2477 involves multiple XSS vulnerabilities in the paste.httpexceptions implementation of Paste before 1.7.4, enabling remote injection of script/HTML via 404-related vectors. Affected components include paste.urlparser.StaticURLParser, paste.urlparser.PkgResourcesParser, paste.urlmap.URL...

CVE-2012-0878

CVE-2012-0878 affects Paste Script 1.7.5 and earlier. The root cause is improper setting of group memberships during execution with root privileges, which could allow a remote attacker to bypass file-access restrictions when a web application uses the local filesystem. Public details indicate the...