LibreOffice, OpenOffice Security Vulnerabilities

CVE-2012-5639

LibreOffice and OpenOffice automatically open embedded...

Code injection

LibreOffice and OpenOffice automatically open embedded...

CVE-2012-5639

LibreOffice and OpenOffice automatically open embedded...

CVE-2012-5639

LibreOffice and OpenOffice automatically open embedded content Bugs https://bugs.freedesktop.org/show_bug.cgi?id=58295 Notes Author| Note ---|--- jdstrand | seems more like a feature request. LibreOffice prompts the user saying that the document contains links to external data and asks if the...

CVE-2011-2177

OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite...

Code injection

OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite...

Hackers Turn to OpenDocument Format to Avoid AV Detection

Attackers have a new obfuscation technique that uses the OpenDocument file format for sneaking payloads past antivirus software. Past macro-based attacks have relied on malware hitching a ride with .docx, .zip, .jar and many other file formats. But researchers at Cisco Talos said that because...

Open Document format creates twist in maldoc landscape

By Warren Mercer and Paul Rascagneres. Introduction Cisco Talos recently observed attackers changing the file formats they use in an attempt to thwart common antivirus engines. This can happen across other file formats, but today, we are showing a change of approach for an actor who has deemed...

KLA12402 SB vulnerability in OpenOffice

Security bypass vulnerability was found in OpenOffice. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2019-9853 Related products OpenOffice.org CVE list CVE-2019-9853 critical Solution Update to the latest version Download OpenOffice Impacts ...

autocorr, libreoffice, libreofficekit security update

CentOS Errata and Security Advisory CESA-2019:2130 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces...

CentOS 7 : libreoffice (CESA-2019:2130)

An update for libreoffice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...

osTicket 1.12 - Formula Injection Vulnerability

Exploit for php platform in category web...

osTicket 1.12 - Formula Injection

...

osTicket 1.12 - Formula Injection

osTicket 1.12 - Formula...

osTicket 1.12 Formula Injection

...

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab,...

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab,...

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab,...

Design/Logic Flaw

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab,...

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab,...

(RHSA-2019:2130) Low: libreoffice security and bug fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Fedora Update for ckeditor FEDORA-2019-ae7f274d24

The remote host is missing an update for...

Remote Code Execution (RCE)

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Buffer Overflow

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Apache UNO LibreOffice Version: 6.1.2 OpenOffice 4.1.6 API - Remote Code Execution

Apache UNO LibreOffice Version: 6.1.2 OpenOffice 4.1.6 API - Remote Code...

Apache UNO API Remote Code Execution

...

Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution

...

Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution Exploit

...

[SECURITY] Fedora 28 Update: ckeditor-4.11.2-1.fc28

CKEditor is a text editor to be used inside web pages. It's a WYSIWYG edito r, which means that the text being edited on it looks as similar as possible to the results users have when publishing it. It brings to the web common edit ing features found on desktop editing applications like Microsoft.....

[SECURITY] Fedora 29 Update: ckeditor-4.11.2-1.fc29

CKEditor is a text editor to be used inside web pages. It's a WYSIWYG edito r, which means that the text being edited on it looks as similar as possible to the results users have when publishing it. It brings to the web common edit ing features found on desktop editing applications like Microsoft.....

Apache UNO API Remote Code Execution Vulnerability

When Apache OpenOffice and LibreOffice are spawn as an office server, they bind an Apache UNO API that allows for remote code...

Apache OpenOffice < 4.1.6 Virtual Table Arithmetic Overflow

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.6. It is, therefore, affected by an arithmetic overflow flaw related to handling virtual tables. This error could allow code...

Apache OpenOffice Remote Code Execution Vulnerability (Feb 2019) - Windows

Apache OpenOffice Writer is prone to a remote code execution (RCE)...

Apache OpenOffice Remote Code Execution Vulnerability (Feb 2019) - Mac OS X

Apache OpenOffice Writer is prone to a remote code execution (RCE)...

New critical vulnerability discovered in open-source office suites

A great number of attack techniques these days are using Microsoft Office documents to distribute malware. In recent years, there has been serious development on document exploit kit builders, not to mention the myriad of tricks that red-teamers have come up with to bypass security solutions. In...

Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software

It's 2019, and just opening an innocent looking office document file on your system can still allow hackers to compromise your computer. No, I'm not talking about yet another vulnerability in Microsoft Office, but in two other most popular alternatives—LibreOffice and Apache OpenOffice—free,...

LibreOffice and Openoffice Remote Code Execution (CVE-2018-16858)

A remote code execution vulnerability has been reported in LibreOffice and Openoffice. The vulnerability is due to insufficient validation of a link reference in a DOT file when processing events in the application. Successful exploitation of this vulnerability could allow a remote attacker to...

CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length...

CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length...

CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length...

Buffer overflow

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length...

Information Disclosure

libreoffice is vulnerable to information disclosure attacks. The vulnerability exists by exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the...

Denial Of Service (DoS)

libreoffice is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a...

CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length...

KLA12401 DoS vulnerability in OpenOffice

Arithmetic overflow vulnerability was found in OpenOffice. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2018-11790 Related products OpenOffice.org CVE list CVE-2018-11790 critical Solution Update to the latest version Download OpenOffice...

CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length...

Talos Vulnerability Discovery Year in Review - 2018

Introduction Cisco Talos' Vulnerability Discovery Team investigates software and operating system vulnerabilities in order to discover them before malicious threat actors. We provide this information to vendors so that they can create patches and protect their customers as soon as possible. We...

(RHSA-2018:3054) Moderate: libreoffice security and bug fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator

Generates a Malicious ODT File which can be used with auxiliary/server/capture/smb or similar to capture...

Updated libreoffice packages fix security vulnerabilities

The updated packages fix security vulnerabilities: LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. (CVE-2018-6871) sot/source/sdstor/stgstrms.cxx in LibreOffice...