Office Security Vulnerabilities
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. This affects an unknown part of the file /control/register_case.php. The manipulation of the argument...
4.7CVSS
7.9AI Score
0.0004EPSS
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /control/addcase_stage.php. The manipulation of the argument cname leads to sql injection. The...
4.7CVSS
7.9AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql...
4.7CVSS
7.9AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file /control/activate_case.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack.....
4.7CVSS
7.9AI Score
0.0004EPSS
A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file /control/deactivate_case.php. The manipulation of the argument id leads to sql injection. The attack may be.....
4.7CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
8.1AI Score
0.001EPSS
Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
9.8CVSS
8.1AI Score
0.009EPSS
7.8CVSS
8.1AI Score
0.001EPSS
8.8CVSS
8.1AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.001EPSS
Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the...
5.4CVSS
7AI Score
0.001EPSS
A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reg_go.php of the component HTTP POST Request Handler. The manipulation of the argument username_reg leads to sql injection. The exploit has....
9.8CVSS
7.8AI Score
0.002EPSS
A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component HTTP POST Request Handler. The manipulation of the argument username_login leads to sql...
9.8CVSS
7.8AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been...
9.8CVSS
7.8AI Score
0.002EPSS
A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access....
7.8CVSS
7.8AI Score
0.001EPSS
5.5CVSS
7.2AI Score
0.001EPSS
6.5CVSS
7.2AI Score
0.001EPSS
5.3CVSS
7.4AI Score
0.001EPSS
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build...
7.3CVSS
7.7AI Score
0.001EPSS
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this...
7.8CVSS
8.1AI Score
0.001EPSS
6.5CVSS
7.3AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.003EPSS
7.8CVSS
7.3AI Score
0.001EPSS
5.4CVSS
7AI Score
0.001EPSS
8.4CVSS
8.6AI Score
0.001EPSS
7CVSS
8.6AI Score
0.0005EPSS
7CVSS
8.6AI Score
0.0005EPSS
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build...
7.8CVSS
8.7AI Score
0.001EPSS
A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this...
7.8CVSS
7.8AI Score
0.001EPSS
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build...
5.5CVSS
7.2AI Score
0.001EPSS
5.5CVSS
5.5AI Score
0.001EPSS
4.3CVSS
5AI Score
0.001EPSS
5.5CVSS
5.4AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
7.3CVSS
7.3AI Score
0.001EPSS
7.5CVSS
7.3AI Score
0.001EPSS
Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build...
7.8CVSS
7.8AI Score
0.0004EPSS
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build...
8.8CVSS
7.8AI Score
0.0004EPSS
Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build...
7.8CVSS
7.8AI Score
0.0004EPSS
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build...
7.8CVSS
7.8AI Score
0.0004EPSS
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50...
5.4CVSS
5.2AI Score
0.0004EPSS
e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt...
9.8CVSS
9.5AI Score
0.003EPSS
e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt...
7.5CVSS
7.6AI Score
0.002EPSS
e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted...
5.3CVSS
5.1AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0...
6.1CVSS
6AI Score
0.0005EPSS
6.5CVSS
6.5AI Score
0.001EPSS