Security Updates for Microsoft Office Products C2R (October 2020)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the...

CVE-2019-16957

SolarWinds Web Help Desk 12.7.0 is affected by a Cross‑Site Scripting (XSS) vulnerability that can be triggered via the First Name field of a User Account. The issue is documented in CVE-2019-16957 and is consistently described across multiple feeds (NVD, Red Hat, CNVD, CVE lists). The connected ...

CVE-2020-16957

CVE-2020-16957 is a Microsoft Office vulnerability in the Office Access Connectivity Engine where objects in memory are mishandled, enabling remote code execution if a user opens a crafted file. The root cause is improper handling of in-memory objects. Affected product area: the Office Access Con...

CVE-2020-16957 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

...

Security Updates for Microsoft Office Products (October 2020)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the...

CVE-2018-16957

Oracle WebCenter Interaction 10.3.3 search service’s queryd.exe is built with a hardcoded password (i1g2s3c4) used for authentication, and customers cannot customize this credential. A remote attacker could issue search queries over the network to exfiltrate large amounts of sensitive information...

TP-Link 路由器命令注入漏洞(CVE-2017-16957)

0x01 背景 TP-Link TL-WVR 等都是中国普联（TP-LINK）公司的无线路由器产品。 多款 TP-Link 系列产品存在命令注入漏洞，攻击者在登录后可发送恶意字段，经拼接后导致任意命令执行。 该漏洞由 coincoin7 发现，漏洞编号 CVE-2017-16957 0x02 受影响产品 TP-LINK TL-WVR 系列 TP-LINK TL-WAR 系列 TP-LINK TL-ER 系列 TP-LINK TL-R 系列 0x03 漏洞分析 根据原文提供的链接，下载了 TL-WVR450L 的固件，使用 binwalk 解包，拿到 squashfs 系统文件，再用...

CVE-2017-16957

CVE-2017-16957 affects TP-Link TL-WVR, TL-WAR, TL-ER and TL-R devices. A remote authenticated attacker can inject shell metacharacters via the iface field in the admin/diagnostic interface (cgi-bin/luci) that calls zone_get_effect_devices in /usr/lib/lua/luci/controller/admin/diagnostic.lua, trig...

Hummingbird Connectivity 10 SP5 LPD Buffer Overflow

No description provided by source. $Id: hummingbirdexceed.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

Hummingbird Connectivity 10 SP5 LPD Buffer Overflow

This module exploits a stack buffer overflow in Hummingbird Connectivity 10 LPD Daemon. This module has only been tested against Hummingbird Exceed v10 with SP5. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Hummingbird InetD LPD buffer overflow

Added: 11/29/2005 CVE: CVE-2005-1815 BID: 13788 OSVDB: 16957 Background Hummingbird InetD implements common UNIX services on Windows platforms. Problem The Hummingbird InetD LPD service is affected by a buffer overflow which allows remote command execution. Resolution Apply the patch. References...

Hummingbird InetD LPD buffer overflow

Added: 11/29/2005 CVE: CVE-2005-1815 BID: 13788 OSVDB: 16957 Background Hummingbird InetD implements common UNIX services on Windows platforms. Problem The Hummingbird InetD LPD service is affected by a buffer overflow which allows remote command execution. Resolution Apply the patch. References...