CVE-2014-2778

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted embedded font in a 1 .doc or 2 .docx document, aka "Embedded Font Vulnerability."...

CVE-2014-2778

CVE-2014-2778 affects Word 2007 SP3 and Office Compatibility Pack SP3. It allows remote attackers to execute arbitrary code or cause a denial of service through a crafted embedded font in a .doc/.docx document due to memory corruption. Affected products include Word 2007 SP3 and Office Compatibil...

Microsoft Office Compatibility Pack Remote Code Execution Vulnerability (2969261)

This host is missing an important security update according to Microsoft Bulletin MS14-034. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Office Word File Processing CVE-2014-2778 Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...

KLA10012 Vulnerability in Microsoft Word 2007 & Office Compatibility Pack

An unspecified vulnerability was found in the Word 2007 and Office Compatibility Pack. By exploiting this vulnerability malicious users can execute arbitrary code or cause a denial of service. This vulnerability can be exploited from the network at point related to an unknown application via a...

Design/Logic Flaw

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the 1 Vary: Cookie or 2 Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers...

DSA-2928-1 linux-2.6 - security update

Bulletin has no description...

Instant PDF Password Remover v3.5 - Free PDF Password & Restrictions Removal Tool

Instant PDF Password Remover is the FREE tool to instantly remove Password of protected PDF document. It can remove both User & Owner password along with all PDF file restrictions such as Copy, Printing, Screen Reader etc. Often we receive password protected PDF documents in the form of mobile...

Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (2949660)

This host is missing a critical security update according to Microsoft Bulletin MS14-017. OpenVAS Vulnerability Test $Id: gbmscompatpackms14-017.nasl 6735 2017-07-17 09:56:49Z teissa $ Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities 2949660 Authors: Antu Sanadi Copyright...

Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (2949660)

This host is missing a critical security update according to Microsoft Bulletin MS14-017. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Exploit for Out-of-bounds Read in Openssl

Pacemaker Attempts to abuse OpenSSL clients that are vulnera...

Microsoft Word File Converting CVE-2014-1757 Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...

destoon最新版某敏感功能xss指哪打哪

简要描述： 之前提交过，官方说补了 http://www.wooyun.org/bugs/wooyun-2014-053573 于是我看看修补以后的效果。 详细说明： 这是最新版的过滤富文本xss的函数： 已经解决了之前的问题。用expressi0n替换了expression。看似似乎没问题了。 其实还有各种问题。IE还有一个容错特性，那就是expression，其中加斜杠\，在IE6789上是可以触发的（当然我没测试更高版本）。所以，利用这个特性，可以绕过dsafe函数的过滤。 这时候，我们测试： 照弹无误：...

CVE-2014-1761

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attacker...

Microsoft Word CVE-2014-1761 Remote Memory Corruption Vulnerability

Description Microsoft Word is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...

Ubuntu Update for gtk+3.0 USN-2149-2

Check for the Version of gtk+3.0 OpenVAS Vulnerability Test $Id: gbubuntuUSN21492.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for gtk+3.0 USN-2149-2 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...

Ubuntu: Security Advisory (USN-2149-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS / 12.10 : gtk+3.0 update (USN-2149-2)

USN-2149-1 fixed a vulnerability in librsvg. This update provides a compatibility fix for GTK+ to work with the librsvg security update. It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could...

HackerOne: javascript: and mailto: links are allowed on users' profiles

For user's Profile settings, you accept website URLs like mailto:[email protected] and even javascript:alert1. The Content Security Policy directive in Chrome catches the JavaScript one, but older browsers will almost certainly execute the code, allowing for session stealing or XSS code execution...

[DeviceIOView] View data transfer between a software and device driver

DeviceIOView allows you to watch the data transfer between a software or service and a device driver DeviceIoControl calls. For each call to a device driver, the following information is displayed: Handle, Control Code, number of input bytes, number of output bytes, the name of the device handle,...