177 matches found
EUVD-2023-31141
Malicious code in bioql PyPI...
EUVD-2023-36785
Malicious code in bioql PyPI...
CVE-2024-10833
CVE-2024-10833 affects eosphoros-ai/db-gpt v0.6.0. The vulnerability is an absolute path traversal in the knowledge API’s file upload endpoint (knowledge/{space_name}/document/upload), where the user-controllable parameter doc_file.filename enables arbitrary file writes to locations on the target...
Yunfan Learning Examination System 安全漏洞
Yunfan Learning Examination System is an examination application from China Yunfan Yunfan Company. A security vulnerability exists in Yunfan Learning Examination System version 1.9.2, which stems from some unknown processing of the file /doc.html that can lead to improper authorization...
CVE-2024-39395 Adobe Indesign 2024 DOC File Parsing Null Pointer Dereference
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service DoS. An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue...
Microsoft Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC...
CVE-2023-51598 Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability
Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Word. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2023-51598
CVE-2023-51598 is a Use-After-Free vulnerability in Hancom Office Word related to DOC file parsing. The flaw arises from not validating the existence of an object before performing operations on it, enabling an attacker to execute code in the context of the current process. Exploitation requires ...
CVE-2023-27365
Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must...
CVE-2023-27365 Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability
Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must...
CVE-2023-27365 Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability
Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must...
CVE-2023-32541
A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability...
PT-2023-23864 · Hancom · Hancom Office 2020 Hword
Name of the Vulnerable Software and Affected Versions: Hancom Office 2020 HWord version 11.0.0.7520 Description: A use-after-free issue exists in the footerr functionality. This can be triggered by a specially crafted .doc file, potentially allowing an attacker to exploit the vulnerability by...
SUSE CVE-2005-3239
The OLE2 unpacker in clamd in Clam AntiVirus ClamAV 0.87-1 allows remote attackers to cause a denial of service segmentation fault via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2walkpropertytree function...
SUSE CVE-2013-2189
Apache OpenOffice.org OOo before 4.0 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via invalid PLCF data in a DOC document file...
The vulnerability of the PDF-XChange PDF document viewing and editing program, related to the occurrence of operations outside the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of the PDF document viewing and editing software PDF-XChange lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created malicious DOC file from a remote location...
Ubuntu: Security Advisory (USN-374-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2022-4479 · Pdf Xchange · Pdf-Xchange Editor
Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: The issue is related to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code using a specially crafted malicious Doc file. User interaction is...
Design/Logic Flaw
Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issu...
Design/Logic Flaw
Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issu...