10 matches found
EUVD-2023-0846
Malicious code in bioql PyPI...
CVE-2023-26474
XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds...
CVE-2024-38369
CVE-2024-38369 affects XWiki Platform. The vulnerability arises from the include macro: content from a referenced document is executed with the includer’s rights, not the author’s. This allows a user who can modify the target document to impersonate the content author, effectively enabling privil...
XWiki Platform 安全漏洞
XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that stems from allowing any action to be performed with the privileges of any document author via an annotated document...
Olympic Destroyer Wiper Changes Up Infection Routine
Olympic Destroyer, the wiper malware that briefly disrupted the Winter Olympic Games in South Korea earlier this year, appears to be back with a new first-stage dropper variant. It contains a few significant changes that indicate an evolution for the APT group behind it, according to researchers...
LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
Generates a Malicious ODT File which can be used with auxiliary/server/capture/smb or similar to capture hashes. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'rex/zip' class MetasploitModul...
Foxit Reader Document Object author Attribute Remote Code Execution Vulnerability
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the author attribute of the Document object in Foxit Reader version 8.3.2.25013, where the program fails to adequately validate the existence of an object before...
CVE-2017-16581
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2017-16581
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Word UNC Path Injector
This module modifies a .docx file that will, upon opening, submit stored netNTLM credentials to a remote host. It can also create an empty docx file. If emailed the receiver needs to put the document in editing mode before the remote server will be contacted. Preview and read-only mode do not wor...