Joomla!: source code security analysis report

Several vulnerabilities were discovered in Open Source Matters, Inc. 'Joomla!' software: Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML...

The vulnerabilities of Adobe Acrobat and Adobe Acrobat Document Cloud, as well as Adobe Reader and Adobe Reader Document Cloud, allow a perpetrator to execute arbitrary code.

The vulnerability of the AGM.dll library in PDF editing programs from Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, is caused by a buffer overflow in dynamic memory. Exploiting this vulnerability allows an attack...

Adobe Reader DC AGM Remote Code Execution Vulnerability (CNVD-2016-00227)

Adobe Reader is PDF document reading software. Adobe Reader has a security vulnerability within AGM.dll. The multi-layered construction of the PDF can be forced to hang pointers after the release is important to exploit. An attacker exploiting this vulnerability can execute arbitrary code in the...

word type confusion Vulnerability CVE-2 0 1 5-1 6 4 1 Analysis-vulnerability warning-the black bar safety net

Vulnerability overview This year 4 month, Microsoft patched a named CVE-2 0 1 5-1 6 4 1 word type confusion vulnerability, an attacker can construct the embedded docx rtf documents to attack. word in parsing the docx document processing displacedByCustomXML attribute not customXML object for...

The vulnerability of the microprogramming software of the Cisco ASA security device allows a remote attacker to induce a maintenance failure.

The vulnerability of the microprogramming software of the Cisco ASA security device in the XML processing module when using Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN allows a malicious actor to trigger a service failure a malfunction in the VPN operation or a system restart ...

openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0336-1)

Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOfficeorg packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the...

IBM Datacap Taskmaster Capture ActiveX未明安全漏洞

Bugtraq ID:66184 CVE ID:CVE-2014-0879 IBM Datacap Taskmaster Capture可将文档数据输入过程自动化，从而降低成本，提高文档处理效率。 IBM Datacap Taskmaster Capture所使用的ActiveX控件存在未明安全漏洞，允许攻击者利用漏洞构建恶意WEB页，诱使用户解析，执行任意代码。 0 IBM Datacap Taskmaster Capture 8.0.1 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞：...

Oracle Forms Recognition Detection

The remote host has Oracle Forms Recognition installed. Oracle Forms Recognition is a software toolset for processing captured documents and delivering the data to backend systems. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62819; scriptversion"1.9";...

Oracle OpenOffice.org < 3.3 Multiple Vulnerabilities

The version of Oracle OpenOffice.org installed on the remote host is prior to 3.3. It is, therefore, affected by several issues : - Issues exist relating to PowerPoint document processing that may lead to arbitrary code execution. CVE-2010-2935, CVE-2010-2936 - A directory traversal vulnerability...

Microsoft Word Document Parsing Buffer Overflow (MS05-023; CVE-2004-0963)

Microsoft Word is a popular document processing product released by the Microsoft Corporation. A Word document contains values which enable the product to correctly parse the document such as length, count, offset fields and so on. Some of these values are string that represents font name, style,...

RHEL 4 / 5 : firefox (RHSA-2010:0112)

The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0112 advisory. - Mozilla incorrectly frees used memory MFSA 2010-03 CVE-2009-1571 - Mozilla violation of same-origin policy due to properties set on...

CVE-2007-0239

OpenOffice.org OOo Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document...

JustSystems多个产品未明缓冲区溢出漏洞

Justsystem公司包含多个设计通用软件产品。 Justsystem多个产品在处理文档时存在缓冲区溢出攻击，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 Justsystem Sanshiro 2005 Justsystem Ichitaro viewer 4.0 Justsystem Ichitaro Lite2 R2 Justsystem Ichitaro Lite2 0 Justsystem Ichitaro 2006 Justsystem Ichitaro 2005 Justsystem Ichitaro 0 Justsystem...

Ubuntu 4.10 / 5.04 / 5.10 : xpdf/cupsys/tetex-bin/kdegraphics/koffice vulnerabilities (USN-227-1)

infamous41md discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, tetex-bin, KOffice, and kpdf. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the...

CVE-2005-0063

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host MSHTA, as demonstrated using a...

CVE-2002-0025

Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document...

CVE-2002-0025

Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document...