76 matches found
SUSE CVE-2017-5992
Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document...
CVE-2021-32012
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service memory consumption via a crafted .xlsx document that is mishandled when read by xlsx.js issue 1 of 2...
PT-2021-3041 · Microsoft · Office Web Apps Server +3
Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Microsoft Excel affected versions not specified Microsoft Office Web Apps Server affected versions not specified Description: T...
The vulnerability of Microsoft Excel spreadsheet editors, Microsoft Office programs, and Microsoft 365 Apps for Enterprise, related to improper handling of objects in memory, allows attackers to execute arbitrary code.
The vulnerability of Microsoft Excel spreadsheet editors, as well as Microsoft Office and Microsoft 365 Apps for Enterprise, is related to improper handling of objects in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
Microsoft Excel .SLK Payload Delivery
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Microsoft Excel .SLK Payload Delivery", 'Description' = %Q This module generates a download and execute Powershell command to be placed in an .SL...
The vulnerability of Excel spreadsheet editors, related to data processing errors, allows attackers to execute arbitrary code.
The vulnerability of Excel spreadsheet editors is related to data processing errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit
If you have already uninstalled Flash player, well done! But if you haven't, here's another great reason for ditching it. Adobe has released a security patch update for a critical vulnerability in its Flash Player software that is actively being exploited in the wild by hackers in targeted attack...
UBUNTU-CVE-2017-2924
An exploitable heap-based buffer overflow vulnerability exists in the readlegacybiff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability...
UBUNTU-CVE-2017-2923
An exploitable heap based buffer overflow vulnerability exists in the 'readbiffnextrecord function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability...
[SECURITY] Fedora 28 Update: freexl-1.0.5-1.fc28
FreeXL is a library to extract valid data from within an Excel spreadsheet .xls Design goals: simple and lightweight stable, robust and efficient easily and universally portable completely ignore any GUI-related oddity...
[SECURITY] Fedora 27 Update: freexl-1.0.5-1.fc27
FreeXL is a library to extract valid data from within an Excel spreadsheet .xls Design goals: simple and lightweight stable, robust and efficient easily and universally portable completely ignore any GUI-related oddity...
Denial of Service Vulnerability in WPS Forms (CNVD-2018-03670)
WPS office is an office software suite independently developed by Kingsoft Corporation. A denial of service vulnerability exists in WPS Formset.exe in WPS when parsing a specific xls file, which can be exploited by an attacker to cause a denial of service...
UBUNTU-CVE-2017-2897
An exploitable out-of-bounds write vulnerability exists in the readMSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability...
UBUNTU-CVE-2017-2896
An exploitable out-of-bounds write vulnerability exists in the xlsmergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability...
Memory Corruption Vulnerability in WPS Forms (CNVD-2017-34137)
WPS Office is an office software suite developed independently by Kingsoft Corporation. A memory corruption vulnerability exists in the kso module of formset.exe in WPS when parsing a specific xls file, which can be exploited by an attacker to cause a denial of service or code execution...
CVE-2017-14971
Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel...
Design/Logic Flaw
Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel...
[SECURITY] Fedora 27 Update: freexl-1.0.4-1.fc27
FreeXL is a library to extract valid data from within an Excel spreadsheet .xls Design goals: simple and lightweight stable, robust and efficient easily and universally portable completely ignore any GUI-related oddity...
[SECURITY] Fedora 25 Update: freexl-1.0.4-1.fc25
FreeXL is a library to extract valid data from within an Excel spreadsheet .xls Design goals: simple and lightweight stable, robust and efficient easily and universally portable completely ignore any GUI-related oddity...
[SECURITY] Fedora 26 Update: freexl-1.0.4-1.fc26
FreeXL is a library to extract valid data from within an Excel spreadsheet .xls Design goals: simple and lightweight stable, robust and efficient easily and universally portable completely ignore any GUI-related oddity...