Dropbox Patches Shared Links Privacy Vulnerability

Dropbox has acknowledged and disabled a vulnerable shared links feature that exposed documents stored by the service to third parties. Shared links are a collaboration feature that allows user, especially in a business environment, to share and edit documents. Dropbox rival Intralinks reported th...

Use of the referrer header on the error page for Crucible can enable XSS attacks

If the referrer header is manipulated and an error condition is triggered, the user will be displayed the error page in FeCru, which includes the manipulated referrer value on the page as a link. The use of the referrer header value directly as the target of a hyperlink can result in the user...

Use of the referrer header on the error page for Crucible can enable XSS attacks

If the referrer header is manipulated and an error condition is triggered, the user will be displayed the error page in FeCru, which includes the manipulated referrer value on the page as a link. The use of the referrer header value directly as the target of a hyperlink can result in the user...

Respondly: XSS via Email Link

Hey, So, we can send emails to team email address like - [email protected] . In the email body if there is a hyperlink pointing to javascript:alert0; or any other javascript: URI then open viewing the email in your web application with original HTML view and then on clicking it will trigger...

Cybozu Live for Android vulnerable in the WebView class

Overview Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN77393797. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported...

SuSE 11.2 Security Update : LibreOffice (SAT Patch Number 6804)

LibreOffice was updated to SUSE 3.5 bugfix release 13 based on upstream 3.5.6-rc2 which fixes a lot of bugs. The following bugs have been fixed : - polygon fill rule. bnc759172 - open XML in Writer. bnc777181 - undo in text objects fdo36138 - broken numbering level. bnc760019 - better MathML...

ICQ 6.5 URL Search Hook (Windows Explorer) Remote BOF PoC

No description provided by source. ?php / ICQ 6.5 URL Search Hook/ICQToolBar.dll .URL file processing Windows Explorer remote buffer overflow poc by Nine:Situations:Group::pyrokinesis site: http://retrogod.altervista.org/ If the resulting file is placed on the desktop, against ex. xp sp3 process...

ICQ 6.5 - URL Search Hook (Windows Explorer) Remote Buffer Overflow (PoC)

ICQ 6.5 - URL Search Hook Windows Explorer Remote Buffer Overflow PoC g f44.104: Access violation - code c0000005 !!! second chance !!! eax=02100068 ebx=772a23c1 ecx=0210cefa edx=00000823 esi=00610061 edi=00000000 eip=772a533f esp=0210cec0 ebp=0210cec4 iopl=0 nv up ei pl nz na po nc cs=001b ss=00...

squirrelmail: XSS issue caused by an insufficient html mail sanitation

Cross-site scripting XSS vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message...

Security Update for Microsoft Outlook 2002 (KB946985)

A security vulnerability exists in Microsoft Outlook 2002 that could allow arbitrary code to run when you click on a maliciously modified hyperlink. This update resolves that vulnerability...

Security Update for Microsoft Office Outlook 2007 (KB946983)

A security vulnerability exists in Microsoft Office Outlook 2007 that could allow arbitrary code to run when you click on a maliciously modified hyperlink. This update resolves that vulnerability...

DEBIAN-CVE-2008-0668

The excelreadHLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow...

Debian Security Advisory DSA 158-1 (gaim)

The remote host is missing an update to gaim announced via advisory DSA 158-1. OpenVAS Vulnerability Test $Id: deb1581.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 158-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 158-1 (gaim)

The remote host is missing an update to gaim announced via advisory DSA 158-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Office unsigned data

Metadata file and hyperlink desination is not signed on document signing...

vbultop-xss.txt

+-------------------------------------------------------------------- + + New post Topic Hijacking XSS All vBulletin® v 3.x.x + +-------------------------------------------------------------------- + vendor site........: http://www.vbulletin.com/ + Affected Software .: vbulletin + Class...

Important: Red Hat Security Advisory: openoffice.org security update

Updated openoffice.org packages to correct security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such...

PT-2006-6462 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Firefox version 1.5.0.7 Description: A potential issue allows remote attackers to cause a denial of service, resulting in a crash, via a long URL in an A tag. However, this issue has been disputed by several vendors who could not reproduce th...

Microsoft超级链接对象库函数溢出漏洞（MS06-050）

Microsoft Windows是微软发布的非常流行的WEB浏览器。 Microsoft Windows的超链接对象库（hlink.dll）中存在远程执行代码漏洞，成功利用此漏洞的攻击者可以完全控制受影响的系统。 要利用此漏洞，需要进行用户交互。 如果超级链接对象库在处理超链接时使用包含畸形的函数的文件，就会出现这个问题。攻击者可以通过构建恶意超链接来利用此漏洞。如果用户单击网站、Office文件或电子邮件中的恶意链接，可能会导致允许远程执行代码。 Microsoft Windows XP SP2 Microsoft Windows XP SP1 Microsoft Windows...

CVE-2006-3438

Unspecified vulnerability in Microsoft Hyperlink Object Library hlink.dll, possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object...