Lucene search
+L

216 matches found

CVE
CVE
added 2018/10/01 8:0 p.m.55 views

CVE-2018-4001

CVE-2018-4001 affects Atlantis Word Processor 3.2.5.0. The vulnerability is an uninitialized pointer in the Office Open XML parser that handles table rows (TTableRow). A crafted document can cause an uninitialized pointer to be assigned to a stack variable, which is later dereferenced and written...

8.8CVSS7.7AI score0.01456EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/10/01 8:0 p.m.53 views

CVE-2018-4000

Atlantis Word Processor (version 3.2.5.0) contains a double-free vulnerability in its Office Open XML parser. A specially crafted document can cause a TTableRow object to be referenced twice, leading to a double-free when both references are freed. The TALOS/YR details indicate an exploitable pat...

8.8CVSS7.4AI score0.01036EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/10/01 8:0 p.m.23 views

CVE-2018-4000

An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An...

8.8CVSS7.5AI score0.01036EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/10/01 8:0 p.m.21 views

CVE-2018-4001

An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later...

8.8CVSS7.8AI score0.01456EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/10/01 12:0 a.m.5 views

PT-2018-16365 · Atlantis · Atlantis Word Processor

Name of the Vulnerable Software and Affected Versions: Atlantis Word Processor version 3.2.5.0 Description: A double-free vulnerability exists in the Office Open XML parser. This issue can be triggered by a specially crafted document, causing a TTableRow instance to be referenced twice. As a...

8.8CVSS8AI score0.01036EPSS
Exploits1References2
Talos
Talos
added 2018/10/01 12:0 a.m.517 views

Atlantis Word Processor Office Open XML TTableRow double free code execution vulnerability

Summary An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope...

8.8CVSS7.9AI score0.01036EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.530 views

Atlantis Word Processor Office Open XML uninitialized TTableRow code execution vulnerability

Summary An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later...

8.8CVSS7.8AI score0.01456EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2018/09/10 12:0 a.m.6 views

PT-2018-1607 · Atlantis · Atlantis Word Processor

Name of the Vulnerable Software and Affected Versions: Atlantis Word Processor version 3.2.5.0 Description: The issue is related to an uninitialized pointer vulnerability in the Office Open XML parser. It can be triggered by a specially crafted document, causing an uninitialized pointer to be...

10CVSS8.4AI score0.01456EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2018/04/17 12:0 a.m.35 views

Microsoft Office: Protect document metadata for password protected files

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013protectpasswdprotectedfilesmetadata.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Protect document metadata for password protected files Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/04/16 12:0 a.m.30 views

Microsoft Office: Encryption type for password protected Office Open XML files

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013openxmlencryption.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Encryption type for password protected Office Open XML files Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
Prion
Prion
added 2018/02/22 7:29 p.m.20 views

Design/Logic Flaw

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices...

7.5CVSS9.4AI score0.01479EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/09/30 1:29 a.m.5 views

DEBIAN-CVE-2016-4434

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats, a related issue to...

7.8CVSS7.9AI score0.03449EPSS
Exploits0References1
OSV
OSV
added 2017/03/24 2:59 p.m.4 views

UBUNTU-CVE-2017-5644

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service CPU consumption via a specially crafted OOXML file, aka an XML Entity Expansion XEE attack...

5.5CVSS6.8AI score0.04595EPSS
Exploits0References3
OSV
OSV
added 2017/03/24 2:59 p.m.3 views

DEBIAN-CVE-2017-5644

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service CPU consumption via a specially crafted OOXML file, aka an XML Entity Expansion XEE attack...

5.5CVSS7.1AI score0.04595EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/02/02 8:33 p.m.8 views

tika: XML External Entity vulnerability

It was found that the parsing of OOXML, XMP in PDF, and some other file formats by Apache Tika would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XX...

7.8CVSS5.7AI score0.03449EPSS
Exploits0References4
myhack58
myhack58
added 2016/12/03 12:0 a.m.276 views

Hand to hand teach you how to construct the office exploits EXP(fourth period)-bug warning-the black bar safety net

This is a period of vulnerability to share with you is CVE-2015-1641 learning summary, this vulnerability due to its good versatility and stability claims to have replaced the CVE-2012-0158 trend. The vulnerability is a type confusion class of vulnerability, through which you can achieve arbitrar...

9.3CVSS0.4AI score0.99966EPSS
Exploits12
0day.today
0day.today
added 2016/09/07 12:0 a.m.135 views

Adobe ColdFusion < 11 Update 10 - XML External Entity Injection

Exploit for php platform in category web applications ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical...

6.4CVSS0.3AI score0.69044EPSS
Exploits7
Packet Storm
Packet Storm
added 2016/09/07 12:0 a.m.136 views

Adobe ColdFusion 11 XML External Entity Injection

============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical ============================================= I. VULNERABILITY -------------------------...

6.4CVSS0.6AI score0.69044EPSS
Exploits7
BDU FSTEC
BDU FSTEC
added 2016/09/07 12:0 a.m.9 views

The vulnerability of the ColdFusion interpreter allows attackers to read arbitrary files or send TCP requests to servers in the internal network.

The vulnerability of the Office Open XML OOXML file format in ColdFusion is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows an attacker to remotely read arbitrary files or send TCP requests to internal server networks using a specially...

6.4CVSS7.7AI score0.69044EPSS
Exploits7References3
ATTACKERKB
ATTACKERKB
added 2016/09/01 11:59 p.m.8 views

CVE-2016-4264

The Office Open XML OOXML feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity...

8.6CVSS5.6AI score0.69044EPSS
Exploits7References7
Rows per page
Query Builder