216 matches found
CVE-2018-4001
CVE-2018-4001 affects Atlantis Word Processor 3.2.5.0. The vulnerability is an uninitialized pointer in the Office Open XML parser that handles table rows (TTableRow). A crafted document can cause an uninitialized pointer to be assigned to a stack variable, which is later dereferenced and written...
CVE-2018-4000
Atlantis Word Processor (version 3.2.5.0) contains a double-free vulnerability in its Office Open XML parser. A specially crafted document can cause a TTableRow object to be referenced twice, leading to a double-free when both references are freed. The TALOS/YR details indicate an exploitable pat...
CVE-2018-4000
An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An...
CVE-2018-4001
An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later...
PT-2018-16365 · Atlantis · Atlantis Word Processor
Name of the Vulnerable Software and Affected Versions: Atlantis Word Processor version 3.2.5.0 Description: A double-free vulnerability exists in the Office Open XML parser. This issue can be triggered by a specially crafted document, causing a TTableRow instance to be referenced twice. As a...
Atlantis Word Processor Office Open XML TTableRow double free code execution vulnerability
Summary An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope...
Atlantis Word Processor Office Open XML uninitialized TTableRow code execution vulnerability
Summary An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later...
PT-2018-1607 · Atlantis · Atlantis Word Processor
Name of the Vulnerable Software and Affected Versions: Atlantis Word Processor version 3.2.5.0 Description: The issue is related to an uninitialized pointer vulnerability in the Office Open XML parser. It can be triggered by a specially crafted document, causing an uninitialized pointer to be...
Microsoft Office: Protect document metadata for password protected files
This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013protectpasswdprotectedfilesmetadata.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Protect document metadata for password protected files Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks...
Microsoft Office: Encryption type for password protected Office Open XML files
This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013openxmlencryption.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Encryption type for password protected Office Open XML files Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...
Design/Logic Flaw
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices...
DEBIAN-CVE-2016-4434
Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats, a related issue to...
UBUNTU-CVE-2017-5644
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service CPU consumption via a specially crafted OOXML file, aka an XML Entity Expansion XEE attack...
DEBIAN-CVE-2017-5644
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service CPU consumption via a specially crafted OOXML file, aka an XML Entity Expansion XEE attack...
tika: XML External Entity vulnerability
It was found that the parsing of OOXML, XMP in PDF, and some other file formats by Apache Tika would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XX...
Hand to hand teach you how to construct the office exploits EXP(fourth period)-bug warning-the black bar safety net
This is a period of vulnerability to share with you is CVE-2015-1641 learning summary, this vulnerability due to its good versatility and stability claims to have replaced the CVE-2012-0158 trend. The vulnerability is a type confusion class of vulnerability, through which you can achieve arbitrar...
Adobe ColdFusion < 11 Update 10 - XML External Entity Injection
Exploit for php platform in category web applications ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical...
Adobe ColdFusion 11 XML External Entity Injection
============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical ============================================= I. VULNERABILITY -------------------------...
The vulnerability of the ColdFusion interpreter allows attackers to read arbitrary files or send TCP requests to servers in the internal network.
The vulnerability of the Office Open XML OOXML file format in ColdFusion is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows an attacker to remotely read arbitrary files or send TCP requests to internal server networks using a specially...
CVE-2016-4264
The Office Open XML OOXML feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity...