The vulnerability of the PPT-file processor in Hancom Office software allows a hacker to execute arbitrary code.

The vulnerability of the PPT-file processor in Hancom Office software is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created PPT-file...

Microsoft Office Code Execution Vulnerability

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has a code execution vulnerability that can be exploited by an attacker to execute arbitra...

Security Updates for Microsoft Office Products C2R RCE (January 2024)

A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have acces...

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has a code execution vulnerability that can be exploited by an attacker to execute arbitra...

PT-2023-8269 · Hancom · Hancom Office Show

Name of the Vulnerable Software and Affected Versions: Hancom Office Show affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required, where the target must visit a maliciou...

Microsoft Office Graphics Code Execution Vulnerability

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Common components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office Graphics, which can be exploited by an...

Microsoft Office Spoofing Vulnerability (CNVD-2024-02719)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. Microsoft Office has a spoofing vulnerability that can be exploited by attackers to conduct spoofing...

Chamilo unauthenticated command injection in PowerPoint upload

Chamilo is an e-learning platform, also called Learning Management Systems LMS. This module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below CVE-2023-34960. Due to a functionality called Chamilo Rapid to easily convert PowerPoint...

Chamilo 1.11.18 Command Injection Exploit

This Metasploit module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below. Due to a functionality called Chamilo Rapid to easily convert PowerPoint slides to courses on Chamilo, it is possible for an unauthenticated remote attacker t...

Chamilo 1.11.18 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chamilo unauthenticated command injection in PowerPoint upload', 'Description' = %q Chamilo is an e-learning platform, also called Learning...

Microsoft Office Code Execution Vulnerability (CNVD-2024-02722)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has a code execution vulnerability that can be exploited by an attacker to execute arbitra...

Microsoft PowerPoint 2013 SP1 RCE Vulnerability (KB5002399)

This host is missing an important security update according to Microsoft KB5002399 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Defense-in-Depth Security Updates for Microsoft PowerPoint Products (August 2023)

The Microsoft PowerPoint Products are missing missing defense-in-depth security updates to help improve security-related features. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid179668; scriptversion"1.0"; scriptsetattributeattribute:"pluginmodificationdate",...

Description of the security update for PowerPoint 2013: August 8, 2023 (KB5002399)

Description of the security update for PowerPoint 2013: August 8, 2023 KB5002399 Summary This security update for Microsoft Office provides defense-in-depth updates to help improve security-related features. To learn more about the vulnerability, see Microsoft advisory ADV230003. Note: To apply...

Description of the security update for PowerPoint 2016: August 8, 2023 (KB4504720)

Description of the security update for PowerPoint 2016: August 8, 2023 KB4504720 Summary This security update for Microsoft Office provides defense-in-depth updates to help improve security-related features. To learn more about the vulnerability, see Microsoft advisory ADV230003. Note: To apply...

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

CVE-2023-34960

CVE-2023-34960 affects Chamilo LMS (version 1.11.* up to 1.11.18) with a command-injection vulnerability in the wsConvertPpt component. An unauthenticated SOAP API call using a crafted PowerPoint name can lead to arbitrary OS command execution. Public details indicate a high/critical impact (CVSS...

WordPress Embed Docs - Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Embed Docs - Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor Type Plugin Vulnerable versions = 2.0.3 Fixed in 3.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CV...