VulnCheck KEV: CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland

Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023,...

Malicious campaigns target government, military and civilian entities in Ukraine, Poland

Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are very likely aimed at stealing information and gaining persistent remote access. The activity we...

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A security vulnerability exists in Microsoft Office. An attacker exploiting this vulnerabilit...

PT-2023-25076 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11. through 1.11.18 Description: A command injection issue in the wsConvertPpt component allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. Recommendations: For Chamilo versio...

May 2, 2023, update for PowerPoint 2013 (KB4504725)

May 2, 2023, update for PowerPoint 2013 KB4504725 This article describes update 4504725 for Microsoft PowerPoint 2013 that was released on May 2, 2023. This update also applies to Office Home and Student 2013 RT.Be aware that the update in the Microsoft Download Center applies to the Microsoft...

April 11, 2023—KB5025230 (OS Build 20348.1668)

April 11, 2023—KB5025230 OS Build 20348.1668 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when...

March 28, 2023—KB5023774 (OS Build 22000.1761) Preview

March 28, 2023—KB5023774 OS Build 22000.1761 Preview NEW 3/28/23 IMPORTANT Starting in April 2023, optional, non-security preview updates will release on the fourth Tuesday of the month. For more information, see Windows monthly updates explained. For information about Windows update terminology,...

March 28, 2023—KB5023778 (OS Build 22621.1485) Preview

March 28, 2023—KB5023778 OS Build 22621.1485 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to...

CVE-2023-23707

CVE-2023-23707 affects Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin (<= 2.7.1). Root cause: improper input neutralization enabling stored XSS via uploaded SVG and HTML files. Public details from Patchstack confirm the vulnerable versions and that a f...

WordPress Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23707 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership...

SUSE CVE-2006-6120

Integer overflow in the KPresenter import filter for Microsoft PowerPoint files filters/olefilters/lib/klaola.cc in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow...

SUSE CVE-2010-2935

simpress.bin in the Impress module in OpenOffice.org OOo 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PowerPoi...

SUSE CVE-2010-2936

Integer overflow in simpress.bin in the Impress module in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow...

SUSE CVE-2012-2334

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org OOo 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoi...

The vulnerability of the UAX200.dll library in the Corel Presentations presentation preparation and viewing software allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the UAX200.dll library in Corel Presentations’ presentation preparation and viewing software is related to reading data beyond the buffer boundaries. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information through a specially...

The vulnerability of the IPPP82.FLT module of the Corel Presentations presentation preparation and viewing software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the IPPP82.FLT module in the Corel Presentations preparation and presentation software relates to reading data beyond the buffer boundaries. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information using a specially crafted PPT fi...

Microsoft Office Graphics remote code execution vulnerability (CNVD-2022-89423)

Microsoft Office is an office software suite product of the United States Microsoft Corporation Microsoft. Common components of the product include Word, Excel, Access, Powerpoint, FrontPage, etc. A remote code execution vulnerability exists in Microsoft Office Graphics. An attacker could exploit...

Security Updates for Microsoft Office Products (Nov 2022) (macOS)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability in Microsoft Word. CVE-2022-41061 - A remote code execution vulnerability in Microsoft Office Graphics. CVE-2022-41107 Note that Nessus has n...

Vulnerability of Microsoft Office packages, 365 Apps for Enterprise, and Microsoft PowerPoint presentation preparation programs, related to memory usage after its release, allowing attackers to execute arbitrary code.

The vulnerabilities of Microsoft Office packages, 365 Apps for Enterprise, and Microsoft PowerPoint presentation software are related to the use of memory after it is released. Exploiting these vulnerabilities can allow attackers to execute arbitrary code using a specially created malicious file...