152 matches found
Code injection
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the access code...
Call For Customer Presentations at Black Hat USA 2019!
Tell your security story to your peers at Black Hat USA 2019! Qualys is looking for customers excited to share your security story, for example: How you integrate security into DevOps Best practices for building security into modern enterprises Case studies leveraging the use of the Qualys Cloud...
Shopify: Access to Employee calendar disclosing internal presentation and meetings
Summary During a school research, we found out that some Shopify employees have their google calendar set to public. This discloses some sensitive informations: New hire information due to onsite interviews Internal presentation we found at least one internal presentation that we could access Zoo...
Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
Commix short for command injection exploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related...
The world’s southernmost security conference
When asked about his best race, Ayrton Senna replied that it was when he raced karting cars. For him it was the best because it was only for the sake of sports and free from commercial sponsoring and commercial interests. I have this same feeling about computer security conferences, because they...
Open-Xchange (OX) App Suite SSRF Vulnerability (58874)
Open-Xchange OX App Suite is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Submissions for talks at the 2019 Talos Threat Research Summit are now open
When Cisco Talos launched the first ever Talos Threat Research Summit last year, we never could have anticipated how popular it would be. Tickets sold out quickly, and our inaugural Talos-backed conference was packed in the days leading up to Cisco Live. This year, we are bringing back the Threat...
BlueHat v18 Content Now Available
Last month we wrapped up another great BlueHat event. As an organizer, it is great to hear that the content is so strong that we have participants have to make hard choices on what to attend. BlueHat is about the community we build and the experiences we share. To further support that we are maki...
CVE-2018-17137
Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SEDEBUGPRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions...
CVE-2018-17137
Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SEDEBUGPRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions...
Call for Customer Presentations: Qualys Security Conference 2018
The annual Qualys user conference, QSC18, is quickly approaching, and we are looking for customer presentations showcasing how you use Qualys to enable security best practices and secure your digital transformation. If you would like to be considered as a presenter, please send a session title an...
poi: Parsing of multiple file types can cause a denial of service via infinite loop or out of memory exception
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...
Microsoft Office: Programmatic access for creating online presentations (PowerPoint, Word)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013programmaticcreationonlinepresentation.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Restrict programmatic access for creating online presentations in PowerPoint and Word Authors: Emanuel Moss Copyright:...
Softz Office Demo Easy Module Handles prd prs prv Files with Denial of Service Vulnerability
SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A memory corruption vulnerability exists in the SoftZone Office Presentations module Presentations.exe when processing prd prs prv files. ...
Call For Customer Presentations at Black Hat USA 2018!
Tell your security story to your peers at Black Hat USA 2018! Qualys is looking for customers excited to share their security and DevSecOps successes, best practices for building security into modern enterprises and case studies leveraging the use of the Qualys Cloud Platform. Take the stage in t...
SoftZone office demo prone to null pointer reference vulnerability
SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. RZoffice Presentations.exe has a null pointer reference vulnerability when handling special ppt files. An attacker can exploit the...
SoftZone office demo prone to memory overflow vulnerability
SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A memory overflow vulnerability exists in RZoffice Presentations.exe when processing special ppt files. An attacker can exploit the...
SoftZone office demo prone to null pointer reference vulnerability (CNVD-2018-04281)
SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. RZoffice Presentations.exe has a null pointer reference vulnerability when handling special ppt files. An attacker can exploit the...
SoftZone office demo prone to denial of service vulnerability
SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A denial-of-service vulnerability exists in RZoffice Presentations.exe when processing special ppt files. An attacker can exploit the...
SoftZone office demo prone to denial of service vulnerability (CNVD-2018-04283)
SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A denial-of-service vulnerability exists in RZoffice Presentations.exe when processing special pptx files. An attacker can exploit the...