Debian DSA-1104-2 : openoffice.org - several vulnerabilities

Loading malformed XML documents can cause buffer overflows in OpenOffice.org, a free office suite, and cause a denial of service or execute arbitrary code. It turned out that the correction in DSA 1104-1 was not sufficient, hence, another update. For completeness please find the original advisory...

Exhibit Engine 1.5 RC 4 - 'photo_comment.php' File Inclusion

' ' EXPLOIT coded by Kacper in Visual Basic ;- ' '::::::::: :::::::::: ::: ::: ::::::::::: ::: ':+: :+: :+: :+: :+: :+: :+: '+:+ +:+ +:+ +:+ +:+ +:+ +:+ '++ +:+ +++:++ ++ +:+ ++ ++ '++ ++ ++ ++ ++ ++ ++ '+ + + +++ + + ' '::::::::::: :::::::::: ::: :::: :::: ' :+: :+: :+: :+: +:+:+: :+:+:+ ' +:+ +...

Exhibit Engine 1.5 RC 4 - photo_comment.php File Inclusion

Exhibit Engine 1.5 RC 4 - photocomment.php File Inclusion ' ' EXPLOIT coded by Kacper in Visual Basic ;- ' '::::::::: :::::::::: ::: ::: ::::::::::: ::: ':+: :+: :+: :+: :+: :+: :+: '+:+ +:+ +:+ +:+ +:+ +:+ +:+ '++ +:+ +++:++ ++ +:+ ++ ++ '++ ++ ++ ++ ++ ++ ++ '+ + + +++ + + ' ':::::::::::...

CVE-2006-4732

Unspecified vulnerability in Microsoft Visual Basic VB 6 has an unknown impact "overflow" via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object...

CVE-2006-4732

The CVE concerns Microsoft Visual Basic 6 (VB6). A vulnerability arises in a project containing a specific Click event procedure (demonstrated with msgbox and VB.Label) that causes an unspecified overflow. The affected component is the VB6 runtime/IDE context where the Click event triggers the ov...

Microsoft Visual Basic for Applications buffer overflow

Buffer oveflow on VBA script parsing...

CVE-2006-3649

CVE-2006-3649 describes a remote code execution vulnerability in Microsoft Visual Basic for Applications (VBA) across VBA SDK 6.0–6.4 used by Office 2000 SP3, Office XP SP3, and related apps. The flaw stems from an improper boundary check / validation of document properties passed to VBA when ope...

VulnCheck KEV: CVE-2006-3649

Buffer overflow in Microsoft Visual Basic for Applications VBA SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute...

Microsoft Security Bulletin MS06-047 Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)

Microsoft Security Bulletin MS06-047 Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution 921645 Published: August 8, 2006 Version: 1.0 Summary Who Should Read this Document: Customers using Microsoft Office applications or applications that use Microsoft...

Microsoft Visual Basic for Applications Document Check Buffer Overflow Vulnerability

Description A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs due to insufficient bounds checking when checking the properties of malicious documents. As a result, a malformed document may be able to trigger a buffer-overflow within the...

Microsoft Visual Basic for Applications buffer overflow

Overview Microsoft Visual Basic for Applications fails to properly validate document properties. This vulnerability could allow a remote attacker to execute arbitrary code. Description Visual Basic For Applications VBA According to Microsoft Security Bulletin MS06-047: Microsoft VBA is a...

MS06-047: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)

The remote host is running a version of Microsoft Visual Basic for Applications that is vulnerable to a buffer overflow when handling malformed documents. An attacker may exploit this flaw to execute arbitrary code on this host by sending a malformed file to a user of the remote host. C Tenable...

CVE-2006-3823

CVE-2006-3823 describes an SQL injection in GeodesicSolutions’ index.php affecting two products: GeoAuctions Premier 2.0.3 and GeoClassifieds Basic 2.0.3. The vulnerability occurs when exploiting the b parameter in index.php, allowing remote attackers to execute arbitrary SQL commands. According ...

CVE-2006-3823

SQL injection vulnerability in index.php in GeodesicSolutions 1 GeoAuctions Premier 2.0.3 and 2 GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter...

OpenOffice.org may fail to recognize embedded Basic macros

Overview The OpenOffice.org team has reported a vulnerability in how the 1.1 and 2.0 versions of OpenOffice.org process basic macros. Description A vulnerability in OpenOffice.org may allow an attacker to inject basic code into documents such that the code will be executed when the document is...

USN-313-2: OpenOffice.org vulnerabilities

USN-313-1 fixed several vulnerabilities in OpenOffice for Ubuntu 5.04 and Ubuntu 6.06 LTS. This followup advisory provides the corresponding update for Ubuntu 5.10. For reference, these are the details of the original USN: It was possible to embed Basic macros in documents in a way that...

Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2006:118)

OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. CVE-2006-2198 An unspecified vulnerability in Java Applets in...

Code injection

OpenOffice.org aka StarOffice 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user...

CVE-2006-2198

OpenOffice.org aka StarOffice 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user...

CVE-2006-2198

OpenOffice.org aka StarOffice 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user...