Adobe ColdFusion < 11 Update 10 - XML External Entity Injection

Exploit for php platform in category web applications ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical...

Silver Stripe CMS: source code security analysis report

Several vulnerabilities were discovered in SilverStripe Limited 'Silver Stripe CMS' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Incorrect Newlin...

Jetpack for WordPress: source code security analysis report

Several vulnerabilities were discovered in Automatic 'Jetpack for WordPress' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in...

Advanced Module Manager Free extension for Joomla!: source code security analysis report

Several vulnerabilities were discovered in Regular Labs 'Advanced Module Manager Free extension for Joomla!' software: Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when Generating...

Concrete5 CMS: source code security analysis report

Several vulnerabilities were discovered in Portland Labs 'Concrete5 CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions...

JSN PowerAdmin extension for Joomla!: source code security analysis report

Several vulnerabilities were discovered in JoomlaShine 'JSN PowerAdmin extension for Joomla!' software: Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when...

Apache Camel: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Camel' software: Using Synchronization Primitives in EJB components Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources Violating the Java Object Model Using...

MODX Revolution: source code security analysis report

Several vulnerabilities were discovered in MODX 'MODX Revolution' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random...

NUnit: source code security analysis report

Several vulnerabilities were discovered in NUnit.org 'NUnit' software: Использование статических генераторов псевдослучайных чисел в криптографических целях Некорректная фильтрация пользовательского ввода при передаче управления сторонним компонентам Некорректная фильтрация пользовательского ввод...

Joomla!: source code security analysis report

Several vulnerabilities were discovered in Open Source Matters, Inc. 'Joomla!' software: Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML...

Adobe Reader DC AGM Remote Code Execution Vulnerability (CNVD-2016-00227)

Adobe Reader is PDF document reading software. Adobe Reader has a security vulnerability within AGM.dll. The multi-layered construction of the PDF can be forced to hang pointers after the release is important to exploit. An attacker exploiting this vulnerability can execute arbitrary code in the...

word type confusion Vulnerability CVE-2 0 1 5-1 6 4 1 Analysis-vulnerability warning-the black bar safety net

Vulnerability overview This year 4 month, Microsoft patched a named CVE-2 0 1 5-1 6 4 1 word type confusion vulnerability, an attacker can construct the embedded docx rtf documents to attack. word in parsing the docx document processing displacedByCustomXML attribute not customXML object for...

openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0336-1)

Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOfficeorg packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the...

IBM Datacap Taskmaster Capture ActiveX未明安全漏洞

Bugtraq ID:66184 CVE ID:CVE-2014-0879 IBM Datacap Taskmaster Capture可将文档数据输入过程自动化，从而降低成本，提高文档处理效率。 IBM Datacap Taskmaster Capture所使用的ActiveX控件存在未明安全漏洞，允许攻击者利用漏洞构建恶意WEB页，诱使用户解析，执行任意代码。 0 IBM Datacap Taskmaster Capture 8.0.1 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞：...

Oracle Forms Recognition Detection

The remote host has Oracle Forms Recognition installed. Oracle Forms Recognition is a software toolset for processing captured documents and delivering the data to backend systems. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62819; scriptversion"1.9";...

Oracle OpenOffice.org < 3.3 Multiple Vulnerabilities

The version of Oracle OpenOffice.org installed on the remote host is prior to 3.3. It is, therefore, affected by several issues : - Issues exist relating to PowerPoint document processing that may lead to arbitrary code execution. CVE-2010-2935, CVE-2010-2936 - A directory traversal vulnerability...

Microsoft Word Document Parsing Buffer Overflow (MS05-023; CVE-2004-0963)

Microsoft Word is a popular document processing product released by the Microsoft Corporation. A Word document contains values which enable the product to correctly parse the document such as length, count, offset fields and so on. Some of these values are string that represents font name, style,...

RHEL 4 / 5 : firefox (RHSA-2010:0112)

The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0112 advisory. - Mozilla incorrectly frees used memory MFSA 2010-03 CVE-2009-1571 - Mozilla violation of same-origin policy due to properties set on...

CVE-2007-0239

OpenOffice.org OOo Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document...

JustSystems多个产品未明缓冲区溢出漏洞

Justsystem公司包含多个设计通用软件产品。 Justsystem多个产品在处理文档时存在缓冲区溢出攻击，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 Justsystem Sanshiro 2005 Justsystem Ichitaro viewer 4.0 Justsystem Ichitaro Lite2 R2 Justsystem Ichitaro Lite2 0 Justsystem Ichitaro 2006 Justsystem Ichitaro 2005 Justsystem Ichitaro 0 Justsystem...