Design/Logic Flaw

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...

LibreOffice Security Advisory

LibreOffice reports: Two flaws were found in LibreOffice: CVE-2020-12802: remote graphics contained in docx format retrieved in 'stealth mode' CVE-2020-12803: XForms submissions could overwrite local files...

CVE-2019-13358

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format...

Format string

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format...

Hand to hand teach you how to construct the office exploits EXP（fourth period）-bug warning-the black bar safety net

This is a period of vulnerability to share with you is CVE-2015-1641 learning summary, this vulnerability due to its good versatility and stability claims to have replaced the CVE-2012-0158 trend. The vulnerability is a type confusion class of vulnerability, through which you can achieve arbitrar...