256 matches found
Microsoft Word DOCX File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOCX...
Hancom Office 2020 Hword Docx XML parsing heap underflow vulnerability
Talos Vulnerability Report TALOS-2022-1574 Hancom Office 2020 Hword Docx XML parsing heap underflow vulnerability October 4, 2022 CVE Number CVE-2022-33896 SUMMARY A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A...
Exploit for CVE-2022-30190
PoC exploit for CVE-2022-30190, a vulnerability in Microsoft Off...
Exploit for CVE-2022-30190
CVE-2022-30190 Usag...
Exploit for CVE-2022-30190
CVE-2022-30190 Microsoft Office Word Rce 复现CVE-2022-30190...
GHSA-34WJ-P5JM-2P96 Improper Restriction of XML External Entity Reference in python-docx
python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted document...
Improper Restriction of XML External Entity Reference in python-docx
python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted document...
Wholeaked - A File-Sharing Tool That Allows You To Find The Responsible Person In Case Of A Leakage
wholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage. It's written in Go. How? wholeaked gets the file that will be shared and a list of recipients. It creates a unique signature for each recipient and adds it to the file secretly. After then, it ca...
Exploit for Path Traversal in Microsoft
CVE-2021-40444 PoC Malicious docx generator to exploit CVE-20...
Exploit for Path Traversal in Microsoft
This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The exploit is a malicious docx generator that creates a document that, when opened, will execute a malicious DLL file. The exploit is based on some reverse engineering over a...
Exploit for Path Traversal in Microsoft
This repository is a proof-of-concept PoC exploit for CVE-2021-40444, a Microsoft Office Word remote code execution vulnerability. The PoC is a malicious docx generator that creates a document that, when opened, will execute arbitrary code on the victim's system. The PoC consists of several files...
Fedora: Security Advisory for python-docx (FEDORA-2021-aa6ebc01be)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for python-docx (FEDORA-2021-aa54748cd9)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
MANSPIDER - Spider Entire Networks For Juicy Files Sitting On SMB Shares. Search Filenames Or File Content - Regex Supported!
Crawl SMB shares for juicy information. File content searching + regex is supported! File types supported: PDF DOCX XLSX PPTX any text-based format and many more!! MAN-SPIDER will crawl every share on every target system. If provided creds don't work, it will fall back to "guest", then to a null...
Adobe Illustrator DOCX File Parsing Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion o...
Adobe InCopy DOCX File Parsing Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DOC...
Design/Logic Flaw
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...
BurpMetaFinder - Burp Suite Extension For Extracting Metadata From Files
Burp Suite extension for extracting metadata from files Currently supported documents: PDF DOCX PPTX XLSX The project created at Jetbrains has been completely added. Don't forget to change the settings you need. Usage You need to dowload 2 external libraries: pdfbox poi-ooxml To install the...
@openagenda/agenda-docx (>=1.0.2 <=1.2.2), @patrickkeller/fishy-templater (=1.0.0) +30 more potentially affected by CVE-2021-21277 via angular-expressions (>=0.1.0 <=1.0.0)
angular-expressions NPM version =0.1.0, =1.0.2, =1.8.0, =1.0.0, =1.0.0, =0.5.2, =0.7.6, =1.4.0, =0.1.0, =0.2.1 and more Source cves: CVE-2021-21277 Source advisory: OSV:GHSA-J6PX-JWVV-VPWQ...
Pwndoc - Pentest Report Generator
PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like vulnerabilities between users. Documentation Installation Data Vulnerabilitie...