Lucene search
+L

256 matches found

Zero Day Initiative
Zero Day Initiative
added 2022/10/14 12:0 a.m.76 views

Microsoft Word DOCX File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOCX...

7.8CVSS5.6AI score0.01509EPSS
Exploits0References1
Talos
Talos
added 2022/10/04 12:0 a.m.32 views

Hancom Office 2020 Hword Docx XML parsing heap underflow vulnerability

Talos Vulnerability Report TALOS-2022-1574 Hancom Office 2020 Hword Docx XML parsing heap underflow vulnerability October 4, 2022 CVE Number CVE-2022-33896 SUMMARY A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A...

7.8CVSS8AI score0.00516EPSS
Exploits1
GithubExploit
GithubExploit
added 2022/06/02 12:33 p.m.524 views

Exploit for CVE-2022-30190

PoC exploit for CVE-2022-30190, a vulnerability in Microsoft Off...

9.3CVSS7.7AI score0.99374EPSS
Exploits62
GithubExploit
GithubExploit
added 2022/06/01 10:13 a.m.143 views

Exploit for CVE-2022-30190

CVE-2022-30190 Usag...

9.3CVSS8.6AI score0.99374EPSS
Exploits62
GithubExploit
GithubExploit
added 2022/05/31 12:15 p.m.6 views

Exploit for CVE-2022-30190

CVE-2022-30190 Microsoft Office Word Rce 复现CVE-2022-30190...

9.3CVSS8.9AI score0.99374EPSS
Exploits90
OSV
OSV
added 2022/05/13 1:6 a.m.43 views

GHSA-34WJ-P5JM-2P96 Improper Restriction of XML External Entity Reference in python-docx

python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted document...

8.8CVSS7.2AI score0.02354EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2022/05/13 1:6 a.m.19 views

Improper Restriction of XML External Entity Reference in python-docx

python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted document...

8.8CVSS5.9AI score0.02354EPSS
Exploits0References13Affected Software1
Kitploit
Kitploit
added 2022/04/11 12:30 p.m.39 views

Wholeaked - A File-Sharing Tool That Allows You To Find The Responsible Person In Case Of A Leakage

wholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage. It's written in Go. How? wholeaked gets the file that will be shared and a list of recipients. It creates a unique signature for each recipient and adds it to the file secretly. After then, it ca...

7AI score
Exploits0References2
GithubExploit
GithubExploit
added 2021/11/22 1:29 p.m.164 views

Exploit for Path Traversal in Microsoft

CVE-2021-40444 PoC Malicious docx generator to exploit CVE-20...

8.8CVSS7.7AI score0.96843EPSS
Exploits38
Gitee
Gitee
added 2021/11/06 3:51 a.m.9 views

Exploit for Path Traversal in Microsoft

This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The exploit is a malicious docx generator that creates a document that, when opened, will execute a malicious DLL file. The exploit is based on some reverse engineering over a...

8.8CVSS7.9AI score0.96843EPSS
Exploits38
Gitee
Gitee
added 2021/09/12 12:47 p.m.7 views

Exploit for Path Traversal in Microsoft

This repository is a proof-of-concept PoC exploit for CVE-2021-40444, a Microsoft Office Word remote code execution vulnerability. The PoC is a malicious docx generator that creates a document that, when opened, will execute arbitrary code on the victim's system. The PoC consists of several files...

8.8CVSS8.4AI score0.96843EPSS
Exploits38
OpenVAS
OpenVAS
added 2021/08/19 12:0 a.m.14 views

Fedora: Security Advisory for python-docx (FEDORA-2021-aa6ebc01be)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.9AI score0.02354EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/08/19 12:0 a.m.12 views

Fedora: Security Advisory for python-docx (FEDORA-2021-aa54748cd9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.9AI score0.02354EPSS
Exploits0References2
Kitploit
Kitploit
added 2021/07/19 9:30 p.m.50 views

MANSPIDER - Spider Entire Networks For Juicy Files Sitting On SMB Shares. Search Filenames Or File Content - Regex Supported!

Crawl SMB shares for juicy information. File content searching + regex is supported! File types supported: PDF DOCX XLSX PPTX any text-based format and many more!! MAN-SPIDER will crawl every share on every target system. If provided creds don't work, it will fall back to "guest", then to a null...

7.2AI score
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2021/05/13 12:0 a.m.56 views

Adobe Illustrator DOCX File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion o...

7.8CVSS5AI score0.0388EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2021/05/13 12:0 a.m.48 views

Adobe InCopy DOCX File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DOC...

7.8CVSS5.2AI score0.05371EPSS
Exploits0References1
Prion
Prion
added 2021/03/01 4:15 p.m.16 views

Design/Logic Flaw

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...

7.5CVSS9.7AI score0.11763EPSS
Exploits1References6Affected Software1
Kitploit
Kitploit
added 2021/02/02 11:30 a.m.147 views

BurpMetaFinder - Burp Suite Extension For Extracting Metadata From Files

Burp Suite extension for extracting metadata from files Currently supported documents: PDF DOCX PPTX XLSX The project created at Jetbrains has been completely added. Don't forget to change the settings you need. Usage You need to dowload 2 external libraries: pdfbox poi-ooxml To install the...

7.3AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/02/01 3:1 p.m.3 views

@openagenda/agenda-docx (>=1.0.2 <=1.2.2), @patrickkeller/fishy-templater (=1.0.0) +30 more potentially affected by CVE-2021-21277 via angular-expressions (>=0.1.0 <=1.0.0)

angular-expressions NPM version =0.1.0, =1.0.2, =1.8.0, =1.0.0, =1.0.0, =0.5.2, =0.7.6, =1.4.0, =0.1.0, =0.2.1 and more Source cves: CVE-2021-21277 Source advisory: OSV:GHSA-J6PX-JWVV-VPWQ...

8.8CVSS7.2AI score0.0273EPSS
Exploits0
Kitploit
Kitploit
added 2020/10/21 11:30 a.m.1522 views

Pwndoc - Pentest Report Generator

PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like vulnerabilities between users. Documentation Installation Data Vulnerabilitie...

7.5AI score
Exploits0References6
Rows per page
Query Builder