Microsoft Office: Suppress hyperlink warnings

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013hyperlinkwarnings.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Suppress hyperlink warnings Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program ...

Apple Preps ChaiOS iMessage Bug Fix for Next Week

UPDATE The so-called ChaiOS message bug identified this week in Apple iOS devices will receive a fix with the rollout of the update for iOS 11.2.5, expected next week. The update will address a flaw software developer Abraham Masri publicly identified in a tweet earlier this week, according to...

CVE-2018-5195

Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document...

CVE-2018-5195

Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document...

Buffer overflow

Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document...

CVE-2018-5195

Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document...

GHSA-X7P2-X2J6-MWHR Gemirro Stored XSS in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to bui...

Decoy Microsoft Word document delivers malware through a RAT

In this post, we take a look at a Microsoft Word document which itself is somewhat clean, but is used to launch a multi-stage attack that relies on the hyperlink feature in the OpenXML format. This then loads another document that contains an exploit. Most malicious Microsoft Office documents...

Design/Logic Flaw

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the...

CVE-2017-12224

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the...

CVE-2017-12224

CVE-2017-12224 affects Cisco Meeting Server. The issue is the incorrect implementation of the configuration setting Guest access via hyperlinks, allowing an authenticated, remote attacker to join a meeting via a crafted hyperlink even when access should be denied. The attacker would still need a ...

Cisco Meeting Server Guest Hyperlink Information Disclosure Vulnerability

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the...

CVE-2015-6942

Cross-site scripting XSS vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment...

CVE-2015-6942

Cross-site scripting XSS vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment...

shop.hyperlink.ba XSS vulnerability

Vulnerable URL: http://shop.hyperlink.ba/product.php?item=19101%22%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 03.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...

Stored XSS in "gemirro" via injection in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in Gemirro allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to build a gem for...

RSA Login Links Do Not Show as Hyperlinks in E-mail in Secure Mail

Secure mail app is unable to open hyperlinks from RSA site. The app is capable of opening other URL links but not this hyperlink. com.rsa.securid://ctf?ctfData=12345...... It shows up as regular text instead of a hyperlink...

Security vulnerabilities fixed in Thunderbird 52.1 — Mozilla

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability occurs during transaction processing in t...

Unpatched SMB Zero Day Easily Exploitable

In what’s turning out to be the zero day that keeps on giving, researchers are still finding ways to exploit an unpatched denial of service vulnerability that exists in the way Windows implements the Server Message Block protocol. Details around the bug aren’t a mystery. Laurent Gaffié, the...

RoundCube Webmail Cross-Site Scripting Vulnerability (CNVD-2016-13003)

RoundCube Webmail is a browser-based IMAP client mail client that supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in versions of Roundcube Webmail prior to 1.2.0. A remote attacker can exploit this vulnerability to inject...