Microsoft Office 265 Remote Code Execution

CVE-2024-30104 The problem is still in the "docx" files this vulnerability is a 0 day based on the Follina exploit. The Microsoft company still doesn't want to understand, that they MUST remove macros options from the 365 Office and their offline app. In this video, you will see an example of thi...

Information disclosure

XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included...

CVE-2023-26471 XWiki Platform users may execute anything with superadmin right through comments and async macro

XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled, but the async macro does not take into account the restricted mode. This means that any user with...

A week in security (July 12 – July 18)

Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global domination Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday Is crypto’s criminal rollercoaster...