CVE-2025-65091

The CVE-2025-65091 issue affects the XWiki Full Calendar Macro. Concrete details from connected documents show a SQL injection vulnerability present in versions prior to 2.4.5, exploitable by users with view rights to the Calendar.JSONService page (including guests). The root cause is an injectio...

EUVD-2013-1693

Malware in sbrugna...

Remote Code Execution (RCE)

org.xwiki.rendering:xwiki-rendering-transformation-macro is vulnerable to Remote Code Execution RCE. The vulnerability is due to the macro content parser failing to preserve the restricted attribute in the transformation context, allowing execution of normally forbidden macros like script macros ...

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

CLSA-2023-1701706552 httpd: Fix of 2 CVEs

CVE-2023-27522: modproxyuwsgi: HTTP response splitting - CVE-2023-31122: modmacro: fix out-of-bounds read vulnerability by using own strncmp function...

OESA-2023-1805 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 When a HTTP/2 stream was reset RST frame by a client, there was a...

OESA-2023-1790 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122...

XWiki Platform 信息泄露漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. An information disclosure vulnerability exists in XWiki Platform, which stems from an office document viewer macro that allows anyone to view the contents of any document from a...

CVE-2023-29209

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

Information disclosure

XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included...

GHSA-VXF7-MX22-JR24 org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro

Impact The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be particularly dangerous since in a standard wiki, any user is able to use the html...

CVE-2021-21379 It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the wikimacrocontent executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inje...

VulnCheck KEV: CVE-2008-0081

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490...

GlobalScape - CuteFTP macros '.mcr' Local File Write

Application: GlobalSCAPE CuteFTP V6.0 http://www.globalscape.com/ Risk: Medium / e-mail: [email protected] web: http://www.prohack.net / --The bug: Atacker can create a crafted CuteFTP macro .mcr, and when its loaded in the target computer, it can download the Arbitrary file into the target user...

Microsoft Word Macro Buffer Overflow

Topic: Buffer overflow on Macro structure processing Vulnerable: Microsoft Office 97, Microsoft Office 2000 any service pack Not Vulnerable: Microsoft Office XP Description: During processing of document with embedded macros Microsoft Office family products are vulnerable to buffer overflow...

Microsoft Security Bulletin MS03-035: Flaw in Microsoft Word Could Enable Macros to Run Automatically(827653)

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Flaw in Microsoft Word Could Enable Macros to Run Automatically 827653 Date: September 3, 2003 Software: Microsoft Word 97 Microsoft Word 98 J Microsoft Word 2000 Microsoft Word 2002...

CVE-2001-1158

Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, acceptfw1rdp, which can allow remote attackers to bypass intended restrictions with forged RDP internal protocol headers to UDP port 259 of arbitrary hosts...

CVE-2001-0628

Summary : CVE-2001-0628 affects Microsoft Word 2000. The issue: Word 2000 does not check AutoRecovery (.asd) files for macros, allowing a local attacker to execute arbitrary macros with the Word user’s ID. What’s affected : Word 2000; vulnerability details describe macro execution via unverified ...

CVE-2000-0277

Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language XLM macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability...