23 matches found
EUVD-2008-3444
Malware in sbrugna...
CVE-2008-3458
Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory...
CVE-2020-8804
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module...
SUSE SLED12 / SLES12 Security Update : Recommended update for LibreOffice (SUSE-SU-2018:1076-1)
LibreOffice was updated to version 6.0.3. Following new features were added : - The Notebookbar, although still an experimental feature, has been enriched with two new variants: Grouped Bar Full for Writer, Calc and Impress, and Tabbed Compact for Writer. The Special Characters dialog has been...
SUSE-SU-2018:1076-1 Recommended update for LibreOffice
LibreOffice was updated to version 6.0.3. Following new features were added: - The Notebookbar, although still an experimental feature, has been enriched with two new variants: Grouped Bar Full for Writer, Calc and Impress, and Tabbed Compact for Writer. The Special Characters dialog has been...
MS17-014: Description of the security update for Word 2016: March 14, 2017
MS17-014: Description of the security update for Word 2016: March 14, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...
hp.com XSS vulnerability
Vulnerable URL: http://www.hp.com/sbso/solutions/real/assets/mayfieldmailmergecontroller.swf?csConfigFile=http://irc.0x539.xyz/hp.xml Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 320 VIP website status:| Yes...
Improper access control
Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory...
CVE-2008-3458
Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory...
CVE-2008-3458
Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory...
Microsoft Word vulnerable to remote code execution
Overview A remote code execution vulnerability in Microsoft Word can allow a remote attacker to execute arbitrary code via a specially crafted mail merge file. Description Microsoft Word contains a remote code execution vulnerability that can be exploited when a specially crafted mail merge file ...
CVE-2006-3651
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693...
CVE-2002-0619
The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic VBA scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" CVE-2000-0788...
CVE-2002-0619
The CVE-2002-0619 entry concerns Microsoft Word 2002 for Windows, where the Mail Merge Tool—when Microsoft Access is installed—allows remote attackers to run VBA scripts embedded in an HTML mail-merge document. This is identified as a variant of MS00-071 (CVE-2000-0788). Affected component: Word’...
MS02-031: Cumulative patches for Excel and Word for Windows (324458)
The versions of Microsoft Word and Excel installed on the remote host are missing a security update. They are, therefore, affected by multiple vulnerabilities : - A security bypass vulnerability exists in Excel due to improper handling of formatted inline macros that are attached to objects withi...
CVE-2002-0619
The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic VBA scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" CVE-2000-0788...
Microsoft Word Mail Merge vulnerability
Microsoft Word document merged with Access database allows to execute VBA procedures without warning...
dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability
Русская версия этой advisory приведена ниже. Original version of this advisory: http://www.security.nnov.ru/advisories/mailmerge.asp Title: A variant of "Word Mail Merge" vulnerability Authors: ERRor, 3APA3A Date: May, 03 2002 Affected: Office 97, 2000, XP Vendor: Microsoft Risk: Average to high...
CVE-2000-0788
The CVE-2000-0788 family concerns the Mail Merge Tool in Microsoft Word. Connected records describe Word 2000/Word 2002 behavior: when Access is present, the Mail Merge tool can execute Visual Basic (VBA) scripts embedded in a mail-merge document saved as HTML, enabling remote command execution. ...
CVE-2000-0788
The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic VBA scripts in an Access database, which could allow an attacker to execute arbitrary commands...