12 matches found
CVE-2023-22037
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: MS Excel Specific. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...
Design/Logic Flaw
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: MS Excel Specific. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...
HackerOne: CSV injection in the credentials export
Summary: Hello team! We have found out that a hacker can inject malicious excel formulas into the credentials details which will be executed when program user exports the credentials details via https://hackerone.com/hackeroneh1pbbp3/credentials - export credentials and opens this CSV using MS...
Security Update for Microsoft Excel 2016 (KB4092460) 64-Bit Edition
A security vulnerability exists in Microsoft Excel 2016 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...
Microsoft Excel - OLE Arbitrary Code Execution
Title: MS Office Excel all versions Arbitrary Code Execution Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007,2010,2013,2016 32/64 bits x86 and x64 Tested on: Windows...
Zendesk: Chat History CSV Export Excel Injection Vulnerability
I have found a vulnerability in the Chat History export function. If an attacker submits a special name containing a system command when chatting with an agent and that agent later exports the history of that chat to CSV, the resulting CSV may execute commands when opened. I have tested this usin...
[SECURITY] Fedora 20 Update: apache-poi-3.10.1-2.fc20
The Apache POI Project's mission is to create and maintain Java APIs for manipulating various file formats based upon the Office Open XML standards OOXML and Microsoft's OLE 2 Compound Document format OLE2. In short, you can read and write MS Excel files using Java. In addition, you can read and...
[SECURITY] Fedora 21 Update: apache-poi-3.10.1-1.fc21
The Apache POI Project's mission is to create and maintain Java APIs for manipulating various file formats based upon the Office Open XML standards OOXML and Microsoft's OLE 2 Compound Document format OLE2. In short, you can read and write MS Excel files using Java. In addition, you can read and...
[SECURITY] Fedora 17 Update: apache-poi-3.8-2.fc17
The Apache POI Project's mission is to create and maintain Java APIs for manipulating various file formats based upon the Office Open XML standards OOXML and Microsoft's OLE 2 Compound Document format OLE2. In short, you can read and write MS Excel files using Java. In addition, you can read and...
Fedora Update for apache-poi FEDORA-2012-7686
Check for the Version of apache-poi OpenVAS Vulnerability Test Fedora Update for apache-poi FEDORA-2012-7686 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
Fedora 8 : phpMyAdmin-2.11.8.1-1.fc8 (2008-6810)
This update solves PMASA-2008-6 phpMyAdmin security announcement from 2008-07-28: Cross-site Framing; XSS in setup.php; see http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2008-6 - interface Table list pagination in navi - profiling Profiling causes query to be executed again really...
[Full-disclosure] [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Microsoft Excel Named Range Arbitrary Code Execution Classification: =============== Level: low-med-HIGH-crit ID: HEXVIEW200603141 URL: http://www.hexview.com/docs/20060314-1.txt References: =============== Originally published by fearwall on eBay CVE...