EUVD-2020-21916

Malware in sbrugna...

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

SmokeLoader Malware Exploits MS Office Flaws to Steal Browser Credentials

SmokeLoader malware has resurfaced with enhanced capabilities and functionalities, targeting your personal data...

Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine

A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts. The attack chain, per Fortinet FortiGuard Labs, involves a Microsoft Excel file that carries an embedded VBA macro to initia...

PHPJabbers Shuttle Booking Software 2.0 CSV Injection

Exploit Title: PHPJabbers Shuttle Booking Software v2.0 - CSV Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: v2.0 Tested on: Windows 10...

PHPJabbers Car Rental 3.0 CSV Injection

Exploit Title: PHPJabbers Car Rental v3.0 - CSV Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-rental-script/ Version: v3.0 Tested on: Windows 10, Windows 11, MS Offi...

[SECURITY] [DLA 3426-3] netatalk regression update

Debian LTS Advisory DLA-3426-3 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 13, 2023 https://wiki.debian.org/LTS Package : netatalk Version : 3.1.12ds-3+deb10u3 CVE ID : CVE-2022-23123 Debian Bug : 1043504 Another regression was identified in Netatalk, t...

Office application installation when using a Citrix Workspace App version higher than 2107

When launching the first MS Office Pro Plus 2016 application in a session, a partial installation is ran...

Countering Follina Attack (CVE- 2022-30190) with Trellix Network Security Platform’s Advanced Detection Features

Countering Follina Attack CVE- 2022-30190 with Trellix Network Security Platform’s Advanced Detection Features By Vinay Kumar and Chintan Shah · July 19, 2022 Executive summary During the end of May 2022, independent security researcher reported a vulnerability assigned CVE-2022-30190 in Microsof...

URVE Software Build 24.03.2020 Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-042 Product: URVE Software Manufacturer: Eveo Sp. z o.o. Affected Versions: Build "24.03.2020" Tested Versions: Build "24.03.2020" Vulnerability Type: Cleartext Storage of Sensitive Information CWE-312 Exposure of Sensitive...

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

Design/Logic Flaw

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

CVE-2020-29550

The CVE-2020-29550 issue affects URVE Build 24.03.2020, where the password for an integration user (Office 365 integration) is stored in cleartext in multiple files and in the database, enabling exposure. Affected files include Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000...

PowerPoint 2003/2007/2010 Silent Builder Exploit

The exploit allows you to convert EXE & JAR to .PPS its coded 100% from scratch and used by private method to assure a great stability and lasting FUD time. You are able to attach it to the most e-mail providers nowadays everyone uses Microsoft Office so it gives a huge chance of success. This...

Malicious MS Office Macro Creator

Evil Clippy is a tool for creating malicious Microsoft Office macros: At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code via p-code and confuse...

Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code via P-Code and confuse macro analysis tools. Runs on Linux, OSX and Windows. Current features Hide VBA macros from the GUI editor VBA stomping P-code abuse Fool analyst tools Serve VBA stomp...

Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack

Microsoft today released its April 2019 software updates to address a total of 74 CVE-listed vulnerabilities in its Windows operating systems and other products, 13 of which are rated critical and rest are rated Important in severity. April 2019 security updates address flaws in Windows OS,...

Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution

Exploit Title: Microsoft Windows CVE-2019-0541 MSHTML Engine "Edit" Remote Code Execution Vulnerability Google Dork: N/A Date: March, 13 2019 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: Windows 7 SP1, Server 2008...

Reminder: Microsoft to end support for Windows 7 in 1-year from today

A new reminder for those who are still holding on to the Windows 7 operating system—you have one year left until Microsoft ends support for its 9-year-old operating system. So it's time for you to upgrade your OS and say goodbye to Windows 7, as its five years of extended support will end on...