CVE-2017-5108

Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file...

FreeBSD : Apache OpenOffice -- multiple vulnerabilities (27229c67-b8ff-11e7-9f79-ac9e174be3af)

The Apache Openofffice project reports : CVE-2017-3157: Arbitrary file disclosure in Calc and Writer By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attack...

GHSA-JXX8-V83V-RHW3 Spree Improper Input Validation vulnerability

Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

GHSA-X457-CW4H-HQ5F JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

Spree Improper Input Validation vulnerability

Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

Safemode Gem Has Incomplete List of Disallowed Inputs

rubygem-safemode, as used in Foreman, versions 1.3.1 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation...

Tuleap < 9.7 Object Injection Vulnerability

Tuleap is prone to an object injection vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2017-12796

The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system...

Redis-store Design Vulnerability

Redis-store is a Ruby-based application-specific toolkit that supports sharding, master-slave replication, and grouping. A security vulnerability exists in Redis-store 1.3.0 and earlier versions. An attacker can exploit the vulnerability to load insecure objects from redis...

ILIAS < 5.1.21, 5.2.x < 5.2.9 XSS Vulnerability

ILIAS eLearning is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Infogram: Stored Cross-Site scripting in the infographics using Data Objects links

Description Hello. This stored XSScase is different from early reported 280495, but has a very similar root cause and reproduction steps. Upon pasting the link to the Text Object not in the Add Media section, like in previous report, we can intercept the request, and change the link source to the...

Microsoft Excel - OLE Arbitrary Code Execution Exploit

Exploit for windows platform in category dos / poc Title: MS Office Excel all versions Arbitrary Code Execution Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007,2010,2013,2016...

CVE-2017-15538

Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php...

Cross site scripting

Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php...

CVE-2017-15538

Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php...

CVE-2017-15538

CVE-2017-15538 affects ILIAS Media Objects. A stored XSS in the Media Objects component (setParameter in Services/MediaObjects/classes/class.ilMediaItem.php) allows an authenticated user to inject JavaScript and gain administrator privileges. Affected versions are ILIAS before 5.1.21 and 5.2.x be...

OpenText Documentum Content Server - dmr_content Privilege Escalation

OpenText Documentum Content Server - dmrcontent Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server stores...

OpenText Documentum Content Server - &#039;dmr_content&#039; Privilege Escalation

!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server stores information about uploaded files in dmrcontent objects, which are queryable...