CVE-2023-25266

An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code...

EUVD-2023-29228

Malicious code in bioql PyPI...

CVE-2023-25266

An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code...

Remote code execution

An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code...

PT-2023-20009 · Docmosis · Docmosis Tornado

Name of the Vulnerable Software and Affected Versions: Docmosis Tornado versions prior to 2.9.5 Description: An issue allows an authenticated attacker to change the Office directory setting to point to an arbitrary remote network path, triggering the execution of the soffice binary under the...