EUVD-2023-2818

Malicious code in bioql PyPI...

XWiki 3.5-milestone-1 < 14.10.8, 15.0-rc-1 < 15.3 XSS Vulnerability (GHSA-vcvr-v426-3m3m)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

Impact Triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature...

GHSA-VCVR-V426-3M3M org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

Impact Triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature...

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...

CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...

CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...

XWiki Platform Path Traversal Vulnerability

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform that stems from the use of specially crafted filenames to trigger an Office converter to allow the contents of an attachme...

PT-2023-26181 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.5-milestone-1 through 14.10.7 XWiki Platform versions 15.3-rc-1 and earlier Description: Triggering the office converter with a specially crafted file name allows writing the attachment's content to an...

Moderate: Red Hat Security Advisory: unoconv security update

An update for unoconv is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Remote Code Execution

office-converter is vulnerable to remote code execution. An attacker could run arbitrary commands on the server due to lack of validation...

favana-docx (>=1.0.28 <=1.0.47), web-commons-export (=1.2.10) potentially affected by unknown CVE via office-converter (=1.0.2)

office-converter NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on office-converter and may be impacted: - favana-docx =1.0.28, =1.0.47 - web-commons-export =1.2.10 Source cves: unknown CVE Source advisory: OSV:GHSA-9P64-H5Q4-PHPM...

Remote Code Execution in office-converter

All versions of office-converter are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution. Recommendation No fix is currently available. Consider using an...

GHSA-9P64-H5Q4-PHPM Remote Code Execution in office-converter

All versions of office-converter are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution. Recommendation No fix is currently available. Consider using an...

Remote Code Execution

Overview All versions of office-converter are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution. Recommendation No fix is currently available. Consider usi...

Memory corruption

The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted TIFF image in an Office document, ak...

CVE-2010-3951

The CVE-2010-3951 entry corresponds to a buffer/stack overflow in the Microsoft Office FlashPix Image Converter (graphics filters) when parsing certain property sets. Affected products are Microsoft Office XP SP3 and the Office Converter Pack. The vulnerability arises from a parsing boundary erro...

MS10-105: Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)

The remote host is running a version of Microsoft Office with multiple memory corruption vulnerabilities. A remote attacker could exploit this by tricking a user into viewing a specially crafted image file with Office, resulting in arbitrary code execution. C Tenable Network Security, Inc...

Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095)

This host is missing a critical security update according to Microsoft Bulletin MS10-105. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Integer overflow

Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names ...