41 matches found
CVE-2026-4430 Heap Buffer Overflow in AgileEngine
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...
CVE-2025-59031
Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...
EUVD-2022-4799
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-5000
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity...
Security Bulletin: IBM Maximo Asset Management is vulnerable to Apache poi-ooxml-3.9-20121203 in BIRT (CVE-2016-5000, CVE-2017-12626, CVE-2017-5644, CVE-2019-12415, CVE-2022-26336)
Summary IBM Maximo Asset Management is vulnerable to Apache poi-ooxml-3.9-20121203 in BIRT Vulnerability Details CVEID:CVE-2016-5000 DESCRIPTION: The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external...
GHSA-Q56H-JJJ6-52MF Improper Restriction of XML External Entity Reference in Apache POI
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
Improper Restriction of XML External Entity Reference in Apache POI
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
GHSA-PMQQ-7WFV-JFFF Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
Security Bulletin:Open Source Apache Poi Vulnerability in IBM eDiscovery Manager
Summary Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error when XLSX2CSV example uses Java's XML components to parse OpenXML files. An attacker could exploit this vulnerability using an XML document containing an external...
Security Bulletin: IBM Forms Experience Builder could be susceptible to Apache POI Vulnerabilities
Summary IBM Forms Experience Builder could be susceptible to allowing for a denial of service, cause by an error in Apache POI Libraries Vulnerability Details CVEID: CVE-2014-3574 DESCRIPTION: Apache POI is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error wh...
Security Bulletin: IBM WebSphere Dashboard Framework is affected by multiple security vulnerabilities in Apache POI
Summary Apache POI, which is bundled with IBM WebSphere Dashboard Framework, is vulnerable to denial of service attacks and could allow a remote attacker to obtain sensitive information. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache POI, which is used by the...
Decoy Microsoft Word document delivers malware through a RAT
In this post, we take a look at a Microsoft Word document which itself is somewhat clean, but is used to launch a multi-stage attack that relies on the hyperlink feature in the OpenXML format. This then loads another document that contains an exploit. Most malicious Microsoft Office documents...
CVE-2016-5000
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2016-5000
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
DEBIAN-CVE-2016-5000
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
Xxe
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2016-5000
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
UBUNTU-CVE-2016-5000
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2016-5000
The CVE-2016-5000 entry concerns the XLSX2CSV example in Apache POI. The root cause is an XML External Entity (XXE) vulnerability introduced when parsing OpenXML in the XLSX2CSV path, allowing a crafted document to cause an external-entity reference to read arbitrary files. Affected products/vers...