Malicious code in @openwebconcept/theme-owc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba9da7f58491c9c4715c34da32da8f4a9d1519075412a9be534d19e6e07466e2 The package @openwebconcept/theme-owc was found to contain malicious code. Source: ghsa-malware...

Embedded Malicious Code

Overview @openwebconcept/theme-owc is a Default OpenWebconcept theme — emits OWC brand tokens scoped to the .theme-owc selector Affected versions of this package are vulnerable to Embedded Malicious Code that injects a credential-harvesting script that runs via postinstall on every npm install. I...

Malicious code in owc-gravityforms-zaaksysteem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 673deef983f16eb6d5cd07cd47da2ad7ed5dae42fbbaac79e1ca22c1db7db6e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12019 Malicious code in owc-gravityforms-zaaksysteem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 673deef983f16eb6d5cd07cd47da2ad7ed5dae42fbbaac79e1ca22c1db7db6e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

jnntravel.com Cross Site Scripting vulnerability OBB-2321568

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption

No description provided by source. $Id: ms09043owcmsdso.rb 9893 2010-07-20 23:28:47Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (MS09-043) (Metasploit)

$Id: ms09043owcmsdso.rb 9893 2010-07-20 23:28:47Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (MS09-043) (Metasploit)

$Id: ms09043owchtmlurl.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Microsoft OWC Spreadsheet HTMLURL Buffer Overflow

This module exploits a buffer overflow in Microsoft's Office Web Components. When passing an overly long string as the "HTMLURL" parameter an attacker can execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption

$Id: ms09043owcmsdso.rb 8686 2010-03-02 07:50:25Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption

This module exploits a memory corruption vulnerability within versions 10 and 11 of the Office Web Component Spreadsheet ActiveX control. This module was based on an exploit found in the wild. This module requires Metasploit: https://metasploit.com/download Current source:...

Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Microsoft OW...

Microsoft Office Web Components OWC.Spreadsheet BorderAround vulnerability

Added: 08/24/2009 CVE: CVE-2009-2496 BID: 35991 OSVDB: 56915 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A heap corruption vulnerability in the OWC10.Spreadsheet ActiveX control allows command execution when a user opens a web...

Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability

Description Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage. Successful exploits will allow the attacker to execute arbitrary code within the context...

Microsoft Office Web Components (OWC) Spreadsheet - ActiveX Buffer Overflow (PoC)

var shellcode = unescape"evil code"; var array = new Array; var ls = 0x81000-shellcode.length2; var bigblock = unescape"%u0b0c%u0b0C"; whilebigblock.length milw0rm.com 2009-07-16...

Microsoft Office Web Components (OWC) Spreadsheet - ActiveX Buffer Overflow (PoC)

Microsoft Office Web Components OWC Spreadsheet - ActiveX Buffer Overflow PoC var shellcode = unescape"evil code"; var array = new Array; var ls = 0x81000-shellcode.length2; var bigblock = unescape"%u0b0c%u0b0C"; whilebigblock.length milw0rm.com 2009-07-16...

Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability

Added: 07/14/2009 CVE: CVE-2009-1136 BID: 35642 OSVDB: 55806 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the...

CVE-2002-0622

The CVE-2002-0622 entry concerns the Office Web Components (OWC) package installer used with Microsoft Commerce Server 2000. The vulnerability allows remote attackers to execute commands by providing input to the OWC package installer (Command Execution via installer input). This is described as ...

CVE-2002-0727

The CVE-2002-0727 entry concerns Microsoft Office Web Components (OWC) 2000 and 2002. The Host function is exposed in components marked as safe for scripting, enabling a remote attacker to execute arbitrary commands through the setTimeout method. This defines the vulnerable component/function and...

CVE-2002-0860

The CVE-2002-0860 vulnerability affects Microsoft Office Web Components (OWC) 2000 and 2002, where the LoadText method in the spreadsheet component allows a remote attacker using an Internet Explorer URL redirect to read arbitrary local files. Underlying issue: inadequate URL handling in the OWC ...