XML External Entity (XXE) Injection

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the OOXML parsing of the file indexer, external entity resolution is not disabled. A crafted XLSX or PPTX document...

CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

📄 Microsoft PowerPoint 2019 Use-After-Free

This Metasploit module exploits a use-after-free vulnerability in Microsoft PowerPoint that allows remote code execution when a user opens a specially crafted PPTX file. The vulnerability is triggered through manipulated shape objects in the PowerPoint presentation...

CVE-2025-58358 Markdownify is vulnerable to command injection through pptx-to-markdown tool

Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...

GHSA-45QJ-4XQ3-3C45 mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool

Summary A command injection vulnerability exists in the mcp-markdownify-server MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remot...

📄 Microsoft PowerPoint 2019 Remote Code Execution

This exploit leverages a use-after-free vulnerability in Microsoft PowerPoint allowing an attacker to execute arbitrary code by tricking a user into opening a specially crafted PPTX file. This proof of concept generates such a malicious PPTX file designed to trigger the use-after-free condition...

Microsoft PowerPoint PPTX File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

U.S. Dept Of Defense: username and password leaked via pptx for █████████ website

Description: While performing my recon, I can accross this https://███/███████ which contain username and password for accessing your asset here █████ ████ References: ███████ Impact I tried accessing the ip but it is not working here, I f it can be accessed somewhere this will result in full...

MANSPIDER - Spider Entire Networks For Juicy Files Sitting On SMB Shares. Search Filenames Or File Content - Regex Supported!

Crawl SMB shares for juicy information. File content searching + regex is supported! File types supported: PDF DOCX XLSX PPTX any text-based format and many more!! MAN-SPIDER will crawl every share on every target system. If provided creds don't work, it will fall back to "guest", then to a null...

Microsoft PowerPoint PPTX File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processin...

PT-2021-2281 · Microsoft · Office Powerpoint

Name of the Vulnerable Software and Affected Versions: Microsoft PowerPoint affected versions not specified Description: The issue is related to incorrect code generation management in Microsoft PowerPoint, allowing a remote attacker to execute arbitrary code. This can be achieved through the...

CVE-2021-25831

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...

Design/Logic Flaw

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...

BurpMetaFinder - Burp Suite Extension For Extracting Metadata From Files

Burp Suite extension for extracting metadata from files Currently supported documents: PDF DOCX PPTX XLSX The project created at Jetbrains has been completely added. Don't forget to change the settings you need. Usage You need to dowload 2 external libraries: pdfbox poi-ooxml To install the...

CVE-2020-1904

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages...

Directory traversal

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages...

CVE-2020-1904

The CVE-2020-1904 entry describes a path validation issue in WhatsApp for iOS and WhatsApp Business for iOS (pre-2.20.61) that could allow directory traversal to overwrite files when attachments (docx, xlsx, pptx) are sent. The root cause is a path validation flaw that enables overwriting existin...

CVE-2020-1904

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages...

CVE-2020-1903

CVE-2020-1903 describes an out-of-memory denial-of-service in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 when unzipping docx, pptx, and xlsx attachments. The issue requires the recipient to open the attachment from a non-contact number to trigger the vulner...

OPENSUSE-SU-2020:1261-1 Security update for libreoffice

This update for libreoffice fixes the following issues: - Update to 6.4.5.2: Various fixes all around - Remove mime-info and application-registry dirs bsc1062631 - Fix bsc1172053 - LO-L3: Image disappears during roundtrip 365-Impress-365 bsc1172053.diff - Fix bsc1172189 - LO-L3: Impress crashes...