CVE-2019-9854 Unsafe URL assembly flaw in allowed script location check

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

openSUSE: Security Advisory for libreoffice (openSUSE-SU-2019:2057-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2019:2057-1 Security update for libreoffice

This update for libreoffice fixes the following issues: Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' bsc1141861. - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo bsc1141862. - CVE-2019-9851: Fixed LibreLogo global-event scrip...

Kaseya VSA agent 9.5 - Privilege Escalation

Kaseya VSA agent 9.5 - Privilege Escalation Exploit Title: Kaseya VSA agent CVE-2017-12410 found by Filip Palian. A a fix was put in place for the original CVE, however it was specific to binaries and not scripts. The root cause for both issues is allowing a low privileged group excessive...

Security update for libreoffice (important)

openSUSE Security Update: Security update for libreoffice Announcement ID: openSUSE-SU-2019:2057-1 Rating: important References: 1133534 1141861 1141862 1146098 1146105 1146107 Cross-References: CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 Affected Products: openSUSE Leap...

CVE-2019-4133

IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side with access to client computer to run a custom script. IBM X-Force ID: 158278...

Design/Logic Flaw

IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side with access to client computer to run a custom script. IBM X-Force ID: 158278...

CVE-2019-4133

CVE-2019-4133 affects IBM Cloud Automation Manager 3.1.2. The concurrent documents confirm a client-side attacker with access to the user’s machine could execute a custom script due to an insecure Content-Security-Policy header. Exploitation details are not provided beyond this, but the IBM secur...

PT-2019-16914 · Ibm · Ibm Cloud Automation Manager

Name of the Vulnerable Software and Affected Versions: IBM Cloud Automation Manager version 3.1.2 Description: The issue allows a malicious user on the client side, with access to the client computer, to run a custom script. Recommendations: For IBM Cloud Automation Manager version 3.1.2, conside...

SUSE-SU-2019:2231-1 Security update for libreoffice

This update for libreoffice fixes the following issues: Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' bsc1141861. - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo bsc1141862. - CVE-2019-9851: Fixed LibreLogo global-event scrip...

Security Bulletin: IBM Cloud Automation Manager is affected by a insecure Content-Security-Policy header vulnerability CVE-2019-4133

Summary IBM Cloud Automation Manager could allow a malicious user on the client side with access to client computer to run a custom script. Vulnerability Details CVEID: CVE-2019-4133 DESCRIPTION: IBM Cloud Automation Manager could allow a malicious user on the client side with access to client...

Fedora 29 : 1:libreoffice (2019-2fe22a3a2c)

CVE-2019-9850 Insufficient url validation allowing LibreLogo script execution - CVE-2019-9851 LibreLogo global-event script execution - CVE-2019-9852 Insufficient URL encoding flaw in allowed script location check ---- - CVE-2019-9848 LibreLogo arbitrary script execution - CVE-2019-9849 remote...

CVE-2019-9850

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...

Roblox: Malformed string sent through FireServer leads to server freezing/hanging

This was found an hour ago so if I get any information wrong, please comment and I'll get back to you! A cheater/exploiter can hang any Roblox gameserver due to a 5 line script which sends a big malformed string through SayMessageRequest resulting in the server to hang itself. This works in any...

Cisco Unified Contact Center Express Input Validation Error Vulnerability

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. An input validation error vulnerability...

Fedora 30 : 1:libreoffice (2019-dd9d207c17)

CVE-2019-9850 Insufficient url validation allowing LibreLogo script execution - CVE-2019-9851 LibreLogo global-event script execution - CVE-2019-9852 Insufficient URL encoding flaw in allowed script location check - latest stable version Note that Tenable Network Security has extracted the...

CVE-2019-9851 LibreLogo global-event script execution

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers...

CVE-2019-9850 Insufficient url validation allowing LibreLogo script execution

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...

PT-2019-13887 · WordPress · Wp-Live-Chat-Support

Name of the Vulnerable Software and Affected Versions: wp-live-chat-support plugin versions prior to 8.0.27 Description: The issue is related to a security problem where an attacker can exploit the GDPR page to execute malicious scripts, potentially leading to unauthorized access or data theft...

PT-2019-7675 · WordPress · Wp-Live-Chat-Support

Name of the Vulnerable Software and Affected Versions: wp-live-chat-support plugin versions prior to 6.2.02 Description: The issue is related to a security problem where an attacker can execute malicious scripts. Recommendations: For versions prior to 6.2.02, update to version 6.2.02 or later to...