133 matches found
CVE-2023-22850
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call...
CVE-2023-22850
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call...
Code injection
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call...
CVE-2023-22850
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call...
PT-2023-18726 · Tiki · Tiki
Name of the Vulnerable Software and Affected Versions: Tiki versions prior to 24.1 Description: The issue allows PHP Object Injection in lib/sheet/grid.php due to an unserialize call when the Spreadsheets feature is enabled. Recommendations: For versions prior to 24.1, update to version 24.1 or...
CVE-2023-22850
CVE-2023-22850 affects Tiki Wiki CMS Groupware prior to 24.1, where the Spreadsheets feature enables a PHP Object Injection via lib/sheet/grid.php due to an unserialize call. This allows an attacker with spreadsheet permissions to craft serialized input that may lead to arbitrary object injection...
CVE-2023-22850
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call...
Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery Vulnerability
------------------------------------------------------------------------------ Tiki Wiki CMS Groupware = 25.0 Two Cross-Site Request Forgery Vulnerabilities ------------------------------------------------------------------------------ - Software Link: https://tiki.org - Affected Versions: Versio...
Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery
------------------------------------------------------------------------------ Tiki Wiki CMS Groupware = 25.0 Two Cross-Site Request Forgery Vulnerabilities ------------------------------------------------------------------------------ - Software Link: https://tiki.org - Affected Versions: Versio...
Consensys: CSV Injection at https://assets-paris-demo.codefi.network/
Summary: Hi consensys Security Team. I have found CSV Injection when generate report at https://assets-paris-demo.codefi.network/ CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program such as Microsoft Excel or...
Why are companies still managing compliance with spreadsheets?
Compliance management and automation has come a long way in just the last couple of years, and market demand for cyber assurance is at an all-time high. So why are so many companies still managing their compliance programs with spreadsheets?...
CVE-2021-40399
An exploitable use-after-free vulnerability exists in WPS Spreadsheets ET as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the...
CVE-2021-40399
An exploitable use-after-free vulnerability exists in WPS Spreadsheets ET as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the...
Design/Logic Flaw
An exploitable use-after-free vulnerability exists in WPS Spreadsheets ET as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the...
CVE-2021-40399
The CVE-2021-40399 issue affects WPS Office’s Spreadsheets (ET) component, specifically WPS Spreadsheets version 11.2.0.10351. The root cause is a use-after-free in the HTML/XML handling of XLS content, leading to remote code execution when a specially crafted XLS file is opened. Public analysis ...
金山软件 WPS 资源管理错误漏洞
Kingsoft WPS is a kind of office software from Kingsoft, a Chinese company. It provides document processing functions. A resource management error vulnerability exists in Kingsoft WPS Spreadsheets ET 11.2.0.10351, which originates from a specially crafted XLS file that can be reused after release...
Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware
A Windows living-off-the-land binary LOLBin known as Regsvr32 is seeing a big uptick in abuse of late, researchers are warning, mainly spreading trojans like Lokibot and Qbot. LOLBins are legitimate, native utilities used daily in various computing environments, that cybercriminals use to evade...
Apache OpenOffice Data Forgery Issue Vulnerability (CNVD-2021-84241)
Apache OpenOffice is the United States Apache Apache Foundation's an open source office software suite . The suite contains text documents, spreadsheets, presentations, drawings, databases, and more. Versions of Apache OpenOffice prior to 4.1.10 are vulnerable to data forgery issues, which can be...
CVE-2021-33035
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...
CVE-2021-33035
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...