Show filters
1,839 Total Results
Displaying 91-100 of 1,839
Sort by:
Attacker Value
Unknown

CVE-2024-12425

Disclosure Date: January 07, 2025 (last updated January 08, 2025)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.
0
0
Attacker Value
Unknown

CVE-2024-43234

Disclosure Date: December 16, 2024 (last updated December 20, 2024)
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.
0
0
Attacker Value
Unknown

CVE-2024-11750

Disclosure Date: December 12, 2024 (last updated December 21, 2024)
The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice-docspace' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-12536

Disclosure Date: December 12, 2024 (last updated December 18, 2024)
A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/client_data.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-49142

Disclosure Date: December 12, 2024 (last updated January 18, 2025)
Microsoft Access Remote Code Execution Vulnerability
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-49069

Disclosure Date: December 12, 2024 (last updated January 13, 2025)
Microsoft Excel Remote Code Execution Vulnerability
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-49065

Disclosure Date: December 12, 2024 (last updated January 13, 2025)
Microsoft Office Remote Code Execution Vulnerability
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-49059

Disclosure Date: December 12, 2024 (last updated January 13, 2025)
Microsoft Office Elevation of Privilege Vulnerability
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-43600

Disclosure Date: December 12, 2024 (last updated January 13, 2025)
Microsoft Office Elevation of Privilege Vulnerability
0
0
Attacker Value
Unknown

CVE-2024-11450

Disclosure Date: December 06, 2024 (last updated December 21, 2024)
The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  < Previous  Next >