«
Expand/Collapse
85 items tagged "document"
Related tags:
previous versions [+],
pdf [+],
document changes [+],
openkm [+],
document table [+],
document library [+],
based buffer overflow [+],
pdfresurrect [+],
pdf documents [+],
omnistar [+],
microsoft [+],
insecure methods [+],
document manager [+],
buffer overflow vulnerabilities [+],
buffer overflow [+],
zero day [+],
word [+],
target system [+],
simple [+],
security vulnerability [+],
rfc [+],
openoffice [+],
manager [+],
inclusion [+],
dmxready [+],
code execution [+],
xoda [+],
system versions [+],
system 1 [+],
sql injection [+],
service vulnerability [+],
secure document [+],
secure [+],
remote shell [+],
read method [+],
privilege escalation vulnerability [+],
office [+],
microsoft office document imaging [+],
microsoft office document [+],
library version [+],
internet explorer user [+],
function [+],
file format [+],
file [+],
escalation [+],
document type declaration [+],
distrib [+],
denial of service [+],
cross site scripting [+],
composite [+],
command execution [+],
code [+],
axis [+],
apache axis2 [+],
apache [+],
activex components [+],
tool [+],
tiff images [+],
tiff [+],
tcp [+],
target connection [+],
tar gz [+],
sequence [+],
security [+],
safer use [+],
researcher [+],
reliability [+],
relevant specifications [+],
orlando [+],
ms ie [+],
mozilla developers [+],
mandriva linux [+],
internet explorer [+],
interchange [+],
initial sequence numbers [+],
html [+],
georgi guninski [+],
generation algorithm [+],
firefox [+],
exploits [+],
document updates [+],
digital interchange [+],
digital [+],
bugtraq [+],
buffer [+],
application octet stream [+],
analysis [+],
zdi [+],
whatweb [+],
webkit [+],
web application [+],
vulnerable version [+],
vulnerabilities [+],
view group [+],
thunderbird 3 [+],
third party [+],
stylesheet document [+],
sdms [+],
root [+],
referenced data [+],
reference [+],
reading vulnerability [+],
process document [+],
plugin development [+],
plugin [+],
multiple [+],
mozilla firefox [+],
mozilla [+],
manager v1 [+],
library manager [+],
library [+],
latex [+],
interleaving [+],
input validation [+],
html files [+],
document write [+],
document root [+],
document reference [+],
document fragments [+],
development [+],
day [+],
cyclecms [+],
critical web [+],
content management systems [+],
application [+],
apple webkit [+],
appendchild [+],
acrobat reader user [+],
Software [+],
oracle [+],
capture [+],
vulnerability [+],
document management system [+],
management [+],
insecure method [+],
document capture [+]
-
-
15:57
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-190 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the 'onpropertychange' user callback function for the document.title. If the function changes the document in the callback function by using, for example, a document.write call, this can result in a use-after-free vulnerability. This can lead to remote code execution under the context of the program.
-
15:57
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-190 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the 'onpropertychange' user callback function for the document.title. If the function changes the document in the callback function by using, for example, a document.write call, this can result in a use-after-free vulnerability. This can lead to remote code execution under the context of the program.
-
15:57
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-190 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the 'onpropertychange' user callback function for the document.title. If the function changes the document in the callback function by using, for example, a document.write call, this can result in a use-after-free vulnerability. This can lead to remote code execution under the context of the program.
-
-
19:45
»
Packet Storm Security Recent Files
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
-
19:45
»
Packet Storm Security Tools
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
-
19:45
»
Packet Storm Security Misc. Files
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
-
-
17:00
»
SecuriTeam
This allows remote authenticated users to affect confidentiality via unknown vectors related to Document Reference Library.
-
-
17:00
»
SecuriTeam
Multiple critical Web Vulnerabilities have been discovered in Omnistardrives Omnistar Document Manager v8.0.
-
-
0:03
»
Packet Storm Security Exploits
Omnistar Document Manager version 8.0 suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
-
-
17:16
»
Packet Storm Security Tools
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
-
17:16
»
Packet Storm Security Misc. Files
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
-
-
10:01
»
Hack a Day
Writing a paper in LaTeX will always result in beautiful output, but if you’d like to put that document up on the web you’re limited to two reasonable options: serve the document as a .PDF (with the horrors involves, although Chrome makes things much more palatable), or relying on third-party browser plugins like TeX The [...]
-
-
15:35
»
Packet Storm Security Recent Files
This document specifies an algorithm for the generation of TCP Initial Sequence Numbers (ISNs), such that the chances of an off-path attacker guessing the sequence numbers in use by a target connection are reduced. This document revises (and formally obsoletes) RFC 1948, and takes the ISN generation algorithm originally proposed in that document to Standards Track, formally updating RFC 793.
-
15:35
»
Packet Storm Security Misc. Files
This document specifies an algorithm for the generation of TCP Initial Sequence Numbers (ISNs), such that the chances of an off-path attacker guessing the sequence numbers in use by a target connection are reduced. This document revises (and formally obsoletes) RFC 1948, and takes the ISN generation algorithm originally proposed in that document to Standards Track, formally updating RFC 793.
-
-
17:45
»
SecuriTeam
Microsoft Office Contains a vulnerability caused by missing input validation within a library used by the bundled Microsoft Office Document Imaging application.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:35
»
SecuriTeam
Oracle Document Capture contains ActiveX components that contain insecure methods in empop3.dll.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:35
»
SecuriTeam
Oracle Document Capture ActiveX components contain insecure methods.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:35
»
SecuriTeam
EasyMail ActiveX Control (emsmtp.dll) included in Oracle Document Capture can be used to read any file in target system.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:30
»
SecuriTeam
Multiple vulnerabilities were identified in Oracle Document Capture.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
14:55
»
Packet Storm Security Recent Files
This document analyzes how current TCP implementations process TCP urgent indications and how the behavior of some widely deployed middleboxes affects how end systems process urgent indications. This document updates the relevant specifications such that they accommodate current practice in processing TCP urgent indications, raises awareness about the reliability of TCP urgent indications in the Internet, and recommends against the use of urgent indications (but provides advice to applications that do).
-
14:55
»
Packet Storm Security Misc. Files
This document analyzes how current TCP implementations process TCP urgent indications and how the behavior of some widely deployed middleboxes affects how end systems process urgent indications. This document updates the relevant specifications such that they accommodate current practice in processing TCP urgent indications, raises awareness about the reliability of TCP urgent indications in the Internet, and recommends against the use of urgent indications (but provides advice to applications that do).
-
7:33
»
Packet Storm Security Exploits
EasyMail ActiveX Control (emsmtp.dll) that included into Oracle Document Capture distrib can be used to read any file in target system. The vulnerable method is "ImportBodyText()".
-
7:33
»
Packet Storm Security Recent Files
EasyMail ActiveX Control (emsmtp.dll) that included into Oracle Document Capture distrib can be used to read any file in target system. The vulnerable method is "ImportBodyText()".
-
7:33
»
Packet Storm Security Misc. Files
EasyMail ActiveX Control (emsmtp.dll) that included into Oracle Document Capture distrib can be used to read any file in target system. The vulnerable method is "ImportBodyText()".
-
-
13:33
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by missing input validation within a library used by the bundled Microsoft Office Document Imaging application when converting certain data during parsing of TIFF images. This can be exploited to corrupt memory via a TIFF image containing specially crafted IFD entries. Successful exploitation may allow execution of arbitrary code.
-
13:33
»
Packet Storm Security Misc. Files
Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by missing input validation within a library used by the bundled Microsoft Office Document Imaging application when converting certain data during parsing of TIFF images. This can be exploited to corrupt memory via a TIFF image containing specially crafted IFD entries. Successful exploitation may allow execution of arbitrary code.
-
-
22:01
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-169 - dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. Mozilla Firefox permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. Various other Mozilla related vulnerabilities have been addressed.
-
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on software utilizing a vulnerable version of Apple's Webkit.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:28
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-091 - This update provides a new OpenOffice.org version 3.1.1. An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing. A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file. Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file. OpenOffice's xmlsec uses a bundled Libtool which might load.la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled.
-
18:28
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-091 - This update provides a new OpenOffice.org version 3.1.1. An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing. A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file. Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file. OpenOffice's xmlsec uses a bundled Libtool which might load.la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled.
-
-
1:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-071 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe's Acrobat Reader. User interaction is required in that the victim must be coerced into opening a malicious document or visiting a malicious URL. The specific flaw exists within the parsing of embedded fonts inside a PDF document. Upon parsing particular tables out of a font file the application will miscalculate an index used for seeking into a buffer. Later the application will begin to copy data into the calculated pointer corrupting the referenced data structure. Successful exploitation will lead to code execution under the context of the application.
-
-
21:36
»
Packet Storm Security Misc. Files
Document on how to research and develop plugins for WhatWeb to identify content management systems, web application frameworks, etc. As an example it includes how to research and write a plugin for the SilverStripe CMS. The document covers passive plugin development only and is accurate for WhatWeb version 0.4.
-
-
17:00
»
Packet Storm Security Tools
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also scrub or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
-
17:00
»
Packet Storm Security Recent Files
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also scrub or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
-
-
12:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-042 - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type=image/svg+xml, the Content-Type is ignored and the SVG document is processed normally.
-
12:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-042 - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type=image/svg+xml, the Content-Type is ignored and the SVG document is processed normally.
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution