Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
office vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-6608
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/notify/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed...
Tongda2000 Tongda Oa
Tongda2000 Tongda Office Anywhere 2017
7.5
CVSSv3
CVE-2023-6611
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public a...
Tongda2000 Tongda Oa
Tongda2000 Tongda Office Anywhere 2017
7.5
CVSSv3
CVE-2023-6607
A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has ...
Tongda2000 Tongda Office Anywhere
Tongda2000 Tongda Office Anywhere 2017
8.8
CVSSv3
CVE-2023-5970
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated malicious user to create an identical external domain user using accent characters, resulting in an MFA bypass.
Sonicwall Sma 200 Firmware
Sonicwall Sma 210 Firmware
Sonicwall Sma 400 Firmware
Sonicwall Sma 410 Firmware
Sonicwall Sma 500v Firmware
6.1
CVSSv3
CVE-2023-48314
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (rich...
Collaboraoffice Collabora Online
7.5
CVSSv3
CVE-2023-46887
In Dreamer CMS prior to 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.
Dreamer Cms Project Dreamer Cms
5
CVSSv3
CVE-2023-32063
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1....
Oroinc Client Relationship Management
4.3
CVSSv3
CVE-2023-32064
OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in v...
Oroinc Orocommerce
4.3
CVSSv3
CVE-2023-32062
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.
Oroinc Oroplatform
7.8
CVSSv3
CVE-2023-31275
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerabil...
Kingsoft Wps Office 11.2.0.11537
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »