Archive | Uncategorized RSS feed for this section

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path).

Leave a comment Continue Reading →

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path).

Leave a comment Continue Reading →

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path).

Leave a comment Continue Reading →

Maldoc: Excel 4 Macros in OOXML Format, (Sun, Feb 23rd)

I’ve mentioned Excel 4 macros before, a scripting technology that predates VBA. In that diary entry, I handle .xls files (ole files). Excel 4 macros can also be stored in Office Open XML format files: .xlsm files. If we take a look at an .xlsm file with Excel 4 macros with oledump.py, we’ll get this […]

Leave a comment Continue Reading →

Maldoc: Excel 4 Macros in OOXML Format, (Sun, Feb 23rd)

I’ve mentioned Excel 4 macros before, a scripting technology that predates VBA. In that diary entry, I handle .xls files (ole files). Excel 4 macros can also be stored in Office Open XML format files: .xlsm files. If we take a look at an .xlsm file with Excel 4 macros with oledump.py, we’ll get this […]

Leave a comment Continue Reading →

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path).

Leave a comment Continue Reading →

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path).

Leave a comment Continue Reading →

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path).

Leave a comment Continue Reading →

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path).

Leave a comment Continue Reading →

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path).

Leave a comment Continue Reading →