Lucene search
K

1932 matches found

NVD
NVD
added 2017/10/24 9:29 p.m.13 views

CVE-2017-15879

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

8.8CVSS8.8AI score0.07217EPSS
Exploits4References3
Hacker One
Hacker One
added 2017/10/24 9:25 p.m.26 views

X (Formerly Twitter): OS Command Execution on User's PC via CSV Injection

Summary: Twitter is vulnerable to CSV Injection. If an attacker can successfully exploit this, then they will compromise the PC of the user. The injection point is via a tweet on the main twitter.com site while the retrieval point is via the “Export Data” option on the analytics site. Description...

7.9AI score
Exploits0
CVE
CVE
added 2017/10/24 9:0 p.m.76 views

CVE-2017-15879

CVE-2017-15879 affects KeystoneJS before 4.0.0-beta.7. The CSV injection vulnerability arises in the CSV export path via values mishandled in admin/server/api/download.js and lib/list/getCSVData.js, enabling Excel macro/formula injection. Documentation indicates the issue exists prior to version ...

8.8CVSS8.6AI score0.07217EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2017/10/24 9:0 p.m.19 views

CVE-2017-15879

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

8.8AI score0.07217EPSS
Exploits4References3
Hacker One
Hacker One
added 2017/09/27 3:28 a.m.30 views

Bitwarden: Export vault feature is vulnerable to CSV injection

Hello guys I don't know if you care about this issue but it seems that the export feature in your https://vault.bitwarden.com//tools is vulnerable to CSV injection. If a CSV contains a malicious command it may have big impact Even though there is a popup notification for users before opening the...

0.8AI score
Exploits0
Gitee
Gitee
added 2017/07/31 3:46 p.m.37 views

Exploit for Out-of-bounds Read in Openssl

This repository contains a collection of tools and exploits for various vulnerabilities, including: A payload for the Apache Struts 2 vulnerability CVE-2017-5638 that allows remote code execution. A tool for exploiting the Heartbleed vulnerability CVE-2014-0160 in OpenSSL. A tool for exploiting t...

10CVSS8.1AI score0.99999EPSS
Exploits257
Hacker One
Hacker One
added 2017/06/29 8:8 a.m.42 views

Grab: CSV Injection https://hub.grab.com

@Poison had pointed out that it was possible to perform CSV Injection on hub.grab.com which was tested on Microsoft Excel 2016. Injection occurred by adding the payload in customer name field in Grab mobile application. The payload used was =cmd|' /C calc'!A0. We fixed this issue by properly...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2017/04/27 11:17 a.m.30 views

Weblate: CSV Injection with the CVS export feature - Glossary

Hi, The "Download as a CSV" feature of Weblate does not properly "escape" fields. Here is more information about this issue: http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/ Here is one method to reproduce this issue: 1 I can add new information in Glossary with a name...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/04/24 9:43 a.m.19 views

Weblate: CSV Injection with the CSV export feature

Step to reproduce : 1.go to https://hosted.weblate.org/dictionaries/aptoide-uploader/bn/add 2.add "=1+1" to Source and Translation filed F178723 3.now do CSV export 4.you can see all the cell is displayed as "2" which means the code is executed. Best Regad's, Jay Patel...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2017/04/07 3:58 p.m.22 views

Gratipay: CSV injection in gratipay.com via payment history export feature.

I discovered this issues thanks to Matt who pointed out that the participant's name is directly placed into a CSV file: https://github.com/gratipay/gratipay.com/issues/4399issuecomment-292250609 Summary --- Gratipay allows users to export payment history as a .csv file. By injecting a payload int...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2017/03/29 1:8 p.m.23 views

Dropbox: CSV Injection with the CVS export feature

The report mentions a well known problem with any CSV export function. If the exported data has an Excel formula, the user will be warned and if the user clicks through a warning they might get some code execution. At the same time, fixing this bug means that the CSV data is no longer correct and...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2017/03/26 3:58 p.m.30 views

GitLab: CSV injection in gitlab.com via issues export feature.

Dear GitLab bug bounty team, Summary --- GitLab allows users to export issues as a .csv file. By injecting a payload into an issue title an attacker could exfiltrate data or execute code on the target machine. For instance, by naming an issue =cmd|' /C calc'!A0 I am able to open up calc.exe on...

1.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2017/01/19 12:0 a.m.59 views

FullContact BB #2 - CSV Excel Macro Injection Vulnerability

Document Title: =============== FullContact BB 2 - CSV Excel Macro Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1904 Release Date: ============= 2017-01-19 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2017/01/19 12:0 a.m.36 views

FullContact BB #2 - CSV Excel Macro Injection Vulnerability

Document Title: =============== FullContact BB 2 - CSV Excel Macro Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1904 Release Date: ============= 2017-01-19 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2016/10/11 12:0 a.m.12 views

CampTix Event Ticketing <= 1.5.0 - CSV Injection Bypasses and XSS

The CampTix Event Ticketing WordPress plugin was affected by a CSV Injection Bypasses and XSS security vulnerability...

2.2AI score
Exploits0References4Affected Software1
Hacker One
Hacker One
added 2016/08/31 9:24 a.m.30 views

Ian Dunn: CSV Injection in Camptix

Hello, Ian! I see you tried to escape "=, -, +, @" in your code 151516, but let me show simple workaround. I've made CSV injection by using this string ";=cmd|' /C calc'!A5" without doublequotes. ";" will bypass your trying to set the quote in the beginning of the string. ";" acts as a new cell...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2016/08/19 11:48 a.m.15 views

Ian Dunn: bypass to csv injection

Hi Ian, I would like to add payload to this report 151516. payload used: http://google.com?,=2+2-2+3+cmd|' /C calc'!G2 When injecting https://google.com? it will be rendered as a link but when comma , it will be rendered in a new cell which will execute the command. Thanks,...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2016/08/18 6:40 p.m.24 views

Ian Dunn: Bypassing CSV injection using new line charcter

whitewalker reported that esccsv could be bypassed by using %0A-3+3+cmd|' /C calc'!D2 as the payload. For example, the firstname parameter in the following request: curl -ik 'https://2016.misc.wordcamp.dev/tickets/?tixaction=checkouttix' -H 'Host: 2016.misc.wordcamp.dev' -H 'User-Agent: Mozilla/5...

6.7AI score
Exploits0
WPVulnDB
WPVulnDB
added 2016/08/10 12:0 a.m.19 views

CampTix Event Ticketing <= 1.4.2 - CSV Injection and XSS

The CampTix Event Ticketing WordPress plugin was affected by a CSV Injection and XSS security vulnerability...

5.1CVSS2.3AI score0.01798EPSS
Exploits2References2Affected Software1
Hacker One
Hacker One
added 2016/07/15 2:13 p.m.18 views

Ian Dunn: CSV Injection at Camptix Event Ticketing

Hi, As you mentioned the scope of vulnerability as Any plugin listed on my WordPress.org profile. I am reporting this issue. I have seen from your WordPress.org profile the second plugin listed is Camptix Event Ticketing So I looked at the source code of the plugin...

6AI score
Exploits0
Rows per page
Query Builder