Lucene search
+L

710 matches found

OSV
OSV
added 2017/11/15 4:29 p.m.5 views

CVE-2017-15270

The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values CSV file. This can be used by attackers to hide data in the Graphical User Interface GUI view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' a...

5.3CVSS5.9AI score0.06972EPSS
Exploits4References4
CNVD
CNVD
added 2017/10/25 12:0 a.m.8 views

KeystoneJS CSV Injection Vulnerability

KeystoneJS is a powerful Node.js content management system and web application framework built on express and mongoose . A CSV injection vulnerability exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS versions prior to 4.0.0-beta.7. A detailed vulnerability descripti...

8.8CVSS7.2AI score0.07217EPSS
Exploits4References1
CNVD
CNVD
added 2017/08/29 12:0 a.m.4 views

Framadate CSV Export Input Validation Vulnerability

Framadate is a free polling software developed by the Framadate team.CSV Export is one of the CVS Comma Separated Values export components. A security vulnerability exists in CSV Export in Framadate version 1.0. An attacker can exploit this vulnerability to obtain information and execute code...

9.8CVSS9.3AI score0.02625EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/20 12:0 a.m.5 views

Elasticsearch Logstash Security Bypass Vulnerability

Elasticsearch Logstash is a set of log analysis and monitoring tools from Elasticsearch Netherlands. The tool provides functions such as search, processing and management of logs or events. A security vulnerability exists in Elasticsearch Logstash versions prior to 2.1.2. An attacker can exploit...

7.5CVSS6.7AI score0.01129EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/31 12:0 a.m.28 views

Icinga Cross-Site Scripting Vulnerability

Icinga is a set of enterprise-grade open source monitoring system from the Icinga project, a product between the Nagios Community Edition and Enterprise Edition. A cross-site scripting vulnerability exists in Icinga's Classic-UI with CSV export link and pagination functionality. Remote attackers...

6.1CVSS6.2AI score0.01486EPSS
Exploits0References1
CNVD
CNVD
added 2017/01/05 12:0 a.m.8 views

WordPress WooCommerce Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress WooCommerce...

4.8CVSS5.9AI score0.00904EPSS
Exploits0References1
CNVD
CNVD
added 2016/12/29 12:0 a.m.4 views

FTPShell Server '.csv' Local Denial of Service Vulnerability

FTPShell Server is a safe and reliable FTP client tool. A local denial of service vulnerability exists in FTPShell Server '.csv', which can be exploited by an attacker to cause a denial of service program crash...

6.5AI score
Exploits0References1
CNVD
CNVD
added 2016/07/19 12:0 a.m.3 views

WordPress CSV Importer Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language.CSV Importer is one of the plug-ins for importing CSV or XML files. A cross-site scripting vulnerability exists in version 1.0 of the WordPress CSV Importer plugin, which can be exploited by...

6.2AI score
Exploits0References1
Elastic
Elastic
added 2016/02/02 6:32 p.m.5 views

Logstash CSV Output Vulnerability - CVE pending

Summary: Logstash 2.2 and prior versions are vulnerable to a formula based injection, when using the CSV output plugin. This plugin allows users to export data in comma separated values and is susceptible to an attack if the values contained a spreadsheet formula. This vulnerability is not presen...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2014/06/04 12:0 a.m.8 views

PT-2014-5637 · WordPress · Participants Database

Name of the Vulnerable Software and Affected Versions: Participants Database plugin versions prior to 1.5.4.9 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the query parameter in an "output CSV" action to the "pdb-signup/" endpoint...

7.5CVSS7.6AI score0.05643EPSS
Exploits1References10
Rows per page
Query Builder