710 matches found
CVE-2017-15270
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values CSV file. This can be used by attackers to hide data in the Graphical User Interface GUI view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' a...
KeystoneJS CSV Injection Vulnerability
KeystoneJS is a powerful Node.js content management system and web application framework built on express and mongoose . A CSV injection vulnerability exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS versions prior to 4.0.0-beta.7. A detailed vulnerability descripti...
Framadate CSV Export Input Validation Vulnerability
Framadate is a free polling software developed by the Framadate team.CSV Export is one of the CVS Comma Separated Values export components. A security vulnerability exists in CSV Export in Framadate version 1.0. An attacker can exploit this vulnerability to obtain information and execute code...
Elasticsearch Logstash Security Bypass Vulnerability
Elasticsearch Logstash is a set of log analysis and monitoring tools from Elasticsearch Netherlands. The tool provides functions such as search, processing and management of logs or events. A security vulnerability exists in Elasticsearch Logstash versions prior to 2.1.2. An attacker can exploit...
Icinga Cross-Site Scripting Vulnerability
Icinga is a set of enterprise-grade open source monitoring system from the Icinga project, a product between the Nagios Community Edition and Enterprise Edition. A cross-site scripting vulnerability exists in Icinga's Classic-UI with CSV export link and pagination functionality. Remote attackers...
WordPress WooCommerce Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress WooCommerce...
FTPShell Server '.csv' Local Denial of Service Vulnerability
FTPShell Server is a safe and reliable FTP client tool. A local denial of service vulnerability exists in FTPShell Server '.csv', which can be exploited by an attacker to cause a denial of service program crash...
WordPress CSV Importer Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language.CSV Importer is one of the plug-ins for importing CSV or XML files. A cross-site scripting vulnerability exists in version 1.0 of the WordPress CSV Importer plugin, which can be exploited by...
Logstash CSV Output Vulnerability - CVE pending
Summary: Logstash 2.2 and prior versions are vulnerable to a formula based injection, when using the CSV output plugin. This plugin allows users to export data in comma separated values and is susceptible to an attack if the values contained a spreadsheet formula. This vulnerability is not presen...
PT-2014-5637 · WordPress · Participants Database
Name of the Vulnerable Software and Affected Versions: Participants Database plugin versions prior to 1.5.4.9 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the query parameter in an "output CSV" action to the "pdb-signup/" endpoint...