689 matches found
CVE-2018-11526
The plugin "WordPress Comments Import & Export" for WordPress v2.0.4 and before is vulnerable to CSV Injection...
CVE-2017-3936
OS Command Injection vulnerability in McAfee ePolicy Orchestrator ePO 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output...
IBM Robotic Process Automation with Automation Anywhere Arbitrary Command Execution Vulnerability
IBM Robotic Process Automation with Automation Anywhere is a process automation solution developed by IBM USA and Automation Anywhere. A security vulnerability exists in IBM Robotic Process Automation with Automation Anywhere version 10.0, which stems from the program's failure to properly encode...
UBUNTU-CVE-2018-11652
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...
Centers for Disease Control and Prevention MicrobeTRACE Remote Code Execution Vulnerability
Centers for Disease Control and Prevention MicrobeTRACE is a suite of sequence analysis and data visualization tools from the Centers for Disease Control and Prevention CDC. A security vulnerability exists in Centers for Disease Control and Prevention MicrobeTRACE version 0.1.12. The vulnerabilit...
HRSALE The Ultimate HRM CSV Injection Vulnerability
HRSALE The Ultimate HRM is a PHP-based human resource management system. A CSV injection vulnerability exists in HRSALE The Ultimate HRM version 1.0.2. An attacker can exploit this vulnerability to inject commands and execute code...
CVE-2018-10258
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...
CVE-2018-8974
Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source...
CVE-2016-9094
Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file...
Convert Forms CSV Injection Vulnerability in Joomla!
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A CSV injection vulnerability exists in Joomla! Convert Forms 2.0.3 and earlier versions. When a user with elevated privileges exports form data in CSV format, an attacker can explo...
CVE-2018-10063
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file...
Wordpress Contact Form 7 to Database Extension Plugin CSV Injection Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A CSV injection vulnerability exists in the Wordpress Contact Form 7 to Database Extension plugin, which can be exploited by ...
CVE-2018-9107
CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export...
CVE-2018-9107
CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export...
CVE-2018-9106
CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export...
CVE-2018-9106
CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export...
CVE-2018-1366
IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value CSV Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452...
SilverStripe CSV Excel Macro Injection Vulnerability
SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . A security vulnerability exists in the CSV export feature in SilverStripe versions pri...
CVE-2017-15313
Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...
CVE-2017-15270
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values CSV file. This can be used by attackers to hide data in the Graphical User Interface GUI view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' a...