Lucene search
K

689 matches found

OSV
OSV
added 2018/06/19 7:29 p.m.2 views

CVE-2018-11526

The plugin "WordPress Comments Import & Export" for WordPress v2.0.4 and before is vulnerable to CSV Injection...

7.8CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2018/06/13 9:29 p.m.3 views

CVE-2017-3936

OS Command Injection vulnerability in McAfee ePolicy Orchestrator ePO 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output...

9.8CVSS5.9AI score0.01383EPSS
Exploits0References2
CNVD
CNVD
added 2018/06/12 12:0 a.m.5 views

IBM Robotic Process Automation with Automation Anywhere Arbitrary Command Execution Vulnerability

IBM Robotic Process Automation with Automation Anywhere is a process automation solution developed by IBM USA and Automation Anywhere. A security vulnerability exists in IBM Robotic Process Automation with Automation Anywhere version 10.0, which stems from the program's failure to properly encode...

8CVSS7.1AI score0.02178EPSS
Exploits0References1
OSV
OSV
added 2018/06/01 3:29 p.m.2 views

UBUNTU-CVE-2018-11652

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...

9.8CVSS6AI score0.24727EPSS
Exploits5References3
CNVD
CNVD
added 2018/05/02 12:0 a.m.5 views

Centers for Disease Control and Prevention MicrobeTRACE Remote Code Execution Vulnerability

Centers for Disease Control and Prevention MicrobeTRACE is a suite of sequence analysis and data visualization tools from the Centers for Disease Control and Prevention CDC. A security vulnerability exists in Centers for Disease Control and Prevention MicrobeTRACE version 0.1.12. The vulnerabilit...

9.3CVSS7.8AI score0.04103EPSS
Exploits1References1
CNVD
CNVD
added 2018/05/02 12:0 a.m.4 views

HRSALE The Ultimate HRM CSV Injection Vulnerability

HRSALE The Ultimate HRM is a PHP-based human resource management system. A CSV injection vulnerability exists in HRSALE The Ultimate HRM version 1.0.2. An attacker can exploit this vulnerability to inject commands and execute code...

8.8CVSS7.6AI score0.04333EPSS
Exploits4References1
OSV
OSV
added 2018/05/01 7:29 p.m.3 views

CVE-2018-10258

A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

8.8CVSS5.8AI score0.07459EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2018/04/26 6:29 a.m.1 views

CVE-2018-8974

Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source...

9.3CVSS6.1AI score0.04103EPSS
Exploits1References4
OSV
OSV
added 2018/04/16 7:29 p.m.4 views

CVE-2016-9094

Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file...

7.8CVSS5.8AI score0.01324EPSS
Exploits0References3
CNVD
CNVD
added 2018/04/16 12:0 a.m.6 views

Convert Forms CSV Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A CSV injection vulnerability exists in Joomla! Convert Forms 2.0.3 and earlier versions. When a user with elevated privileges exports form data in CSV format, an attacker can explo...

7.8CVSS7.3AI score0.09568EPSS
Exploits5References1
OSV
OSV
added 2018/04/12 7:29 p.m.4 views

CVE-2018-10063

The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file...

7.8CVSS5.8AI score0.09568EPSS
Exploits5References3
CNVD
CNVD
added 2018/04/02 12:0 a.m.8 views

Wordpress Contact Form 7 to Database Extension Plugin CSV Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A CSV injection vulnerability exists in the Wordpress Contact Form 7 to Database Extension plugin, which can be exploited by ...

9.6CVSS7.6AI score0.07743EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2018/03/28 4:29 a.m.6 views

CVE-2018-9107

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export...

8.8CVSS5.5AI score0.07419EPSS
Exploits5References5
OSV
OSV
added 2018/03/28 4:29 a.m.5 views

CVE-2018-9107

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export...

8.8CVSS5.8AI score0.07419EPSS
Exploits5References4
OSV
OSV
added 2018/03/28 4:29 a.m.6 views

CVE-2018-9106

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export...

8.8CVSS5.8AI score0.05639EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2018/03/28 4:29 a.m.7 views

CVE-2018-9106

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export...

8.8CVSS5.5AI score0.05639EPSS
Exploits5References3
OSV
OSV
added 2018/02/07 5:29 p.m.5 views

CVE-2018-1366

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value CSV Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452...

7.8CVSS5.7AI score0.00932EPSS
Exploits0References2
CNVD
CNVD
added 2018/01/23 12:0 a.m.6 views

SilverStripe CSV Excel Macro Injection Vulnerability

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . A security vulnerability exists in the CSV export feature in SilverStripe versions pri...

5.5CVSS7.1AI score0.00899EPSS
Exploits1References1
OSV
OSV
added 2017/12/22 5:29 p.m.3 views

CVE-2017-15313

Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...

8.8CVSS5.8AI score0.0107EPSS
Exploits0References1
OSV
OSV
added 2017/11/15 4:29 p.m.3 views

CVE-2017-15270

The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values CSV file. This can be used by attackers to hide data in the Graphical User Interface GUI view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' a...

5.3CVSS5.9AI score0.06972EPSS
Exploits4References4
Rows per page
Query Builder