CVE-2021-38711

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...

Information disclosure

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...

CVE-2021-38711

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...

UBUNTU-CVE-2021-38711

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...

CVE-2021-38711

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...

gitit 安全漏洞

gitit is an open source wiki program written in Haskell. It uses Happstack as a web server and pandoc for markup processing. A security vulnerability exists in gitit versions prior to 0.15.0.0, which can be exploited to leak information from files using the export feature...

WordPress 代码注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code injection vulnerability exists in WordPress Plugin Speed Booster that stems from the product'...

CVE-2021-21085

Adobe Connect version 11.0.7 and earlier is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine...

Input validation

Adobe Connect version 11.0.7 and earlier is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine...

CVE-2021-21085 Adobe Connect CSV injection via export feature could lead to code execution

Adobe Connect version 11.0.7 and earlier is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine...

CVE-2020-26508

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI...

Code injection

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI...

CVE-2020-25170

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...

Design/Logic Flaw

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...

CVE-2020-25170 B. Braun OnlineSuite

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...

Automattic: Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal

Summary: Hi team, If you upgraded your account, you can share your survey results via "Share" button. F893428 As you can see, I selected Results page on Allow access to the following. So user will access only Results page. But if user has the Export feature. User can export the restricted pages...

SolarWinds WebHelpDesk Code Injection Vulnerability

SolarWinds WebHelpDesk is a suite of helpdesk and asset management software from SolarWinds USA. The software supports centralized knowledge base, IT asset management, project and task management, and more. A security vulnerability exists in the export feature in SolarWinds WebHelpDesk version...

CVE-2019-20002

Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value provided by a low-privileged user in the Subject field of a help request form that is mishandled in a TicketActions/view?tab=group TSV export by an admin user...

CVE-2020-11548

The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed...

SugarCRM Export Feature SQL Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A SQL injection vulnerability exists in the export function of SugarCRM. The vulnerability stems from a lack of input validation. An authenticated user with regular user rights can exploit this vulnerability to inject...