VMSA-2021-0022:VMware vRealize Log Insight updates address CSV injection vulnerability

Advisory ID: VMSA-2021-0022 CVSSv3 Range: 6.5 Issue Date:2021-10-12 Updated On: 2021-10-12 Initial Advisory CVEs: CVE-2021-22035 Synopsis: VMware vRealize Log Insight updates address CSV injection vulnerability CVE-2021-22035 RSS Feed Download PDF Download Text File Share this page on social medi...

The vulnerability of the libxcb library in operating systems such as ALT Linux, ROSA Linux, and MSVSphere allows attackers to cause service failures.

The vulnerability of the libxcb library in ALT Linux, ROSA Linux, and MSVSphere operating systems is related to the lack of checks for the correctness of input parameters for the export function xcbgetpropertyvalueend. Exploiting this vulnerability can allow attackers to cause failures in...

CVE-2020-13589

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entitiesid parameter in the 'entities/fields page mulitpleedit or copyselected or export function is vulnerable to authenticated SQL injection. An attacker can make...

Atlassian Confluence 6.1.x < 6.6.16 Local File Disclosure

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 6.1.x /confluence/WEB-INF/ directory and it's subdirectories. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

Akaunting CSV Injection Vulnerability

Akaunting is a free, open source online accounting software designed for small businesses and freelancers. A CSV injection vulnerability exists in the project name field of the export function in Akaunting. An attacker can exploit this vulnerability to inject arbitrary code into the name paramete...

PT-2021-10759 · Akaunting · Akaunting

Name of the Vulnerable Software and Affected Versions: Akaunting versions 2.0.9 and earlier Description: The issue concerns a CSV injection vulnerability in the Item name field of the export function. Attackers can inject arbitrary code into the name parameter, potentially leading to code executi...

Akaunting 安全漏洞

Akaunting is a free, open source online accounting software designed for small businesses and freelancers. A CSV injection vulnerability exists in the project name field of the export function in Akaunting. An attacker can exploit this vulnerability to inject arbitrary code into the name paramete...

CVE-2021-30499

A flaw was found in libcaca. A buffer overflow of export.c in function exporttroff might lead to memory corruption and other potential consequences...

The vulnerability of the export function of the Cisco Umbrella cloud security service allows a perpetrator to execute arbitrary code.

The vulnerability of the export function of the Cisco Umbrella security cloud service is related to the absence of neutralization mechanisms for elements in the CSV file. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the “Export” function in the web application for phpMyAdmin’s database administration system allows a hacker to execute arbitrary code.

The vulnerability of the “Export” function in the phpMyAdmin web application for database management involves the absence of a mechanism to neutralize elements in the CSV file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by opening a specially crafted CSV file...

PT-2021-19200 · Zetetic +1 · Sqlcipher +1

Name of the Vulnerable Software and Affected Versions: Zetetic SQLCipher versions 4.x before 4.4.3 Description: The issue is related to a NULL pointer dereferencing problem in the sqlcipher export function in crypto.c and the sqlite3StrICmp function in sqlite3.c. This may allow an attacker to...

phpList CSV Injection Vulnerability

phpList is an open source newsletter and email marketing software from phpList UK. A CSV injection vulnerability exists in phpList 3.6.0 related to the email parameter and /lists/admin/ export. No detailed vulnerability details are provided at this time...

Canon Oce ColorWave 3500 Security Breach

The Canon Oce ColorWave 3500 is a color printer from Canon Japan. The device is based on solid ink bead printing technology and image logic scanning processing, integrating CAD, GIS and full-coverage, full-color image printing in a single device to provide more professional functionality for the...

OpenMRS Input Validation Error Vulnerability

OpenMRS is an open source electronic medical record system from OpenMRS, Inc. in the United States. OpenMRS suffers from an input validation error vulnerability that stems from the export function of the data exchange module not properly redirecting to the login page. An attacker could exploit th...

Wordpress Search Meter 2.13.2 Plugin - CSV injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Search Meter 2.13.2 - CSV Injection Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://thunderguy.com/semicolon/ Software Link: https://downloads.wordpress.org/plugin/search-meter.2.13.2.zip Version...

WordPress Search Meter 2.13.2 CSV Injection

Exploit Title: Wordpress Plugin Search Meter 2.13.2 - CSV Injection Google Dork: N/A Date: 2020-03-10 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://thunderguy.com/semicolon/ Software Link: https://downloads.wordpress.org/plugin/search-meter.2.13.2.zip Version: 2.13.2 Tested on:...

Wordpress Plugin Search Meter 2.13.2 - CSV injection

Wordpress Plugin Search Meter 2.13.2 - CSV injection Exploit Title: Wordpress Plugin Search Meter 2.13.2 - CSV Injection Google Dork: N/A Date: 2020-03-10 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://thunderguy.com/semicolon/ Software Link:...

WordPress Plugin Search Meter 2.13.2 - CSV injection

Exploit Title: Wordpress Plugin Search Meter 2.13.2 - CSV Injection Google Dork: N/A Date: 2020-03-10 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://thunderguy.com/semicolon/ Software Link: https://downloads.wordpress.org/plugin/search-meter.2.13.2.zip Version: 2.13.2 Tested on:...

Code injection

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users with minimal privileges to export submitted form data and settings via classrmformcontroller.php rmformexport...

Sql injection

The MARC framework import/export function admin/importexportframework.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors...