CVE-2024-41358

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...

PT-2024-40292 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: A broken access control issue has been discovered in the Import/Export module, allowing regular backend users to access import functionality that is typically restricted to admin users or tho...

CVE-2024-28394

An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The program provides a variety of payment methods, SMS alerts and product image zoom and other features. A security vulnerability exists in PrestaShop Sales Reports, Statistics, Custom Fields & Export...

CVE-2024-28394

An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module...

CVE-2024-20953

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Export. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...

Design/Logic Flaw

In the module "Orders CSV, Excel Export PRO" ordersexport 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information fro...

GHSA-8GMV-9HWG-W89G Information Disclosure via Export Module

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C 4.0 Problem The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have...

Information Disclosure via Export Module

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C 4.0 Problem The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have...

TYPO3 Information Disclosure Vulnerability (TYPO3-CORE-SA-2022-001)

TYPO3 is prone to an information disclosure vulnerability via the Export Module. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-31046 Information Disclosure via Export Module in TYPO3 CMS

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-001...

TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-001...

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2021-002

The Social User Export module enables users within Open Social to create an export of users and download this to a CSV file. The module doesn't sufficiently check access when building the CSV file, allowing logged-in users without the manage members permission to be able to export all data from a...

TYPO3 9.3.x <= 9.5.7 Broken Access Control Vulnerability

TYPO3 CMS is susceptible to a broken access control vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ...

CVE-2019-11019

Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/allclaimdetail.php?claimid= URLs...

Red Hat CloudForms Cross-Site Scripting Vulnerability

Red Hat CloudForms is a hybrid infrastructure management platform from Red Hat, Inc. The platform provides deployment, management, and other capabilities across virtual machines, clouds, containers, and physical infrastructure. A cross-site scripting vulnerability exists in the PDF export module ...

Cross site scripting

lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS...

Reverse Engineering Communication Protocols: Netzob

Reverse Engineering Communication Protocols Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be...

SPSControl v1.2 iOS - (.spc) Persistent Vulnerability

Document Title: =============== SPSControl v1.2 iOS - .spc Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1404 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ==================================== 1404...