Lucene search
+L

42 matches found

ATTACKERKB
ATTACKERKB
added 2022/09/16 2:15 p.m.3 views

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

6.1CVSS5.8AI score0.00649EPSS
Exploits1References2
OSV
OSV
added 2022/09/16 1:24 p.m.26 views

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

6.1CVSS6.3AI score0.00649EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.22 views

Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...

7.2CVSS8.3AI score0.01921EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 4:52 p.m.24 views

GHSA-2X55-MG9R-24F7 Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...

7.2CVSS7.5AI score0.01921EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/02/11 9:15 p.m.6 views

CVE-2021-46363

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel...

9.3CVSS7.9AI score0.01874EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/02/08 10:30 a.m.28 views

CVE-2022-21241

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag...

8.9AI score0.03174EPSS
Exploits0References2
OSV
OSV
added 2020/12/14 8:15 p.m.4 views

CVE-2020-29304

A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...

6.1CVSS6.2AI score0.05483EPSS
Exploits3References4
Prion
Prion
added 2019/08/06 5:15 p.m.17 views

Cross site scripting

An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload...

3.5CVSS5.1AI score0.00764EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2019/08/02 10:15 p.m.23 views

Remote code execution

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...

6.5CVSS7.3AI score0.01921EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/02 9:23 p.m.76 views

CVE-2019-7896

CVE-2019-7896 affects Magento versions prior to 2.1.18 (2.1.x), 2.2 prior to 2.2.9, and 2.3 prior to 2.3.2. The flaw allows an authenticated administrator with access to layouts to execute arbitrary code via a combination of product import, a crafted CSV file, and an XML layout update, resulting ...

7.2CVSS7.5AI score0.01921EPSS
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2018/10/01 12:0 a.m.113 views

Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)

Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Google Dork: - Date: 2018-09-28 Exploit Author: modpr0be Vendor Homepage: http://www.zahiraccounting.com/ Software Link:...

6.8CVSS0.5AI score0.18968EPSS
Exploits8
Exploit DB
Exploit DB
added 2018/10/01 12:0 a.m.55 views

Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)

Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Google Dork: - Date: 2018-09-28 Exploit Author: modpr0be Vendor Homepage: http://www.zahiraccounting.com/ Software Link: http://zahiraccounting.com/files/zahir-accounting-6-free-trial.zip Version: 6 build 10b - Download here:...

7.8CVSS7.7AI score0.18968EPSS
Exploits8
Prion
Prion
added 2018/04/26 6:29 a.m.13 views

Code injection

Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'script type="text/javascript" src=' line. Fix released on 2018-03-29...

9.3CVSS8AI score0.04103EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2016/02/23 12:0 a.m.3 views

Cybozu Office Denial of Service Vulnerability (CNVD-2016-01263)

Cybozu Office is a WEB-based cross-platform office solution developed by Cybozu Japan. A denial of service vulnerability exists in Cybozu Office versions 9.9.0 through 10.3.0 that could allow an authenticated remote user to cause a denial of service via a crafted CSV file...

6.8CVSS6.5AI score0.01609EPSS
Exploits0References1
NVD
NVD
added 2016/02/17 2:59 a.m.12 views

CVE-2015-8489

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service excessive database locking via a crafted CSV file, a different vulnerability than CVE-2016-1153...

6.8CVSS6AI score0.01609EPSS
Exploits0References3
Prion
Prion
added 2016/02/17 2:59 a.m.14 views

Design/Logic Flaw

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service excessive database locking via a crafted CSV file, a different vulnerability than CVE-2016-1153...

6.8CVSS6.6AI score0.01609EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/02/17 2:0 a.m.21 views

CVE-2015-8489

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service excessive database locking via a crafted CSV file, a different vulnerability than CVE-2016-1153...

6.2AI score0.01609EPSS
Exploits0References3
NVD
NVD
added 2015/05/17 1:59 a.m.26 views

CVE-2014-9204

Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file...

6.9CVSS7.9AI score0.01573EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/05/17 1:0 a.m.30 views

CVE-2014-9204

Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file...

7.9AI score0.01573EPSS
Exploits0References2
NVD
NVD
added 2011/02/16 3:0 a.m.14 views

CVE-2010-4740

Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a status log message...

9.3CVSS8AI score0.41619EPSS
Exploits2References6
Rows per page
Query Builder