HackerOne: IDOR in Report CSV export discloses the IDs of Custom Field Attributes of Programs

Specifying a report ID of another team when requesting a CSV export leaks the ID of the Custom Field Attribute in the CSV header. Request POST /reports/export HTTP/1.1 Host: localhost:8080 ... ----------868143055 Content-Disposition: form-data; name="reportids" 17 ----------868143055...

Imago Forensics - Imago Is A Python Tool That Extract Digital Evidences From Images

Imago is a python tool that extract digital evidences from images recursively. This tool is useful throughout a digital forensic investigation. If you need to extract digital evidences and you have a lot of images, through this tool you will be able to compare them easily. Imago allows to extract...

UBUNTU-CVE-2018-20752

An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote...

WiGLE - Wifi Wardriving (Nethugging Client For Android)

Open source network observation, positioning, and display client from the world's largest queryable database of wireless networks. Can be used for site-survey, security analysis, and competition with your friends. Collect networks for personal research or upload to https://wigle.net. WiGLE has be...

CVE-2018-8920

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...

CVE-2018-8920

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...

Qualys Cloud Platform 2.34.1 New Features

This release of the Qualys Cloud Platform version 2.34.1 includes updates and new features for Cloud Agent & AWS EC2 Connector, AssetView, CloudView, and Security Assessment Questionnaire, highlights as follows. Cloud Agent & AWS EC2 Connector Automatic Merge of Cloud Agents running in Amazon Web...

Wordpress Plugin Ninja Forms CSV Injection Vulnerability

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Software Foundation, which supports personal blog sites on servers with PHP and MySQL. Ninja Forms is the ultimate free form creation tool for WordPress. A CSV injection vulnerability exists in WordPress Nin...

Security Bulletin: Remote Code Execution vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1547)

Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to a remote code execution vulnerability Vulnerability Details CVEID: CVE-2018-1547 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere could allow a remote attacker to execute arbitrary code on the...

CVE-2018-1547

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security...

Design/Logic Flaw

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security...

CVE-2018-1547

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security...

CVE-2018-1547

IBM Robotic Process Automation with Automation Anywhere 10.0 is affected by CVE-2018-1547 due to improper output encoding in CSV exports, enabling remote code execution when a user opens a CSV and confirms two security questions in Excel. The vulnerability arises from encoding issues in the CSV e...

CVE-2018-1547

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security...

CVE-2018-9107

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export...

WordPress Email Subscribers & Newsletters Plugin Information Disclosure Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters plugin is used in one of the push message plugin. An information disclosure vulnerability exists in...

Wavecrack - Web Interface For Password Cracking With Hashcat

A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Screenshots The homepage Adding an hash to crack Seeing the results and some stats Outline This Web application can be used to launch asynchronous password cracks with hashcat. The...

Design/Logic Flaw

In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...

CVE-2017-18049

In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...

CVE-2017-18049

In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...