5078 matches found
CVE-2024-41226
CVE-2024-41226 describes a CSV injection vulnerability in Automation Anywhere Automation 360 (v21094). The underlying issue allows an attacker to trigger arbitrary code execution by injecting a crafted payload into the HTTP response from the client-side, with the end-user owning the response and ...
ROS-20240726-04
Vulnerability in Moodle virtual learning environment due to a risk in CSV import method XSS. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a cross-site scripting XSS attack. cross-site scripting XSS...
CVE-2024-41806
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
CVE-2024-41806
Open edX Platform's instructor CSV uploads for cohorts can be publicly accessible when using certain storage backends. The root cause is that uploads to AWS S3 buckets could be written with a public ACL in affected branches (master, palm, olive, nutmeg, maple, lilac, koa, juniper). A patch (commi...
CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
CVE-2024-41672
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...
DuckDB 安全漏洞
DuckDB is an in-process SQL OLAP database management system from DuckDB open source. A security vulnerability exists in DuckDB 1.0.0 and earlier versions, which stems from the ability of sniffcsv to provide file system access even when enableexternalaccess is disabled, which could allow an attack...
PT-2024-5331 · Duckdb · Duckdb
Name of the Vulnerable Software and Affected Versions: DuckDB versions 1.0.0 and prior Description: The issue is related to the sniff csv function in DuckDB, which allows access to the filesystem even when enable external access is set to false. This provides an attacker with unauthorized access ...
CVE-2024-3232
A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232...
CVE-2024-3232
The CVE-2024-3232 issue affects Tenable Identity Exposure. The vulnerability is a formula injection where an authenticated, admin-level attacker can manipulate application form fields to induce another administrator to execute CSV payloads. Concrete details in connected sources indicate Tenable I...
CVE-2024-3232 Formula Injection Vulnerability
A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232...
CVE-2024-3232 Formula Injection Vulnerability
A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232...
How to Export Target Devices into a .CSV File
This article details how to export Target Devices from a Provisioning Services PVS database in a formatted Comma Separated Values CSV file. Requirements SQL Server Management Studio or bcp.exe, both of which are components of a full SQL Server or SQL Server Express install...
CVE-2024-27785
An improper neutralization of formula elements in a CSV File CWE-1236 vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports...
CVE-2024-27785
An improper neutralization of formula elements in a CSV File CWE-1236 vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports...
CVE-2024-27785
An improper neutralization of formula elements in a CSV File CWE-1236 vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports...
CVE-2024-27785
An improper neutralization of formula elements in a CSV File CWE-1236 vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports...
CVE-2024-27785
CVE-2024-27785 affects Fortinet FortiAIOps 2.0.0. The flaw is improper neutralization of formula elements in CSV files, allowing a remote authenticated attacker to execute arbitrary commands on a client’s workstation via poisoned CSV reports. Exploitation requires authentication; an attacker can ...