PT-2024-33291 · WordPress · Wpdatatables

Name of the Vulnerable Software and Affected Versions: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin versions up to, and including, 3.4.2.12 Description: The issue is related to Stored Cross-Site Scripting via the CSV import functionality due to insufficient input...

Grafana directory traversal for .cvs files

Today we are releasing Grafana 8.3.2 and 7.5.12. This patch release includes a moderate severity security fix for directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability i...

GHSA-7533-C8QV-JM9M Grafana directory traversal for .cvs files

Today we are releasing Grafana 8.3.2 and 7.5.12. This patch release includes a moderate severity security fix for directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability i...

CVE-2024-33858

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The sourcename parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory...

CVE-2024-33858

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The sourcename parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory...

CVE-2024-33858

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The sourcename parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.4.0, which stems from the fact that the sourcename parameter can be changed to an absolute path, which will write a CSV file to the tmp directory...

CVE-2024-33858

CVE-2024-33858 affects Logpoint before 7.4.0. A path injection flaw occurs when adding a CSV enrichment source: the source_name parameter can be changed to an absolute path, enabling writing the CSV file to that path inside /tmp. This is a vulnerability in the enrichment source handling and could...

CVE-2024-28764

IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623...

CVE-2024-28764 IBM WebSphere Automation CSV injection

IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623...

CVE-2024-28764 IBM WebSphere Automation CSV injection

IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623...

CVE-2024-28764

IBM WebSphere Automation 1.7.0 is affected by a CSV injection vulnerability caused by improper validation of CSV file contents. An attacker with privileged network access could execute arbitrary commands on the system (impacting confidentiality, integrity, and availability). The issue stems from ...

Security Bulletin: IBM WebSphere Automation is vulnerable to a Privilege Escalation vulnerability (CVE-2024-28764)

Summary IBM WebSphere Automation is vulnerable to a Privilege Escalation vulnerability. Vulnerability Details CVEID:CVE-2024-28764 DESCRIPTION: IBM WebSphere Automation could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary...

The vulnerability in the `inc/csv.php` script of the WordPress Automatic Plugin, a content management system for WordPress websites, allows attackers to execute arbitrary SQL code.

The vulnerability in the inc/csv.php script of the WordPress Automatic Plugin, a content management system for WordPress websites, relates to the failure to protect the SQL query structure during the processing of the $q variable, as a result of the authentication mechanism being bypassed...

CVE-2024-28328

CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format...

CVE-2024-28328

CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format...

CVE-2024-28328

CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format...

CVE-2024-28328

The connected Red Hat/NVD/Other sources confirm a CSV Injection vulnerability in ASUS RT-N12+ (B1) routers. The flaw stems from insufficient input sanitization in the client name parameter, which, when exporting data to CSV, can allow an administrator to inject commands or formulas that may execu...

Import Users from CSV < 1.3 - Authenticated (Admin+) PHP Object Injection

Description The Import Users from CSV plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object...

Cross-site Scripting (XSS)

mindsdb is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper CSV file sanitization, which allows an attacker to uploud malicious JavaScript payloads embedded within CSV files, triggering XSS when viewed...