5077 matches found
CVE-2024-29375
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles and Yield Curve Name parameters...
CVE-2024-29375
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles and Yield Curve Name parameters...
CVE-2024-29375
Addactis IBNRS v3.10.3.107 is affected by a CSV Injection vulnerability that lets an attacker craft a .ibnrs file to inject content into Project Description, Identifiers, Custom Triangle Name, and Yield Curve Name, enabling remote arbitrary code execution. The CVSS 3.1 base score is 9.8 (CRITICAL...
CVE-2024-29375
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles and Yield Curve Name parameters...
BIT-DISCOURSE-2024-27100 Denial of service via Staff Actions in Discourse
Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could...
[SECURITY] Fedora 38 Update: pandoc-2.19.2-22.fc38
Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and...
[SECURITY] Fedora 39 Update: pandoc-3.1.3-29.fc39
Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...
IBM Cloud Pak for Automation CSV Injection Vulnerability
IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from International Business Machines IBM. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and...
Sr2T - Converts Scanning Reports To A Tabular Format
Scanning reports to tabular sr2t This tool takes a scanning tool's output file, and converts it to a tabular format CSV, XLSX, or text table. This tool can process output from the following tools: 1. Nmap XML; 2. Nessus XML; 3. Nikto XML; 4. Dirble XML; 5. Testssl JSON; 6. Fortify FPR. Rationale...
CVE-2023-35899
IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file...
CVE-2023-35899
IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file...
CVE-2024-1119
The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exporttipstocsv function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin's order fees...
PT-2024-17417 · WordPress · The Management App For Woocommerce
Name of the Vulnerable Software and Affected Versions: The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress version 1.2.0 and earlier Description: The issue is related to arbitrary file uploads due to missing file type...
WordPress Plugin Order Tip for WooCommerce Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Exploit for Path Traversal in Aiohttp
CVE-2024-23334 PoC Description This repository contains a...
CVE-2024-27100 Denial of service via Staff Actions in Discourse
Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could...
CVE-2024-27756
GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title...
CVE-2024-27756
GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title...
CVE-2024-27756
GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title...
CVE-2024-27756
GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title...