AiLux imx6 Security Vulnerability

AiLux imx6 is a computational module from AiLux. A security vulnerability exists in versions prior to AiLux imx6 bundle imx61.0.7-2, which stems from incorrect neutralization of formula elements in SV files, allowing an authenticated, remote attacker to inject arbitrary formulas into the generate...

PT-2024-12521 · Ibm · Ibm Cloud Pak For Automation

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Automation versions 18.0.0 through 22.0.2 Description: The issue is caused by improper validation of csv file contents, allowing a remote attacker to execute arbitrary commands on the system. This can lead to unauthorized...

Sql injection

SQL Injection vulnerability in MyPrestaModules "Product Catalog CSV, Excel Import" simpleimportproduct modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::construct and importProducts::addDataToDb methods...

CVE-2024-25847

CVE-2024-25847 describes a SQL injection in the PrestaShop ecosystem: the MyPrestaModules “Product Catalog (CSV, Excel) Import” (simpleimportproduct) module affects PrestaShop versions prior to 6.5.0. The root cause is an injection vulnerability exploitable through the Send::__construct() and imp...

CVE-2024-25843

In the module "Import/Update Bulk Product from any Csv/Excel File Pro" baimporter up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions...

[SECURITY] Fedora 38 Update: libxls-1.6.2-14.fc38

This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...

[SECURITY] Fedora 39 Update: libxls-1.6.2-14.fc39

This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...

CVE-2024-25843

In the module "Import/Update Bulk Product from any Csv/Excel File Pro" baimporter up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions...

Server Side Request Forgery (SSRF)

github.com/grafana/grafana-csv-datasource is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to improper validation of user input, allowing attackers to craft requests to endpoints within the local network...

SploitScan - A Sophisticated Cybersecurity Utility Designed To Provide Detailed Information On Vulnerabilities And Associated Proof-Of-Concept (PoC) Exploits

SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits. It'...

HackerOne: Ability to identify actual private from sandboxed programs using link hackerone.com/$handle/terms_acceptance_data.csv

The researcher discovered a vulnerability that allowed them to identify private programs on HackerOne by accessing the terms acceptance data CSV file for those programs. The vulnerability was confirmed to exist on HackerOne's own dummy invite-only program, as well as other private programs, but n...

Improper Authorization

com.hazelcast:hazelcast is vulnerable to Improper Authorization. The issue exists within the SQL mapping for the CSV File Source connector. The vulnerability is due to inadequate permission checking, allowing unauthorized clients to access data from files stored on a member's filesystem. Attacker...

Hazelcast Platform permission checking in CSV File Source connector

Impact In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem. Patches Fix...

CVE-2023-45860

A flaw was found in the Hazelcast Platform. The flaw exists in SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem. Mitigation Disabling the Hazelcas...

CVE-2023-45860

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem...

CVE-2023-45860

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem...

CVE-2023-45860

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem...

Design/Logic Flaw

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem...

CVE-2023-45860

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem...

CVE-2023-45860

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem...