Security Bulletin: IBM Guardium Data Encryption (GDE) has a vulnerability (CVE-2021-39022), related to hazardous input.

Summary Vulnerability identified in IBM Guardium Data Encryption GDE, related to hazardous input. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39022 DESCRIPTION: IBM Guardium Data Encryption GDE saves user-provided information into a Comma-Separated Value C...

CVE-2021-32472

CVE-2021-32472 is an authorization flaw in Moodle where exporting a forum to CSV may expose a CSV of forums from all courses under certain conditions. Affected versions: Moodle 3.10.0–3.10.3, 3.9.x up to 3.9.6, and 3.8.x up to 3.8.8. The provided documents do not specify the exact root cause deta...

CVE-2021-32472

Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected...

CVE-2021-39022

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID...

CVE-2021-39022

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID...

Command injection

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID...

CVE-2021-39022

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID...

CVE-2021-39022

CVE-2021-39022 affects IBM Guardium Data Encryption (GDE) versions 4.0.0.0 and 5.0.0.0. The vulnerability arises because GDE saves user-provided information in a CSV file without proper escaping, enabling special elements to be interpreted as commands when the file is opened by spreadsheet softwa...

IOC Scraper - A Fast And Reliable Service That Enables You To Extract IOCs And Intelligence From Different Data Sources

IOC Scraper utilises IOCPARSER service to fetch IOCs from different vendor Blogs, PDFs, and CSV files. Parsing IOCs is time-consuming process, using current script one can automatically extract and aggregate IOCs easily. Features Defanged IOCs : Supports extracting and defanging IOCs. Whitelist...

WordPress WP Ultimate CSV Importer plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress WP Ultimate CSV Importer plugin prior to 6.4.3...

CVE-2022-0360

The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones either intentionnaly or not and lead to Stored Cross-Site Scripting issues...

CVE-2022-0360

CVE-2022-0360 affects the WordPress plugin WP Ultimate CSV Importer (versions prior to 6.4.3). The root cause is failure to sanitise and escape imported comments, enabling stored Cross-Site Scripting (XSS) by high-privilege users who import malicious comments. Documented evidence shows an admin+ ...

PT-2022-13125 · WordPress · Wp Ultimate Csv Importer

Name of the Vulnerable Software and Affected Versions: WP Ultimate CSV Importer WordPress plugin versions prior to 6.4.3 Description: The issue allows high privilege users to import malicious comments, potentially leading to Stored Cross-Site Scripting issues, due to the lack of sanitization and...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress WP Ultimate CSV Importer plugin prior to 6.4.3...

NTLMRecon - Enumerate Information From NTLM Authentication Enabled Web Endpoints

A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains. NTLMRecon is built with flexibilty in mind. Need to run recon on a single URL, an IP address, an...

Security Bulletin: Potential CSV injection threat affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4071)

Summary A potential CSV injection threat can affect IBM Spectrum Control, causing corrupted data to be inserted in the application. Vulnerability Details CVEID: CVE-2019-4071 DESCRIPTION: IBM Tivoli Storage Productivity Center could allow a remote attacker to execute arbitrary commands on the...

FileCloud 21.2 Cross Site Request Forgery

Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...

FileCloud 21.2 - Cross-Site Request Forgery Vulnerability

Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...

WordPress Import any XML or CSV File to WordPress Plugin < 3.6.3 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-25241

In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery CSRF...