CVE-2022-21241

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag...

Cross site scripting

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag...

CVE-2022-21241

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag...

CVE-2022-21241

CSV+ prior to 0.8.1 is vulnerable to cross-site scripting: a remote unauthenticated attacker can inject arbitrary script or OS commands via a specially crafted CSV containing an HTML tag. Affected versions are CSV+ before 0.8.1; remediation is to update to v0.8.1 or later. CVSS details in source...

February 8, 2022—KB5010395 (Security-only update)

February 8, 2022—KB5010395 Security-only update Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. IMPORTANT Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support...

CSV+ vulnerable to cross-site scripting

Overview CSV+ provided by Plus one is a tabbed CSV editor. CSV+ contains a cross-site scripting vulnerability CWE-79. Satoki Tsuji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a CSV file containing a t...

SMBSR - Lookup For Interesting Stuff In SMB Shares

Well, SMBSR is a python script which given a CIDR/IP/IPfile/HOSTNAMEs enumerates all the SMB services listening 445 among the targets and tries to authenticate against them; if the authentication succeed then all the folders and subfolders are visited recursively in order to find secrets in files...

CVE-2022-22689

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands...

CVE-2022-22689

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands...

CVE-2022-22689

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands...

Input validation

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands...

CVE-2022-22689

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1 contain a vulnerability in the CSV export function caused by insufficient input validation. This may allow a privileged user to potentially execute arbitrary code or commands. The CVE description lists the affected ver...

CVE-2022-22689

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands...

JVN#67396225: CSV+ vulnerable to cross-site scripting

CSV+ provided by Plus one is a tabbed CSV editor. CSV+ contains a cross-site scripting vulnerability CWE-79. Impact If a CSV file containing a tag is loaded and the link is clicked by the user of the software, an arbitrary script or OS command may be executed. Solution Update the Software Update...

Csv+ 跨站脚本漏洞

Csv+ is a new Csv editor from the Japanese individual developer Masaki Enomoto. CSV+ suffers from a cross-site scripting vulnerability that exists due to insufficient cleaning of user-supplied data. A remote attacker can trick a victim into following specially crafted links and execute arbitrary...

express-check-introspection-key (=1.0.0), leapfin-exercise (>=1.0.0 <=1.1.1) +1 more potentially affected by CVE-2022-25872 via fast-string-search (=1.4.4)

fast-string-search NPM version =1.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on fast-string-search and may be impacted: - express-check-introspection-key =1.0.0 - leapfin-exercise =1.0.0, =0.0.1, =0.0.2-beta.0 Source cves: CVE-2022-25872 Source...

express-check-introspection-key (=1.0.0), leapfin-exercise (>=1.0.0 <=1.1.1) +1 more potentially affected by CVE-2022-22138 via fast-string-search (=1.4.4)

fast-string-search NPM version =1.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on fast-string-search and may be impacted: - express-check-introspection-key =1.0.0 - leapfin-exercise =1.0.0, =0.0.1, =0.0.2-beta.0 Source cves: CVE-2022-22138 Source...

Bluffy - Convert Shellcode Into Different Formats!

Bluffy is a utility which was used in experiments to bypass Anti-Virus products statically by formatting shellcode into realistic looking data formats. Proof-of-concept tools, such as 0xBoku's NinjaUUIDRunner and ChoiSG's UuidShellcodeExec, inspired the initial concept for Bluffy. So far, we...

[SECURITY] Fedora 35 Update: rust-below-0.4.1-3.fc35

below is an interactive tool to view and record historical system data. It has support for: - information regarding hardware resource utilization - viewing the cgroup hierarchy - cgroup and process information - pressure stall information PSI - record mode to record system data - replay mode to...

Mageia: Security Advisory (MGASA-2018-0310)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...