Lucene search
K

5079 matches found

WPVulnDB
WPVulnDB
added 2022/01/26 12:0 a.m.16 views

WP Ultimate CSV Importer < 6.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones either intentionnaly or not and lead to Stored Cross-Site Scripting issues PoC Import the following CSV as comment:...

1.8AI score0.00637EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.464 views

WP Ultimate CSV Importer < 6.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones either intentionnaly or not and lead to Stored Cross-Site Scripting issues Import the following CSV as comment:...

4.8AI score0.00637EPSS
Exploits2References1
NVD
NVD
added 2022/01/21 7:15 p.m.18 views

CVE-2022-23129

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when...

5.5CVSS0.00186EPSS
Exploits0References3
Prion
Prion
added 2022/01/21 7:15 p.m.18 views

Design/Logic Flaw

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when...

2.1CVSS6.4AI score0.00186EPSS
Exploits0References3Affected Software2
Patchstack
Patchstack
added 2022/01/17 12:0 a.m.11 views

WordPress WP Ultimate CSV Importer plugin <= 6.4.1 - Arbitrary Option Deletion vulnerability

Arbitrary Option Deletion vulnerability discovered by WPScanTeam in WordPress WP Ultimate CSV Importer plugin versions = 6.4.1. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.4.2...

2.9AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/17 12:0 a.m.13 views

WP Ultimate CSV Importer < 6.4.2 - Subscriber+ Arbitrary Option Deletion

The plugin does not have authorisation and CSRF checks when deleting options via the disablemainmode AJAX action, and does not ensure that the option to be delete belong to the plugin. As a result, any authenticated user, such as subscriber, could delete arbitrary options from the blog PoC POST...

1.4AI score
Exploits0Affected Software1
wpexploit
wpexploit
added 2022/01/17 12:0 a.m.620 views

WP Ultimate CSV Importer < 6.4.2 - Subscriber+ Arbitrary Option Deletion

The plugin does not have authorisation and CSRF checks when deleting options via the disablemainmode AJAX action, and does not ensure that the option to be delete belong to the plugin. As a result, any authenticated user, such as subscriber, could delete arbitrary options from the blog POST...

0.2AI score
Exploits0
Patchstack
Patchstack
added 2022/01/12 12:0 a.m.19 views

WordPress WP Ultimate CSV Importer plugin <= 6.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered in WordPress WP Ultimate CSV Importer plugin versions = 6.4. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.4.1...

3.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/01/12 12:0 a.m.8 views

WordPress WP Ultimate CSV Importer plugin <= 6.4 - Arbitrary Media File Deletion vulnerability

Arbitrary Media File Deletion vulnerability restricted to the uploads folder of the current year/month discovered in WordPress WP Ultimate CSV Importer plugin versions = 6.4. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.4.1...

3.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/01/12 12:0 a.m.8 views

WordPress WP Ultimate CSV Importer plugin <= 6.4 - Plugin Settings Update vulnerability

Plugin Settings Update vulnerability discovered in WordPress WP Ultimate CSV Importer plugin versions = 6.4. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.4.1...

2.9AI score
Exploits0References1Affected Software1
Veracode
Veracode
added 2022/01/11 4:11 a.m.20 views

CSV Injection

nocodb is vulnerable to CSV injection attacks. The vulnerability exists due to lack of sanitization in table rows which allows attackers to inject payload and execute in endpoint when administer opens the CSV file...

8CVSS5.6AI score0.0121EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2022/01/10 4:15 p.m.24 views

CVE-2022-22121

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability Formula Injection. A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens...

8CVSS0.0121EPSS
Exploits1References2
OSV
OSV
added 2022/01/10 4:15 p.m.15 views

CVE-2022-22121

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability Formula Injection. A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens...

8CVSS6.9AI score0.0121EPSS
Exploits1References2
Prion
Prion
added 2022/01/10 4:15 p.m.22 views

Input validation

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability Formula Injection. A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens...

6CVSS7.8AI score0.0121EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/01/10 3:25 p.m.65 views

CVE-2022-22121

CVE-2022-22121 (NocoDB) affects versions 0.81.0–0.83.8. A low-privileged attacker can create a table and inject payloads into table rows; when an administrator exports data to CSV via the User Management endpoint and opens the file, the payload may execute. Root cause stated as lack of sanitizati...

8CVSS7.8AI score0.0121EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/01/10 3:25 p.m.25 views

CVE-2022-22121 NocoDB - CSV Injection in User Management

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability Formula Injection. A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens...

8CVSS7.9AI score0.0121EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/09 1:33 p.m.5 views

CVE-2022-22121

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability Formula Injection. A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens...

8CVSS7.1AI score0.0121EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/01/06 10:22 p.m.6 views

bower-cache (=0.5.0), cacahuate (>=3.9.0 <=4.0.0a6) +58 more potentially affected by CVE-2021-23727 via celery (>=3.1.11 <=5.2.1)

celery PYPI version =3.1.11, =3.9.0, =0.0.2, =1.0.1, =0.19.0, =2.0.0a0, =1.0.0, =1.0.24, =0.0.5, =0.0.13, =1.0.18, =1.2.7 and more Source cves: CVE-2021-23727 Source advisory: OSV:GHSA-Q4XR-RC97-M4XX...

7.5CVSS7.1AI score0.03877EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/01/06 10:13 p.m.5 views

agnes (>=0.3.0 <=0.3.2), automl (>=0.2.6 <=0.2.7) +1 more potentially affected by CVE-2021-45686 via csv-sniffer (=0.1.1)

csv-sniffer CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on csv-sniffer and may be impacted: - agnes =0.3.0, =0.2.6, =0.1.7, =0.1.8 Source cves: CVE-2021-45686 Source advisory: OSV:GHSA-9783-42PM-X5JQ...

9.8CVSS7.2AI score0.01191EPSS
Exploits0
OSV
OSV
added 2022/01/06 10:13 p.m.11 views

GHSA-9783-42PM-X5JQ Use of Uninitialized Resource in csv-sniffer.

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation within fn preambleskipcount. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading fro...

9.8CVSS9.4AI score0.01191EPSS
Exploits0References6
Rows per page
Query Builder