Lucene search
K

5079 matches found

Prion
Prion
added 2021/12/10 9:15 p.m.27 views

Directory traversal

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

3.5CVSS4.7AI score0.01773EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2021/12/10 9:15 p.m.4 views

UBUNTU-CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

4.3CVSS6.9AI score0.01773EPSS
Exploits0References8
Cvelist
Cvelist
added 2021/12/10 8:40 p.m.29 views

CVE-2021-43815 Grafana directory traversal for `.cvs` files

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

4.3CVSS6AI score0.01773EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2021/12/10 8:40 p.m.35 views

CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

4.3CVSS4.9AI score0.01773EPSS
Exploits0
CNNVD
CNNVD
added 2021/12/10 12:0 a.m.4 views

Grafana 路径遍历漏洞

Grafana is an open source monitoring tool from Grafana Labs that provides a visual monitoring interface. The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus, etc. A path traversal vulnerability exists in Grafana, which stems from the product's failure to effectively...

4.3CVSS7.4AI score0.01773EPSS
Exploits0References12
FreeBSD
FreeBSD
added 2021/12/09 12:0 a.m.40 views

Grafana -- Directory Traversal

GitHub Security Labs reports: A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrar...

4.3CVSS2.3AI score0.01773EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/12/09 12:0 a.m.39 views

Grafana -- Directory Traversal

GitHub Security Labs reports: A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrar...

4.3CVSS2.5AI score0.57991EPSS
Exploits0References1
Kitploit
Kitploit
added 2021/12/08 9:56 p.m.27 views

SMBeagle - Fileshare Auditing Tool That Hunts Out All Files It Can See In The Network And Reports If The File Can Be Read And/Or Written

SMBeagle is an SMB fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host, or both!? SMBeagle tries to make use of the win32 APIs for maximum...

7.2AI score
Exploits0References3
OSV
OSV
added 2021/12/06 4:15 p.m.4 views

CVE-2021-24714

The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00598EPSS
Exploits2References1
Prion
Prion
added 2021/12/06 4:15 p.m.19 views

Cross site scripting

The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.9AI score0.00598EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/12/06 3:55 p.m.16 views

CVE-2021-24714 WP All Import < 3.6.3 - Admin+ Stored Cross-Site Scripting

The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed...

5.3AI score0.00598EPSS
Exploits2References1
Kitploit
Kitploit
added 2021/12/04 11:30 a.m.25 views

DLLHijackingScanner - This Is A PoC For Bypassing UAC Using DLL Hijacking And Abusing The "Trusted Directories" Verification

This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification. Generate Header from CSV The python script CsvToHeader.py can be used to generate a header file. By default it will use the CSV file dllhijackingcandidates.csv that can be found here:...

7AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/11/30 10:22 p.m.26 views

Improper Neutralization of Formula Elements in a CSV File in html-2-csv

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...

9.8CVSS2.9AI score0.01205EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/11/30 10:22 p.m.16 views

GHSA-FWF6-RW69-HHJ4 Improper Neutralization of Formula Elements in a CSV File in html-2-csv

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...

6.3CVSS9.5AI score0.01205EPSS
Exploits1References7
Veracode
Veracode
added 2021/11/29 4:2 a.m.11 views

Cross-site Scripting (XSS)

htmltocsv is vulnerble to cross-site scripting. The vulnerability exists through the formula embedded in a HTML page does not properly validate the input, allowing an attacker to embed or generate a malicious link or execute commands via CSV files...

9.8CVSS2.3AI score0.01205EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2021/11/28 1:12 p.m.336 views

Exploit for Missing Authentication for Critical Function in Freeswitch

PewSWITCH A FreeSWITCH specific scanning and exploitation tool...

7.5CVSS5.8AI score0.03491EPSS
Exploits8
OSV
OSV
added 2021/11/26 8:15 p.m.10 views

CVE-2021-23654

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...

9.8CVSS9.5AI score
Exploits0References2
NVD
NVD
added 2021/11/26 8:15 p.m.11 views

CVE-2021-23654

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...

9.8CVSS0.01205EPSS
Exploits1References2
PyPA
PyPA
added 2021/11/26 8:15 p.m.7 views

PYSEC-2021-866

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...

9.8CVSS7.1AI score0.01205EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/11/26 8:15 p.m.22 views

PYSEC-2021-866

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...

9.8CVSS3AI score0.01205EPSS
Exploits1References3
Rows per page
Query Builder