Lucene search
K

5079 matches found

Prion
Prion
added 2021/08/18 3:15 p.m.15 views

Design/Logic Flaw

Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround...

6.5CVSS8.8AI score0.0106EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/18 2:45 p.m.67 views

CVE-2021-37702

Pimcore CVE-2021-37702 affects Pimcore before version 10.1.1, where Data Object CSV import allows formula injection. The issue is fixed in 10.1.1; remediation options include upgrading to 10.1.1 or applying the patch manually. The vulnerability stems from improper handling in CSV import that can ...

8.8CVSS8.3AI score0.0106EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/18 2:45 p.m.23 views

CVE-2021-37702 Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround...

8CVSS9AI score0.0106EPSS
Exploits0References2
NVD
NVD
added 2021/08/12 4:15 p.m.13 views

CVE-2021-20509

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243...

10CVSS0.01748EPSS
Exploits0References2
OSV
OSV
added 2021/08/12 4:15 p.m.4 views

CVE-2021-20509

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243...

9.8CVSS6AI score0.01748EPSS
Exploits0References2
Prion
Prion
added 2021/08/12 4:15 p.m.19 views

Input validation

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243...

10CVSS9.2AI score0.01748EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/12 4:5 p.m.18 views

CVE-2021-20509

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243...

7CVSS9.4AI score0.01748EPSS
Exploits0References2
CVE
CVE
added 2021/08/12 4:5 p.m.53 views

CVE-2021-20509

CVE-2021-20509 affects IBM Maximo Asset Management core product versions 7.6.0.x and 7.6.1.x. Root cause: improper validation of CSV file contents, enabling CSV Injection that could allow a remote attacker to execute arbitrary commands on the system. Remediation: IBM’s bulletin provides fixes (In...

10CVSS9.4AI score0.01748EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2021/08/12 12:0 a.m.27 views

IBM Maximo Asset Management CSV Injection Vulnerability (CNVD-2021-88198)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. IBM Maximo Asse...

10CVSS9.8AI score0.01748EPSS
Exploits0References1
NVD
NVD
added 2021/08/09 2:15 p.m.19 views

CVE-2021-33256

A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...

9.3CVSS0.79003EPSS
Exploits1References1
OSV
OSV
added 2021/08/09 2:15 p.m.4 views

CVE-2021-33256

A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...

8.8CVSS7.3AI score0.79003EPSS
Exploits1References1
Prion
Prion
added 2021/08/09 2:15 p.m.22 views

Design/Logic Flaw

DISPUTED A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts...

9.3CVSS8.5AI score0.79003EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/09 1:28 p.m.18 views

CVE-2021-33256

A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...

8.8AI score0.79003EPSS
Exploits1References1
CVE
CVE
added 2021/08/09 1:28 p.m.69 views

CVE-2021-33256

CVE-2021-33256 affects ManageEngine ADSelfService Plus 6.1 Build 6101. Multiple sources describe a CSV injection on the login panel, where the unauthenticated user can trigger a vulnerability via the j_username parameter, potentially enabling a reverse shell when a privileged user exports the Use...

9.3CVSS8.6AI score0.79003EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/08/09 12:0 a.m.7 views

PT-2021-20095 · Manageengine · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine ADSelfService Plus version 6.1 Build No: 6101 Description: A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus can be exploited by an unauthenticated user. The j username parameter seems to be...

9.3CVSS7.2AI score0.79003EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.9 views

zoho ManageEngine ADSelfService Plus 安全漏洞

ZOHO ManageEngine ADSelfService Plus is a web-based end-user password management software from ZOHO, Inc. A CSV injection vulnerability exists in ZOHO ManageEngine ADSelfService Plus, which can be exploited by attackers to obtain a reverse shell...

9.3CVSS5.6AI score0.79003EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2021/08/06 12:0 a.m.11 views

Welcart e-Commerce < 2.2.8 - Unauthenticated Information Disclosure

The plugin did not have proper capability check in some of its functions, which could allow unauthenticated users to download the list of members, products and orders in CSV format...

2.8AI score
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.5 views

Centreon SQL注入漏洞

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring of network, system and application resources. A SQL injection vulnerability exists in Centreon versions prior to 20.04.14, 20.10.8, and 21.04.2. An...

8.8CVSS8.6AI score0.29424EPSS
Exploits1References2
Veracode
Veracode
added 2021/07/28 4:55 a.m.23 views

Insecure Access Control

directmailteam/direct-mail uses insecure access controls. The extension fails to check if an authenticated backend user has access to newsletter subscriber tables e.g. ttaddress, feusers when using the CSV export function of the extension...

4.3CVSS2.9AI score0.00778EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2021/07/21 3:15 p.m.18 views

CVE-2021-22771

A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution...

7.3CVSS0.01145EPSS
Exploits0References1
Rows per page
Query Builder