5079 matches found
WFH - Windows Feature Hunter
Windows Feature Hunter WFH is a proof of concept python script that uses Frida, a dynamic instrumentation toolkit, to assist in potentially identifying common “vulnerabilities” or “features” within Windows executables. WFH currently has the capability to automatically identify potential Dynamic...
WordPress Modern Events Calendar 5.16.2 Information Disclosure
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.z...
Wordpress Modern Events Calendar 5.16.2 Plugin - Event export (Unauthenticated) Exploit
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.zip Version: Befo...
Wordpress Plugin Modern Events Calendar 5.16.2 - Event export (Unauthenticated)
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.z...
phpList < 3.6.3 CSV Injection Vulnerability
phpList is prone to a CSV injection vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phplist:phplist"; if descripti...
July 6, 2021—KB5004954 (Monthly Rollup) Out-of-band
July 6, 2021—KB5004954 Monthly Rollup Out-of-band Important: This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the Update on Adobe Flash Player End of Support. Important: Windows 8.1 and Windows Server 2012 R2 ha...
July 7, 2021—KB5004956 (Monthly Rollup) Out-of-band
July 7, 2021—KB5004956 Monthly Rollup Out-of-band Important: This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the Update on Adobe Flash Player End of Support. Important: Windows Server 2012 has reached the end o...
July 7, 2021—KB5004960 (Security-only update) Out-of-band
July 7, 2021—KB5004960 Security-only update Out-of-band Important: This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the Update on Adobe Flash Player End of Support. Important: Windows Server 2012 has reached the...
CSV Injection
akaunting is vulnerable to CSV Injection. An attacker is able to inject malicious crafted file and execute arbitrary code into the name parameter...
Akaunting CSV Injection Vulnerability
Akaunting is a free, open source online accounting software designed for small businesses and freelancers. A CSV injection vulnerability exists in the project name field of the export function in Akaunting. An attacker can exploit this vulnerability to inject arbitrary code into the name paramete...
OS Command Injection
CSV is vulnerable to OS command injection. The vulnerability allows an attacker to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...
CVE-2020-22390
Akaunting = 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened...
CVE-2020-22390
Akaunting = 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened...
Input validation
Akaunting = 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened...
CVE-2020-22390
CVE-2020-22390 affects Akaunting,
CVE-2020-22390
Akaunting = 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened...
Sign-up Sheets < 1.0.14 - Authenticated CSV Injection
The plugin does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue PoC Go to the Sign-up Sheets-- Add New. Enter the following CSV Injection payload in the field "Title", "Details" and "Task" click on save button. =cmd|' /C...
PT-2021-10759 · Akaunting · Akaunting
Name of the Vulnerable Software and Affected Versions: Akaunting versions 2.0.9 and earlier Description: The issue concerns a CSV injection vulnerability in the Item name field of the export function. Attackers can inject arbitrary code into the name parameter, potentially leading to code executi...
Sign-up Sheets < 1.0.14 - Authenticated CSV Injection
The plugin does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue Go to the Sign-up Sheets-- Add New. Enter the following CSV Injection payload in the field "Title", "Details" and "Task" click on save button. =cmd|' /C...
WordPress Sign-up Sheets plugin <= 1.0.13 - Authenticated CSV Injection vulnerability
Authenticated CSV Injection vulnerability discovered by Ajay Sandipan Thorbole in WordPress Sign-up Sheets plugin versions = 1.0.13. Solution Update the WordPress Sign-up Sheets plugin to the latest available version at least 1.0.14...