5087 matches found
CVE-2022-29315
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...
Invicti Acunetix 安全漏洞
Invicti Acunetix is an application security testing tool from Invicti Corporation, USA. designed to help small and medium-sized organizations around the world take control of their network security. Invicti Acunetix has a security vulnerability that allows CSV injection by adding a description...
CVE-2021-23286
Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...
Design/Logic Flaw
Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...
CVE-2021-23286
CVE-2021-23286 affects Eaton’s IPM Infrastructure (IPM Infrastructure), across all versions up to 1.5.0plus205. The connected ICS/IR sources confirm a vulnerability in CSV formula handling (CSV Formula Injection) due to improper sanitization of imported CSV files. Exploitation requires access to ...
CVE-2021-23286 Security issues in Eaton Intelligent Power Manager Infrastructure
Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...
CVE-2022-26784
CVE-2022-26784 describes a Denial of Service vulnerability in Windows Cluster Shared Volumes (CSV). The provided documents identify CSV as the affected component and cite a vulnerability with a MEDIUM base severity (CVSS 3.1 base score 6.5) and a network-based, low-effort exploit scenario, with n...
CVE-2022-24538
Technical details about CVE-2022-24538 are not publicly provided in the supplied documents. No affected products, vectors, or fixes are confirmed here. Monitor for official updates.
CVE-2022-24484
CVE-2022-24484 is a Windows CSV Denial of Service vulnerability. The CVE entry records a LOW/MEDIUM combined severity (CVSS2/3) with LOCAL access and no authentication required, and a HIGH availability impact. Related connected updates (KB5012596/KB5012599/KB5012596 family) describe fixes that ad...
MantisBT CSV Injection unprivileged user access in csv_export.php
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...
GHSA-RG8F-5P7X-M6WV MantisBT CSV Injection unprivileged user access in csv_export.php
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...
WordPress Visual Form Builder plugin access control error vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Visual Form Builder plugin versions prior...
WordPress Visual Form Builder plugin CSV注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. versions prior to WordPress Visual Form Builder...
CVE-2021-43257
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...
CVE-2021-43257
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...
Code injection
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...
CVE-2021-43257
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...
CVE-2021-43257
CVE-2021-43257 refers to a vulnerability in MantisBT’s CSV export API. Before 2.25.3, lack of neutralization of formula elements in csv_export.php enables an unprivileged attacker to execute code or access information when a user opens the generated CSV in Excel. Affected product: MantisBT (web-b...
The vulnerability of Puppet’s infrastructure automation tool lies in the absence of a mechanism to neutralize elements in CSV files. This allows attackers to access confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the Puppet infrastructure automation tool relates to the absence of a mechanism for neutralizing elements in the CSV file. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...
CVE-2022-0142
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...