Lucene search
K

5087 matches found

Cvelist
Cvelist
added 2022/04/19 2:57 p.m.27 views

CVE-2022-29315

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...

9.1AI score0.01393EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.4 views

Invicti Acunetix 安全漏洞

Invicti Acunetix is an application security testing tool from Invicti Corporation, USA. designed to help small and medium-sized organizations around the world take control of their network security. Invicti Acunetix has a security vulnerability that allows CSV injection by adding a description...

9.3CVSS8AI score0.01393EPSS
Exploits1References2
NVD
NVD
added 2022/04/18 5:15 p.m.24 views

CVE-2021-23286

Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...

8CVSS0.00402EPSS
Exploits0References2
Prion
Prion
added 2022/04/18 5:15 p.m.13 views

Design/Logic Flaw

Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...

7.9CVSS7.8AI score0.00402EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/04/18 4:20 p.m.87 views

CVE-2021-23286

CVE-2021-23286 affects Eaton’s IPM Infrastructure (IPM Infrastructure), across all versions up to 1.5.0plus205. The connected ICS/IR sources confirm a vulnerability in CSV formula handling (CSV Formula Injection) due to improper sanitization of imported CSV files. Exploitation requires access to ...

8CVSS6.5AI score0.00402EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/18 4:20 p.m.26 views

CVE-2021-23286 Security issues in Eaton Intelligent Power Manager Infrastructure

Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...

5.7CVSS8AI score0.00402EPSS
Exploits0References2
CVE
CVE
added 2022/04/15 7:4 p.m.123 views

CVE-2022-26784

CVE-2022-26784 describes a Denial of Service vulnerability in Windows Cluster Shared Volumes (CSV). The provided documents identify CSV as the affected component and cite a vulnerability with a MEDIUM base severity (CVSS 3.1 base score 6.5) and a network-based, low-effort exploit scenario, with n...

6.5CVSS7.8AI score0.02223EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2022/04/15 7:3 p.m.188 views

CVE-2022-24538

Technical details about CVE-2022-24538 are not publicly provided in the supplied documents. No affected products, vectors, or fixes are confirmed here. Monitor for official updates.

6.5CVSS7.8AI score0.02223EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2022/04/15 7:3 p.m.129 views

CVE-2022-24484

CVE-2022-24484 is a Windows CSV Denial of Service vulnerability. The CVE entry records a LOW/MEDIUM combined severity (CVSS2/3) with LOCAL access and no authentication required, and a HIGH availability impact. Related connected updates (KB5012596/KB5012599/KB5012596 family) describe fixes that ad...

5.5CVSS7.2AI score0.00593EPSS
Exploits0References1Affected Software4
Github Security Blog
Github Security Blog
added 2022/04/15 12:0 a.m.10 views

MantisBT CSV Injection unprivileged user access in csv_export.php

Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...

7.8CVSS7AI score0.00921EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/04/15 12:0 a.m.5 views

GHSA-RG8F-5P7X-M6WV MantisBT CSV Injection unprivileged user access in csv_export.php

Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...

7.8CVSS7.9AI score0.00921EPSS
Exploits1References5
CNVD
CNVD
added 2022/04/15 12:0 a.m.16 views

WordPress Visual Form Builder plugin access control error vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Visual Form Builder plugin versions prior...

5.3CVSS2AI score0.0384EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.15 views

WordPress Visual Form Builder plugin CSV注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. versions prior to WordPress Visual Form Builder...

9.8CVSS3.9AI score0.0269EPSS
Exploits1References1
NVD
NVD
added 2022/04/14 8:15 p.m.12 views

CVE-2021-43257

Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...

7.8CVSS0.00921EPSS
Exploits1References2
OSV
OSV
added 2022/04/14 8:15 p.m.9 views

CVE-2021-43257

Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...

7.8CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2022/04/14 8:15 p.m.15 views

Code injection

Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...

6CVSS7.7AI score0.00921EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/04/14 7:25 p.m.19 views

CVE-2021-43257

Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...

7.9AI score0.00921EPSS
Exploits1References2
CVE
CVE
added 2022/04/14 7:25 p.m.66 views

CVE-2021-43257

CVE-2021-43257 refers to a vulnerability in MantisBT’s CSV export API. Before 2.25.3, lack of neutralization of formula elements in csv_export.php enables an unprivileged attacker to execute code or access information when a user opens the generated CSV in Excel. Affected product: MantisBT (web-b...

7.8CVSS7.7AI score0.00921EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/14 12:0 a.m.5 views

The vulnerability of Puppet’s infrastructure automation tool lies in the absence of a mechanism to neutralize elements in CSV files. This allows attackers to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Puppet infrastructure automation tool relates to the absence of a mechanism for neutralizing elements in the CSV file. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...

9.3CVSS7.6AI score0.01066EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2022/04/12 12:15 p.m.21 views

CVE-2022-0142

The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

9.8CVSS0.0269EPSS
Exploits1References2
Rows per page
Query Builder