5085 matches found
Design/Logic Flaw
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...
Tiktok-Scraper - TikTok Scraper. Download Video Posts, Collect User/Trend/Hashtag/Music Feed Metadata, Sign URL And Etc
Scrape and download useful information from TikTok. No login or password are required This is not an official API support and etc. This is just a scraper that is using TikTok Web API to scrape media and related meta information. Important notes As of right now it is NOT possible to download video...
CVE-2022-26249
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...
CVE-2022-26249
Survey King v0.3.0 is affected by a CSV/Excel export data-filtering flaw that allows injection of data into exported files, enabling arbitrary code execution or access to sensitive information. The issue arises from improper data filtering during Excel export (CSV injection vector), as described ...
Survey King 安全漏洞
Survey King is one of the most powerful, beautiful and easy-to-install open source survey questionnaire systems from the individual developers of Survey King in China. A security vulnerability exists in Survey King version v0.3.0, which stems from the application not properly filtering data when...
WordPress Export All URLs plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of the WordPress Export All URLs plugin prior to 4.2, which stems from the plugin's failu...
Ninja Forms < 3.6.8 - Unauthenticated Email Address Disclosure
The plugin does not delete the temporary files created when exporting submissions, which could allow unauthenticated attackers to download them and get sensitive information such as the email address of users who submitted a form given that the file is publicly accessible, and with a guessable na...
Oh365UserFinder - Python3 O365 User Enumeration Tool
Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the "IfExistsResult" flag is null or not, and responds appropriately if the user is valid. The tool will attempt to identify false positives based on...
Ghostbuster - Eliminate Dangling Elastic IPs By Performing Analysis On Your Resources Within All Your AWS Accounts
Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts. Ghostbuster obtains all the DNS records present in all of your AWS accounts Route53, and can optionally take in records via CSV input, or via Cloudflare. After these records are collected,...
GHSA-F8XQ-Q7PX-WG8C Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
Impact The gradio library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these...
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
Impact The gradio library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these...
CVE-2022-24770
gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...
Input validation
gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...
PYSEC-2022-229
gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...
PYSEC-2022-229
gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...
CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...
CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...
CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...
CVE-2022-24770
The CVE-2022-24770 issue affects the Gradio library prior to version 2.8.11, in the flagging CSV export feature. The root cause is Improper Neutralization of Formula Elements in a CSV File, allowing arbitrary text (e.g., commands) to be saved into CSV outputs that may be opened by spreadsheet pro...
Moodle 3.8.x < 3.8.9, 3.9.x < 3.9.7, 3.10.x < 3.10.4 Multiple Vulnerabilities (MSA-21-0012, MSA-21-0018)
Moodle is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...