Lucene search
K

5085 matches found

Prion
Prion
added 2022/03/24 10:15 p.m.16 views

Design/Logic Flaw

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...

7.5CVSS9.5AI score0.01761EPSS
Exploits1References1Affected Software1
Kitploit
Kitploit
added 2022/03/24 10:4 p.m.36 views

Tiktok-Scraper - TikTok Scraper. Download Video Posts, Collect User/Trend/Hashtag/Music Feed Metadata, Sign URL And Etc

Scrape and download useful information from TikTok. No login or password are required This is not an official API support and etc. This is just a scraper that is using TikTok Web API to scrape media and related meta information. Important notes As of right now it is NOT possible to download video...

7.2AI score
Exploits0References5
Cvelist
Cvelist
added 2022/03/24 9:12 p.m.27 views

CVE-2022-26249

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...

9.8AI score0.01761EPSS
Exploits1References1
CVE
CVE
added 2022/03/24 9:12 p.m.83 views

CVE-2022-26249

Survey King v0.3.0 is affected by a CSV/Excel export data-filtering flaw that allows injection of data into exported files, enabling arbitrary code execution or access to sensitive information. The issue arises from improper data filtering during Excel export (CSV injection vector), as described ...

9.8CVSS9.5AI score0.01761EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/03/24 12:0 a.m.5 views

Survey King 安全漏洞

Survey King is one of the most powerful, beautiful and easy-to-install open source survey questionnaire systems from the individual developers of Survey King in China. A security vulnerability exists in Survey King version v0.3.0, which stems from the application not properly filtering data when...

9.8CVSS8.6AI score0.01761EPSS
Exploits1References2
CNVD
CNVD
added 2022/03/24 12:0 a.m.17 views

WordPress Export All URLs plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of the WordPress Export All URLs plugin prior to 4.2, which stems from the plugin's failu...

6.1CVSS1.2AI score0.00788EPSS
Exploits1References1
wpexploit
wpexploit
added 2022/03/22 12:0 a.m.138 views

Ninja Forms < 3.6.8 - Unauthenticated Email Address Disclosure

The plugin does not delete the temporary files created when exporting submissions, which could allow unauthenticated attackers to download them and get sensitive information such as the email address of users who submitted a form given that the file is publicly accessible, and with a guessable na...

7AI score
Exploits0
Kitploit
Kitploit
added 2022/03/21 11:30 a.m.16 views

Oh365UserFinder - Python3 O365 User Enumeration Tool

Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the "IfExistsResult" flag is null or not, and responds appropriately if the user is valid. The tool will attempt to identify false positives based on...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2022/03/19 11:30 a.m.72 views

Ghostbuster - Eliminate Dangling Elastic IPs By Performing Analysis On Your Resources Within All Your AWS Accounts

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts. Ghostbuster obtains all the DNS records present in all of your AWS accounts Route53, and can optionally take in records via CSV input, or via Cloudflare. After these records are collected,...

6.6AI score
Exploits0References4
OSV
OSV
added 2022/03/18 11:11 p.m.28 views

GHSA-F8XQ-Q7PX-WG8C Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging

Impact The gradio library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these...

8.8CVSS8.8AI score0.01248EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/03/18 11:11 p.m.51 views

Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging

Impact The gradio library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these...

8.8CVSS1.6AI score0.01248EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2022/03/17 9:15 p.m.43 views

CVE-2022-24770

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

8.8CVSS0.01248EPSS
Exploits0References3
Prion
Prion
added 2022/03/17 9:15 p.m.16 views

Input validation

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

6.8CVSS8.8AI score0.01248EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2022/03/17 9:15 p.m.6 views

PYSEC-2022-229

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

8.8CVSS7.2AI score0.01248EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/03/17 9:15 p.m.39 views

PYSEC-2022-229

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

8.8CVSS2.2AI score0.01248EPSS
Exploits0References3
OSV
OSV
added 2022/03/17 8:30 p.m.31 views

CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

8.8CVSS8.7AI score0.01248EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/03/17 8:30 p.m.39 views

CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

8.8CVSS9AI score0.01248EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/03/17 8:30 p.m.8 views

CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

8.8CVSS8.8AI score0.01248EPSS
Exploits0References3
CVE
CVE
added 2022/03/17 8:30 p.m.116 views

CVE-2022-24770

The CVE-2022-24770 issue affects the Gradio library prior to version 2.8.11, in the flagging CSV export feature. The root cause is Improper Neutralization of Formula Elements in a CSV File, allowing arbitrary text (e.g., commands) to be saved into CSV outputs that may be opened by spreadsheet pro...

8.8CVSS8.8AI score0.01248EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2022/03/15 12:0 a.m.16 views

Moodle 3.8.x < 3.8.9, 3.9.x < 3.9.7, 3.10.x < 3.10.4 Multiple Vulnerabilities (MSA-21-0012, MSA-21-0018)

Moodle is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1CVSS5.6AI score0.01157EPSS
Exploits0References2
Rows per page
Query Builder