Lucene search
K

5079 matches found

CVE
CVE
added 2021/10/27 12:29 a.m.57 views

CVE-2021-37131

CVE-2021-37131 is a CSV injection vulnerability affecting Huawei iManager NetEco (and related products) stemming from insufficient input validation of certain parameters, enabling an attacker with high privileges to inject CSV data into the target device through specific operations. Public disclo...

6.8CVSS6.5AI score0.00561EPSS
Exploits0References1Affected Software3
Qualys Blog
Qualys Blog
added 2021/10/25 5:0 a.m.16 views

Vulnerability On-Demand Search Reporting & Easy Download options

Vulnerability reporting is different from any other aspect of a Vulnerability Management Program. The methodologies of Discover, Assess, Report and Remediate are critical components that should be included in the respective sections of a Vulnerability Report. Qualys VMDR Vulnerability Management...

1.3AI score
Exploits0
CNVD
CNVD
added 2021/10/24 12:0 a.m.15 views

Huawei iManager NetEco CSV Injection Vulnerability

Huawei Imanager NetEco is a professional energy infrastructure management platform from Huawei China. Huawei iManager NetEco suffers from a CSV injection vulnerability, which stems from insufficient input validation of certain parameters and can be exploited to inject CSV files into the target...

6CVSS2.8AI score0.00561EPSS
Exploits0
ICS
ICS
added 2021/10/21 12:0 a.m.87 views

Delta Electronics DIALink

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIALink Vulnerabilities: Cleartext Transmission of Sensitive Information, Cross-site Scripting, Improper Neutralization of Formula Elements in a CSV File, Cleartext Storage...

8.8CVSS7AI score0.12337EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2021/10/20 12:0 a.m.19 views

BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. PoC Go to Plugin's Settings page, in "Tool" tab, import a CSV file with Betterlinks option. Put a simple XSS payload into "linktitle"...

5.4CVSS5.2AI score0.00604EPSS
Exploits2Affected Software1
Huawei
Huawei
added 2021/10/20 12:0 a.m.39 views

Security Advisory - CSV Injection Vulnerability in Some Huawei Products

There is a CSV injection vulnerability in some Huawei Products. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files ...

6.8CVSS6.6AI score0.00561EPSS
Exploits0Affected Software3
OSV
OSV
added 2021/10/18 7:4 p.m.16 views

GHSA-H7VQ-5QGW-JWWQ CSV Injection Vulnerability

Impact In some circumstances, it was possible to export data in CSV format that could trigger a payload in old versions of Excel. If you are accepting user input from untrusted sources and will be exporting that data in CSV format from element index pages and there is a chance users will open tha...

8.8CVSS8.5AI score0.01329EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/10/18 7:4 p.m.43 views

CSV Injection Vulnerability

Impact In some circumstances, it was possible to export data in CSV format that could trigger a payload in old versions of Excel. If you are accepting user input from untrusted sources and will be exporting that data in CSV format from element index pages and there is a chance users will open tha...

8.8CVSS0.6AI score0.01329EPSS
Exploits0References6Affected Software1
Kitploit
Kitploit
added 2021/10/18 11:30 a.m.23 views

ImpulsiveDLLHijack - C# Based Tool Which Automates The Process Of Discovering And Exploiting DLL Hijacks In Target Binaries

C based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during RedTeam Operations to evade EDR's. 1. Methodological Approach : The tool basically acts on automating following stages performed for...

7.6AI score
Exploits0References1
CNVD
CNVD
added 2021/10/15 12:0 a.m.25 views

SAP Business One CSV注入漏洞

SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One version 10.0 is vulnerable to CSV injection, which can be exploited by attackers to execute arbitrary commands on a victim's computer...

9.8CVSS5.6AI score0.01987EPSS
Exploits0References1
Prion
Prion
added 2021/10/14 6:15 p.m.18 views

Sql injection

Imagicle Application Suite for Cisco UC before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI...

6.5CVSS8.9AI score0.01017EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2021/10/14 12:0 a.m.23 views

VMware vRealize Log Insight CSV注入漏洞漏洞

VMware vRealize Log Insight is a centralized log management solution from Vmware, Inc. VMware vRealize Log Insight is vulnerable to a CSV injection vulnerability that allows an authenticated attacker to embed untrusted data through CSV tables...

4.3CVSS3AI score0.00553EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/10/14 12:0 a.m.3 views

PT-2021-23599 · Imagicle · Imagicle Application Suite

Name of the Vulnerable Software and Affected Versions: Imagicle Application Suite for Cisco UC versions prior to 2021.Summer.2 Description: The issue allows SQL injection, where a low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI...

9.9CVSS8.8AI score0.01017EPSS
Exploits0References5
NVD
NVD
added 2021/10/13 4:15 p.m.17 views

CVE-2021-22035

VMware vRealize Log Insight 8.x prior to 8.6 contains a CSVComma Separated Value injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log...

4.3CVSS0.00553EPSS
Exploits0References1
OSV
OSV
added 2021/10/13 4:15 p.m.3 views

CVE-2021-22035

VMware vRealize Log Insight 8.x prior to 8.6 contains a CSVComma Separated Value injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log...

4.3CVSS5.8AI score0.00553EPSS
Exploits0References1
Prion
Prion
added 2021/10/13 4:15 p.m.15 views

Design/Logic Flaw

VMware vRealize Log Insight 8.x prior to 8.6 contains a CSVComma Separated Value injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log...

4CVSS4.6AI score0.00553EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2021/10/13 3:50 p.m.18 views

CVE-2021-22035

VMware vRealize Log Insight 8.x prior to 8.6 contains a CSVComma Separated Value injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log...

5AI score0.00553EPSS
Exploits0References1
CVE
CVE
added 2021/10/13 3:50 p.m.64 views

CVE-2021-22035

CVE-2021-22035 affects VMware vRealize Log Insight (8.x, prior to 8.6). A CSV injection vulnerability exists in the interactive analytics export function, allowing an authenticated user with non-administrative privileges to embed untrusted data in a CSV export, potentially executing in the user’s...

4.3CVSS4.5AI score0.00553EPSS
Exploits0References1Affected Software3
NVD
NVD
added 2021/10/12 3:15 p.m.16 views

CVE-2021-38180

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel CSV injection due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while...

9.8CVSS0.01987EPSS
Exploits0References2
OSV
OSV
added 2021/10/12 3:15 p.m.4 views

CVE-2021-38180

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel CSV injection due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while...

9.8CVSS6AI score0.01987EPSS
Exploits0References2
Rows per page
Query Builder