5079 matches found
CVE-2021-37131
CVE-2021-37131 is a CSV injection vulnerability affecting Huawei iManager NetEco (and related products) stemming from insufficient input validation of certain parameters, enabling an attacker with high privileges to inject CSV data into the target device through specific operations. Public disclo...
Vulnerability On-Demand Search Reporting & Easy Download options
Vulnerability reporting is different from any other aspect of a Vulnerability Management Program. The methodologies of Discover, Assess, Report and Remediate are critical components that should be included in the respective sections of a Vulnerability Report. Qualys VMDR Vulnerability Management...
Huawei iManager NetEco CSV Injection Vulnerability
Huawei Imanager NetEco is a professional energy infrastructure management platform from Huawei China. Huawei iManager NetEco suffers from a CSV injection vulnerability, which stems from insufficient input validation of certain parameters and can be exploited to inject CSV files into the target...
Delta Electronics DIALink
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIALink Vulnerabilities: Cleartext Transmission of Sensitive Information, Cross-site Scripting, Improper Neutralization of Formula Elements in a CSV File, Cleartext Storage...
BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. PoC Go to Plugin's Settings page, in "Tool" tab, import a CSV file with Betterlinks option. Put a simple XSS payload into "linktitle"...
Security Advisory - CSV Injection Vulnerability in Some Huawei Products
There is a CSV injection vulnerability in some Huawei Products. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files ...
GHSA-H7VQ-5QGW-JWWQ CSV Injection Vulnerability
Impact In some circumstances, it was possible to export data in CSV format that could trigger a payload in old versions of Excel. If you are accepting user input from untrusted sources and will be exporting that data in CSV format from element index pages and there is a chance users will open tha...
CSV Injection Vulnerability
Impact In some circumstances, it was possible to export data in CSV format that could trigger a payload in old versions of Excel. If you are accepting user input from untrusted sources and will be exporting that data in CSV format from element index pages and there is a chance users will open tha...
ImpulsiveDLLHijack - C# Based Tool Which Automates The Process Of Discovering And Exploiting DLL Hijacks In Target Binaries
C based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during RedTeam Operations to evade EDR's. 1. Methodological Approach : The tool basically acts on automating following stages performed for...
SAP Business One CSV注入漏洞
SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One version 10.0 is vulnerable to CSV injection, which can be exploited by attackers to execute arbitrary commands on a victim's computer...
Sql injection
Imagicle Application Suite for Cisco UC before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI...
VMware vRealize Log Insight CSV注入漏洞漏洞
VMware vRealize Log Insight is a centralized log management solution from Vmware, Inc. VMware vRealize Log Insight is vulnerable to a CSV injection vulnerability that allows an authenticated attacker to embed untrusted data through CSV tables...
PT-2021-23599 · Imagicle · Imagicle Application Suite
Name of the Vulnerable Software and Affected Versions: Imagicle Application Suite for Cisco UC versions prior to 2021.Summer.2 Description: The issue allows SQL injection, where a low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI...
CVE-2021-22035
VMware vRealize Log Insight 8.x prior to 8.6 contains a CSVComma Separated Value injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log...
CVE-2021-22035
VMware vRealize Log Insight 8.x prior to 8.6 contains a CSVComma Separated Value injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log...
Design/Logic Flaw
VMware vRealize Log Insight 8.x prior to 8.6 contains a CSVComma Separated Value injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log...
CVE-2021-22035
VMware vRealize Log Insight 8.x prior to 8.6 contains a CSVComma Separated Value injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log...
CVE-2021-22035
CVE-2021-22035 affects VMware vRealize Log Insight (8.x, prior to 8.6). A CSV injection vulnerability exists in the interactive analytics export function, allowing an authenticated user with non-administrative privileges to embed untrusted data in a CSV export, potentially executing in the user’s...
CVE-2021-38180
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel CSV injection due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while...
CVE-2021-38180
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel CSV injection due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while...