Lucene search
K

5079 matches found

CVE
CVE
added 2021/09/30 3:18 p.m.59 views

CVE-2021-24016

Fortinet FortiManager vulnerability CVE-2021-24016: An improper neutralization of formula elements in policy-name CSV/Excel fields can lead to arbitrary shell commands when a crafted IPv4 field is included and the exported configuration file is opened unsafely. Affected are FortiManager 6.4.3 and...

9.3CVSS6.7AI score0.00488EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/09/30 12:15 a.m.12 views

CVE-2021-41824

Craft CMS before 3.7.14 allows CSV injection...

8.8CVSS0.01329EPSS
Exploits0References3
OSV
OSV
added 2021/09/30 12:15 a.m.13 views

CVE-2021-41824

Craft CMS before 3.7.14 allows CSV injection...

8.8CVSS7.2AI score
Exploits0References3
Prion
Prion
added 2021/09/30 12:15 a.m.23 views

Design/Logic Flaw

Craft CMS before 3.7.14 allows CSV injection...

6.8CVSS8.9AI score0.01329EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/09/29 11:19 p.m.20 views

CVE-2021-41824

Craft CMS before 3.7.14 allows CSV injection...

9.2AI score0.01329EPSS
Exploits0References3
CVE
CVE
added 2021/09/29 11:19 p.m.74 views

CVE-2021-41824

Craft CMS before version 3.7.14 is vulnerable to CSV injection via export functionality. The root cause is lack of input sanitization/escaping when exporting data to CSV, allowing crafted input to trigger payloads in CSV readers (e.g., Excel). Affected software is Craft CMS (core) with CSV export...

8.8CVSS8.8AI score0.01329EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2021/09/29 2:15 p.m.17 views

CVE-2021-25960

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...

8CVSS0.01156EPSS
Exploits0References3
OSV
OSV
added 2021/09/29 2:15 p.m.22 views

CVE-2021-25960

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...

8CVSS6.6AI score0.01156EPSS
Exploits0References3
Prion
Prion
added 2021/09/29 2:15 p.m.15 views

Input validation

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...

6CVSS7.5AI score0.01156EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/09/29 1:55 p.m.26 views

CVE-2021-25960 SuiteCRM - CSV Injection in Accounts Module

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...

8CVSS7.8AI score0.01156EPSS
Exploits0References3
CVE
CVE
added 2021/09/29 1:55 p.m.54 views

CVE-2021-25960

CVE-2021-25960 applies to SuiteCRM versions 7.10.29–7.10.31 and 7.11.18–7.11.19, which are affected by a CSV Injection (Formula Injection) in the accounts module. A low-privilege user can inject payloads into input fields; when an administrator exports data to CSV via the accounts module and open...

8CVSS7.5AI score0.01156EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/09/29 12:0 a.m.3 views

SuiteCRM 注入漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team. SuiteCRM has an injection vulnerability that stems from SuiteCRM being affected by a CSV injection vulnerability formula injection. A low-privileged attacker could use the Account module to inject a payload int...

8CVSS7.4AI score0.01156EPSS
Exploits0References3
OSV
OSV
added 2021/09/17 9:15 p.m.3 views

CVE-2021-41390

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...

8CVSS7.3AI score0.01074EPSS
Exploits1References1
NVD
NVD
added 2021/09/17 9:15 p.m.24 views

CVE-2021-41390

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...

8CVSS0.01074EPSS
Exploits1References1
Prion
Prion
added 2021/09/17 9:15 p.m.15 views

Input validation

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...

6CVSS7.7AI score0.01074EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/09/17 8:55 p.m.27 views

CVE-2021-41390

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...

8AI score0.01074EPSS
Exploits1References1
CVE
CVE
added 2021/09/17 8:55 p.m.59 views

CVE-2021-41390

Ericsson ECM prior to 18.0 contains a CSV injection vulnerability in the Security Provider Endpoint of the User Profile Management section (CVE-2021-41390). The issue is documented across multiple sources (NVD, Red Hat advisory, CVE list, CNNVD). The provided materials consistently describe the a...

8CVSS7.7AI score0.01074EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/17 12:0 a.m.7 views

The vulnerability of the export report function implementation in Centreon software for IT infrastructure monitoring allows a hacker to execute arbitrary SQL commands.

The vulnerability of the software’s reporting export function for IT infrastructure monitoring in Centreon relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using the script...

8.5CVSS8.1AI score0.29424EPSS
Exploits1References4Affected Software1
ThreatPost
ThreatPost
added 2021/09/13 6:8 p.m.33 views

WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing

A security vulnerability in the WooCommerce Multi Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular eCommerce plugin for WordPress-powered websites; the Multi Currency plugin from Envato meanwhile allows e-tailers using...

7.3AI score
Exploits0References8
Kitploit
Kitploit
added 2021/09/12 11:30 a.m.56 views

ODBParser - OSINT Tool To Search, Parse And Dump Only The Open Elasticsearch And MongoDB Directories That Have The Data You Care About Exposing

ODBParser is a tool to search for PII being exposed in open databases. ONLY to be used to identify exposed PII and warn server owners of irresponsible database maintenance OR to query databases you have permission to access! PLEASE USE RESPONSIBLY What is this? Wrote this as wanted to create...

7.2AI score
Exploits0References1
Rows per page
Query Builder