Security Bulletin: IBM Maximo Asset Management is vulnerable to CSV Injection (CVE-2021-20509)

Summary IBM Maximo Asset Management is vulnerable to CSV Injection. Vulnerability Details CVEID: CVE-2021-20509 DESCRIPTION: IBM Maximo Asset Management is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of c...

WordPress TablePress 1.14 Plugin- CSV Injection Vulnerability

Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection Exploit Author: Nikhil Kapoor Vendor Homepage: Software Link: https://wordpress.org/plugins/tablepress/ Version: 1.14 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1. Install WordPress 5.8.0 2...

WordPress TablePress 1.14 CSV Injection

Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection Date: 07/09/2021 Exploit Author: Nikhil Kapoor Vendor Homepage: Software Link: https://wordpress.org/plugins/tablepress/ Version: 1.14 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1. Install...

WordPress Plugin TablePress 1.14 - CSV Injection

Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection Date: 07/09/2021 Exploit Author: Nikhil Kapoor Vendor Homepage: Software Link: https://wordpress.org/plugins/tablepress/ Version: 1.14 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1. Install...

ROS-2-1246

2.1246 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

FortiManager - Excel formula injection in P&O IPv4 Policy names Vulnerability

An improper neutralization of formula elements vulnerability CWE 1236 in FortiManager may allow a local authenticated privileged attacker to execute arbitrary shell code on the end-user's host via inserting CSV formula in the policy names. This is achieved once the user downloads and opens the...

Improper Input Validation

Overview html-to-csv is an utility that extracts tables from HTML documents and converts them to CSV format Affected versions of this package are vulnerable to Improper Input Validation. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be...

csv-extractor (=1.0.0), mi-lib (>=0.0.10 <=0.0.16) +1 more potentially affected by CVE-2021-39176 via detect-character-encoding (=0.2.1)

detect-character-encoding NPM version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on detect-character-encoding and may be impacted: - csv-extractor =1.0.0 - mi-lib =0.0.10, =0.3.0, =0.3.1 Source cves: CVE-2021-39176 Source advisory:...

CVE-2021-27020

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export...

CVE-2021-27020

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export...

Input validation

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export...

CVE-2021-27020

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export...

CVE-2021-27020

CVE-2021-27020 affects Puppet Enterprise prior to 2019.8.6, where unsanitized user input during CSV export leads to a security risk. Root cause: input not sanitized in CSV export path. Impact: data exposure/compromise as described; no explicit exploitation details provided in the documents. Mitig...

CVE-2021-27020

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export...

Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

Impact Data Object CSV import allows formular injection. Patches Problem is patched in 10.1.1 Workarounds Apply https://github.com/pimcore/pimcore/pull/9992.patch References https://cwe.mitre.org/data/definitions/1236.html...

GHSA-PP2H-95HM-HV9R Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

Impact Data Object CSV import allows formular injection. Patches Problem is patched in 10.1.1 Workarounds Apply https://github.com/pimcore/pimcore/pull/9992.patch References https://cwe.mitre.org/data/definitions/1236.html...

CVE-2021-32263

ok-file-formats through 2021-04-29 has a heap-based buffer overflow in the okcsvcircularbufferread function in okcsv.c...

Pimcore Formula Injection Vulnerability

Pimcore is a set of open source Web content management platform for creating and managing Web applications from Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications.Pimcore versions prior to 10.1.1 have a...

CVE-2021-37702

Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround...

CVE-2021-37702

Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround...