WordPress Modern Events Calendar 5.16.2 Information Disclosure

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.z...

Wordpress Modern Events Calendar 5.16.2 Plugin - Event export (Unauthenticated) Exploit

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.zip Version: Befo...

Wordpress Plugin Modern Events Calendar 5.16.2 - Event export (Unauthenticated)

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.z...

phpList < 3.6.3 CSV Injection Vulnerability

phpList is prone to a CSV injection vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phplist:phplist"; if descripti...

July 7, 2021—KB5004960 (Security-only update) Out-of-band

July 7, 2021—KB5004960 Security-only update Out-of-band Important: This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the Update on Adobe Flash Player End of Support. Important: Windows Server 2012 has reached the...

July 6, 2021—KB5004954 (Monthly Rollup) Out-of-band

July 6, 2021—KB5004954 Monthly Rollup Out-of-band Important: This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the Update on Adobe Flash Player End of Support. Important: Windows 8.1 and Windows Server 2012 R2 ha...

July 7, 2021—KB5004956 (Monthly Rollup) Out-of-band

July 7, 2021—KB5004956 Monthly Rollup Out-of-band Important: This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the Update on Adobe Flash Player End of Support. Important: Windows Server 2012 has reached the end o...

CSV Injection

akaunting is vulnerable to CSV Injection. An attacker is able to inject malicious crafted file and execute arbitrary code into the name parameter...

Akaunting CSV Injection Vulnerability

Akaunting is a free, open source online accounting software designed for small businesses and freelancers. A CSV injection vulnerability exists in the project name field of the export function in Akaunting. An attacker can exploit this vulnerability to inject arbitrary code into the name paramete...

OS Command Injection

CSV is vulnerable to OS command injection. The vulnerability allows an attacker to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...

CVE-2020-22390

Akaunting = 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened...

CVE-2020-22390

Akaunting = 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened...

Input validation

Akaunting = 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened...

CVE-2020-22390

Akaunting = 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened...

CVE-2020-22390

CVE-2020-22390 affects Akaunting,

Sign-up Sheets < 1.0.14 - Authenticated CSV Injection

The plugin does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue PoC Go to the Sign-up Sheets-- Add New. Enter the following CSV Injection payload in the field "Title", "Details" and "Task" click on save button. =cmd|' /C...

PT-2021-10759 · Akaunting · Akaunting

Name of the Vulnerable Software and Affected Versions: Akaunting versions 2.0.9 and earlier Description: The issue concerns a CSV injection vulnerability in the Item name field of the export function. Attackers can inject arbitrary code into the name parameter, potentially leading to code executi...

WordPress Sign-up Sheets plugin <= 1.0.13 - Authenticated CSV Injection vulnerability

Authenticated CSV Injection vulnerability discovered by Ajay Sandipan Thorbole in WordPress Sign-up Sheets plugin versions = 1.0.13. Solution Update the WordPress Sign-up Sheets plugin to the latest available version at least 1.0.14...

Sign-up Sheets < 1.0.14 - Authenticated CSV Injection

The plugin does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue Go to the Sign-up Sheets-- Add New. Enter the following CSV Injection payload in the field "Title", "Details" and "Task" click on save button. =cmd|' /C...

JVN#79254445: Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting

Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 June 15, an attack exploting this vulnerability has been observed in the wild. Impact...