Security Bulletin: Multiple vulnerabilities affect the IBM Elastic Storage Server GUI

Summary Vulnerabilities exist in all levels of IBM Elastic Storage Server GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2021-29666 DESCRIPTION: IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This...

Security Bulletin: Multiple vulnerabilities affect the IBM Elastic Storage System GUI

Summary Vulnerabilities exist in all levels of IBM Elastic Storage System GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2021-29667 DESCRIPTION: IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remot...

ManageEngine ADSelfService Plus 6.1 - CSV Injection Exploit

Exploit Title: ManageEngine ADSelfService Plus 6.1 - CSV Injection Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Version: 6.1 Description:...

ManageEngine ADSelfService Plus 6.1 CSV Injection

Exploit Title: ManageEngine ADSelfService Plus 6.1 - CSV Injection Date: 19/05/2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Version: 6.1 Description:...

ManageEngine ADSelfService Plus 6.1 - CSV Injection

Exploit Title: ManageEngine ADSelfService Plus 6.1 - CSV Injection Date: 19/05/2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Version: 6.1 Description:...

Information Disclosure

Redmine is vulnerable to information disclosure. The vulnerability exists due to the system exporting non-visible issues and time entries in CSV...

May 11, 2021—KB5003209 (Monthly Rollup)

May 11, 2021—KB5003209 Monthly Rollup Important: Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operating system...

May 11, 2021—KB5003203 (Security-only update)

May 11, 2021—KB5003203 Security-only update Important: Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases known as "C" or "D" releases for this operating system. Operating systems in extend...

May 11, 2021—KB5003225 (Security-only update)

May 11, 2021—KB5003225 Security-only update Important: Verify that you have installed the required updates listed in the How to get this update section before installing this update. WSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of devices...

May 11, 2021—KB5003228 (Security-only update)

May 11, 2021—KB5003228 Security-only update Important: Verify that you have installed the required updates listed in the How to get this update section before installing this update. For information about the various types of Windows updates, such as critical, security, driver, service packs, and...

WordPress College publisher Import plugin file upload vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.College publisher Import is a plugin for WordPress. A file upload vulnerability exists in WordPress College publisher...

Cross site request forgery (csrf)

The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack...

WordPress plugin College publisher Import 代码问题漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.College publisher Import is a plugin for WordPress. A file upload vulnerability exists in WordPress College publisher...

M365_Groups_Enum - Enumerate Microsoft 365 Groups In A Tenant With Their Metadata

The allgroups.py script allows to enumerate all Microsoft 365 Groups in a Azure AD tenant with their metadata: name visibility: public or private description email address owners members Teams enabled? SharePoint URL e.g. for Teams shared files All of this, even for private Groups! Read more abou...

CVE-2021-29667

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403...

Input validation

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403...

CVE-2021-29667

According to IBM and NVD sources, CVE-2021-29667 affects IBM Spectrum Scale 5.0.0–5.0.5.6 and 5.1.0–5.1.0.2, with a CSV Injection vulnerability caused by improper validation of CSV contents that could let an attacker remotely execute arbitrary commands on a vulnerable system. The combined documen...

CVE-2021-29667

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403...

Kimai 1.14 CSV Injection

Exploit Title: Kimai 1.14 - CSV Injection Date: 26/04/2021 Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.kimai.org/ Software Link: https://github.com/kevinpapst/kimai2 Version: 1.14 Payload: @SUM1+9cmd|' /C calc'!A0 Tested on: Win10x64 Proof Of Concept: CSV Injection aka Excel...

Kimai 1.14 - CSV Injection Vulnerability

Exploit Title: Kimai 1.14 - CSV Injection Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.kimai.org/ Software Link: https://github.com/kevinpapst/kimai2 Version: 1.14 Payload: @SUM1+9cmd|' /C calc'!A0 Tested on: Win10x64 Proof Of Concept: CSV Injection aka Excel Macro Injection or...