Cisco Umbrella CSV Formula Injection Vulnerability

Cisco Umbrella is a cloud security platform that provides a first line of defense against Internet threats. A CSV formula injection vulnerability exists in Cisco Umbrella's "Administrator Audit Log Export" feature. The vulnerability stems from improper neutralization of formula elements in CSV...

CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

Design/Logic Flaw

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

CVE-2020-36308

CVE-2020-36308 affects Redmine prior to 4.0.7 and 4.1.x prior to 4.1.1. The issue lets an attacker discover the subject of a non-visible issue by exporting to CSV and reading time entries, resulting in information disclosure. Concretely, CSV export of time entries can reveal unseen issue subjects...

CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

Redmine 注入漏洞

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . A security vulnerability exists in Redmine versions prior to 4.0.7 and versions prior to 4.1.1.1 in...

PT-2021-4607 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions 4.0.0 through 4.0.6 Redmine versions 4.1.0 through 4.1.0 Description: The issue allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. It is related to insufficien...

The vulnerability of the “Export” function in the web application for phpMyAdmin’s database administration system allows a hacker to execute arbitrary code.

The vulnerability of the “Export” function in the phpMyAdmin web application for database management involves the absence of a mechanism to neutralize elements in the CSV file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by opening a specially crafted CSV file...

WordPress Contact Form 7 Database Addon Plugin (CFDB7) < 1.2.5.8 CSV Injection Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

HackerOne: CSV injection in the credentials export

Summary: Hello team! We have found out that a hacker can inject malicious excel formulas into the credentials details which will be executed when program user exports the credentials details via https://hackerone.com/hackeroneh1pbbp3/credentials - export credentials and opens this CSV using MS...

maltrail

This is a Python script repository for a malicious traffic detection system called Maltrail. The repository contains various files and directories, including configuration files, data storage files, and scripts for data processing and analysis. The script uses a variety of techniques to detect...

Wordpress Contact Form 7 Database Addon plugin input validation error vulnerability

Wordpress Contact Form 7 Database Addon is an open source application plugin for Wordpress. This plugin is used to save Contact Form 7 submissions to your WordPress database. An input validation error vulnerability exists in versions of the Contact Form 7 Database Addon plugin prior to 1.2.5.6,...

CVE-2021-24144

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files...

CVE-2021-24145

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request...

CVE-2021-24144

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files...

CVE-2021-24142

Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections...

CVE-2021-24142

Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections...

CVE-2021-24146

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example...