5078 matches found
dnsrecon 0.10.0 - CSV Injection Vulnerability
Exploit Title: dnsrecon 0.10.0 - CSV Injection Author: Dolev Farhi Vendor Homepage: https://github.com/darkoperator/dnsrecon/ Version : 0.10.0 Tested on: ParrotOS 4.10 dnsrecon, when scanning a TXT record such as SPF, i.e.: spf.domain.com, outputs a CSV report -c out.csv with entries such as...
dirsearch 0.4.1 - CSV Injection Vulnerability
Exploit Title: dirsearch 0.4.1 - CSV Injection Author: Dolev Farhi Vendor Homepage: https://github.com/maurosoria/dirsearch Version : 0.4.1 Tested on: Debian 9.13 dirsearch, when used with the --csv-report flag, writes the results of crawled endpoints which redirect, to a csv file without...
dirsearch 0.4.1 - CSV Injection
Exploit Title: dirsearch 0.4.1 - CSV Injection Author: Dolev Farhi Date: 2021-01-05 Vendor Homepage: https://github.com/maurosoria/dirsearch Version : 0.4.1 Tested on: Debian 9.13 dirsearch, when used with the --csv-report flag, writes the results of crawled endpoints which redirect, to a csv fil...
dirsearch 0.4.1 CSV Injection
Exploit Title: dirsearch 0.4.1 - CSV Injection Author: Dolev Farhi Date: 2021-01-05 Vendor Homepage: https://github.com/maurosoria/dirsearch Version : 0.4.1 Tested on: Debian 9.13 dirsearch, when used with the --csv-report flag, writes the results of crawled endpoints which redirect, to a csv fil...
agnes (>=0.3.0 <=0.3.2), automl (>=0.2.6 <=0.2.7) +1 more potentially affected by CVE-2021-45686 via csv-sniffer (=0.1.1)
csv-sniffer CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on csv-sniffer and may be impacted: - agnes =0.3.0, =0.2.6, =0.1.7, =0.1.8 Source cves: CVE-2021-45686 Source advisory: OSV:RUSTSEC-2021-0088...
CVE-2019-16960
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field...
CVE-2019-16960
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field...
Design/Logic Flaw
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field...
CVE-2019-16960
SolarWinds Web Help Desk 12.7.0 is affected by a cross-site scripting (XSS) vulnerability that can be triggered via a crafted CSV template file, using a manipulated Location Name field. The connected Red Hat and CNVD entries corroborate the vulnerability description and refer to the same CVE-2019...
CVE-2019-16960
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field...
Knockpy 4.1.1 CSV Injection
Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...
Solarwinds WebHelpDesk 跨站脚本漏洞
SolarWinds Web Help Desk is a web-based help desk work order and IT asset management software. A cross-site scripting vulnerability exists in SolarWinds Web Help Desk 12.7.0. The vulnerability can be exploited to conduct a cross-site scripting attack via a CSV template file with a specially craft...
Knockpy 4.1.1 - CSV Injection
Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...
Knockpy 4.1.1 - CSV Injection Exploit
Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch details such as headers...
CVE-2020-9200
There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...
CVE-2020-9200
There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...
Input validation
There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...
CVE-2020-9200
There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...
CVE-2020-9200
The CVE-2020-9200 issue affects Huawei iManager NetEco 6000 (V600R021C00). The root cause is insufficient input validation during CSV-related operations, enabling a CSV injection vulnerability in the target device. Exploitation is characterized as a local attack with low privileges and no user in...
TerraMaster TOS Remote Code Execution Vulnerability
TerraMaster TOS is a Linux-based operating system developed for TerraMaster Cloud Storage NAS servers. A remote code execution vulnerability exists in TerraMaster TOS 4.2.06 and earlier versions. An attacker can exploit this vulnerability to execute commands without authentication via shell...