CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

Command injection

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

铁威马 TerraMaster TOS 操作系统命令注入漏洞

TerraMaster TOS is a Linux-based operating system developed for TerraMaster Cloud Storage NAS servers. A remote code execution vulnerability exists in TerraMaster TOS 4.2.06 and earlier versions. An attacker can exploit this vulnerability to execute commands without authentication via shell...

CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. Recent assessments: h00die-gr3y at June 05, 2023 9:49am UTC reported: Last two weeks, I spent some time on a...

CVE-2020-35665

Summary: CVE-2020-35665 affects TerraMaster TOS 4.2.06 and earlier. An unauthenticated remote code execution is possible via shell metacharacters in the Event parameter processed during CSV creation in include/makecvs.php. The vulnerability allows an attacker to execute commands on the system wit...

CVE-2019-16959

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket...

Design/Logic Flaw

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket...

CVE-2019-16959

SolarWinds Web Help Desk 12.7.0 is affected by a CSV Injection (Formula Injection) vulnerability via a file attached to a ticket. The issue is described consistently across sources (CVE-2019-16959, Red Hat CVE page, NVD record). The exact root cause is not elaborated beyond the CSV/Formula Inject...

CVE-2019-16959

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket...

Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS

Exploit Title: Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS Date: 08/01/2020 Exploit Author: Marco Nappi Vendor Homepage: https://www.flexmonster.com/ Version:Flexmonster Pivot Table & Charts 2.7.17 Tested on:Flexmonster Pivot Table & Charts 2.7.17 CVE : CVE-2020-20142...

CVE-2020-20142

Cross Site Scripting XSS vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17...

CVE-2020-20142

Cross Site Scripting XSS vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17...

Cross site scripting

Cross Site Scripting XSS vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17...

CVE-2020-20142

Cross Site Scripting XSS vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17...

CVE-2020-20142

The provided connected sources confirm CVE-2020-20142 affects Flexmonster Pivot Table & Charts 2.7.17, specifically the "+To Remote CSV" component under the Open menu. The root cause is a reflected XSS due to insufficient input sanitization of the 'path' parameter when fetching file specification...

Flexmonster Pivot Table And Charts 2.7.17 Cross Site Scripting

Exploit Title: CVE-2020-20140 : Cross Site Scripting XSS vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17 Date: 08/01/2020 Exploit Author: Marco Nappi Vendor Homepage: n/a Software Link: n/a Version:Flexmonster Pivot Table & Charts 2.7.17...

Security Bulletin: A security vulnerability in Node.js csv-parse module affects IBM Cloud Pak for Multicloud Management Infrastructure Management.

Summary A security vulnerability in Node.js csv-parse module affects IBM Cloud Pak for Multicloud Management Infrastructure Management. Vulnerability Details CVEID: CVE-2019-17592 DESCRIPTION: Node.js csv-parse module is vulnerable to a denial of service, caused by a malformed regular expression...

CVE-2020-29304

A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...