Lucene search
K

5084 matches found

CVE
CVE
added 2020/10/28 7:35 p.m.47 views

CVE-2020-24707

Gophish (before 0.11.0) is affected by a CSV injection vulnerability: it allows creation of CSV sheets containing malicious content. The issue is documented across multiple sources, with remediation to upgrade to v0.11.0 (see references to v0.11.0 release).

9.3CVSS7.6AI score0.01313EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/10/28 7:35 p.m.20 views

CVE-2020-24707

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content...

7.7AI score0.01313EPSS
Exploits1References3
OSV
OSV
added 2020/10/16 5:15 p.m.11 views

CVE-2020-15255

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...

7.3CVSS6.6AI score
Exploits0References4
NVD
NVD
added 2020/10/16 5:15 p.m.17 views

CVE-2020-15255

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...

8.7CVSS0.03462EPSS
Exploits3References4
Prion
Prion
added 2020/10/16 5:15 p.m.17 views

Input validation

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...

6CVSS6.9AI score0.03462EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2020/10/16 4:20 p.m.62 views

CVE-2020-15255

CVE-2020-15255 affects Anuko Time Tracker prior to 1.19.23.5325, where a CSV export of a report could contain cells treated as formulas due to insufficient input filtering (CSV/Formula Injection). The underlying vulnerability is the lack of proper filtering of user input in exports, which could a...

8.7CVSS7.2AI score0.03462EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2020/10/16 4:20 p.m.28 views

CVE-2020-15255 CSV injection in Anuko Time Tracker

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...

8.7CVSS8.4AI score0.03462EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2020/10/13 12:0 a.m.7 views

PT-2020-5835 · Phpmyadmin +1 · Phpmyadmin +1

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 5.0.2 and earlier Description: The issue is related to a lack of neutralization of elements in a CSV file in the "Export" function of the phpMyAdmin web application for database management. This could allow a remote attack...

10CVSS8.5AI score0.67081EPSS
Exploits16References43
Kitploit
Kitploit
added 2020/10/12 8:30 p.m.101 views

O365Enum - Enumerate Valid Usernames From Office 365 Using ActiveSync, Autodiscover V1, Or Office.Com Login Page

Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover, or office.com login page. Usage o365enum will read usernames from the file provided as first parameter. The file should have one username per line. The output is CSV-based for easier parsing. Valid status can be 0 invalid...

7.7AI score
Exploits0References2
Prion
Prion
added 2020/10/12 2:15 p.m.14 views

Design/Logic Flaw

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID:...

9.3CVSS7.8AI score0.01663EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/10/12 2:15 p.m.15 views

Input validation

IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...

8.5CVSS6.8AI score0.02324EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/12 1:20 p.m.21 views

CVE-2020-4689

IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...

6.8CVSS6.9AI score0.02324EPSS
Exploits0References2
CVE
CVE
added 2020/10/12 1:20 p.m.51 views

CVE-2020-4302

CVE-2020-4302 affects IBM Cognos Analytics 11.0 and 11.1 and is due to a CSV injection that could allow a remote attacker to execute arbitrary code by convincing a user to open a specially crafted Excel file. The NVD entry lists a high impact (C/H/I/A) with CVSS v3.1 score 7.8 (LOCAL attack vecto...

9.3CVSS8.5AI score0.01663EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/12 1:20 p.m.24 views

CVE-2020-4302

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID:...

5.5CVSS7.8AI score0.01663EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/09 8:1 p.m.34 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics. Vulnerability Details CVEID: CVE-2020-1747 DESCRIPTION: PyYAML could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing untrusted YAML files through the fullload method o...

10CVSS1.5AI score0.05299EPSS
Exploits1Affected Software1
NVD
NVD
added 2020/09/22 6:15 p.m.11 views

CVE-2020-14026

CSV Injection aka Excel Macro Injection or Formula Injection exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export...

9.3CVSS0.01732EPSS
Exploits1References3
Prion
Prion
added 2020/09/22 6:15 p.m.18 views

Design/Logic Flaw

CSV Injection aka Excel Macro Injection or Formula Injection exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export...

9.3CVSS8.8AI score0.01732EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/09/22 5:32 p.m.54 views

CVE-2020-14026

CSV Injection in Ozeki NG SMS Gateway (Export Of Contacts CSV) up to version 4.17.6 is caused by mishandling values in CSV export. Several sources describe potential command execution when a malicious CSV is opened, indicating a high-severity issue with remote code execution implications in affec...

9.3CVSS8.7AI score0.01732EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/09/22 5:32 p.m.16 views

CVE-2020-14026

CSV Injection aka Excel Macro Injection or Formula Injection exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export...

8.8AI score0.01732EPSS
Exploits1References3
Gitee
Gitee
added 2020/09/17 4:36 p.m.9 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...

9.8CVSS8.4AI score0.99964EPSS
Exploits47
Rows per page
Query Builder