5084 matches found
CVE-2020-24707
Gophish (before 0.11.0) is affected by a CSV injection vulnerability: it allows creation of CSV sheets containing malicious content. The issue is documented across multiple sources, with remediation to upgrade to v0.11.0 (see references to v0.11.0 release).
CVE-2020-24707
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content...
CVE-2020-15255
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...
CVE-2020-15255
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...
Input validation
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...
CVE-2020-15255
CVE-2020-15255 affects Anuko Time Tracker prior to 1.19.23.5325, where a CSV export of a report could contain cells treated as formulas due to insufficient input filtering (CSV/Formula Injection). The underlying vulnerability is the lack of proper filtering of user input in exports, which could a...
CVE-2020-15255 CSV injection in Anuko Time Tracker
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...
PT-2020-5835 · Phpmyadmin +1 · Phpmyadmin +1
Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 5.0.2 and earlier Description: The issue is related to a lack of neutralization of elements in a CSV file in the "Export" function of the phpMyAdmin web application for database management. This could allow a remote attack...
O365Enum - Enumerate Valid Usernames From Office 365 Using ActiveSync, Autodiscover V1, Or Office.Com Login Page
Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover, or office.com login page. Usage o365enum will read usernames from the file provided as first parameter. The file should have one username per line. The output is CSV-based for easier parsing. Valid status can be 0 invalid...
Design/Logic Flaw
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID:...
Input validation
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...
CVE-2020-4689
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...
CVE-2020-4302
CVE-2020-4302 affects IBM Cognos Analytics 11.0 and 11.1 and is due to a CSV injection that could allow a remote attacker to execute arbitrary code by convincing a user to open a specially crafted Excel file. The NVD entry lists a high impact (C/H/I/A) with CVSS v3.1 score 7.8 (LOCAL attack vecto...
CVE-2020-4302
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID:...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics. Vulnerability Details CVEID: CVE-2020-1747 DESCRIPTION: PyYAML could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing untrusted YAML files through the fullload method o...
CVE-2020-14026
CSV Injection aka Excel Macro Injection or Formula Injection exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export...
Design/Logic Flaw
CSV Injection aka Excel Macro Injection or Formula Injection exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export...
CVE-2020-14026
CSV Injection in Ozeki NG SMS Gateway (Export Of Contacts CSV) up to version 4.17.6 is caused by mishandling values in CSV export. Several sources describe potential command execution when a malicious CSV is opened, indicating a high-severity issue with remote code execution implications in affec...
CVE-2020-14026
CSV Injection aka Excel Macro Injection or Formula Injection exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...