Cross-Site Scripting (XSS)

silverstripe-australia/advancedreports is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via a malicious CSV file...

i-doit CMDB <= 1.14.2 Multiple Vulnerabilities

i-doit CMDB is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-24897

The Table Filter and Charts for Confluence Server app before 5.3.25 for Atlassian Confluence allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting XSS through the provided Markdown markup to the "Table from CSV" macro...

CVE-2020-24897

The Table Filter and Charts for Confluence Server app before 5.3.25 for Atlassian Confluence allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting XSS through the provided Markdown markup to the "Table from CSV" macro...

Cross site scripting

The Table Filter and Charts for Confluence Server app before 5.3.25 for Atlassian Confluence allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting XSS through the provided Markdown markup to the "Table from CSV" macro...

CVE-2020-24897

The Table Filter and Charts for Confluence Server app before 5.3.25 for Atlassian Confluence allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting XSS through the provided Markdown markup to the "Table from CSV" macro...

CVE-2020-13826

A CSV injection aka Excel Macro Injection or Formula Injection issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export...

Design/Logic Flaw

A CSV injection aka Excel Macro Injection or Formula Injection issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export...

CVE-2020-13826

The CVE-2020-13826 entry concerns i-doit 1.14.2, where a CSV export mishandles the Title parameter, enabling CSV/Excel macro injection that could execute arbitrary commands. This is a vulnerability in the CSV export functionality, caused by unsafely embedded data in export output. Affected compon...

CVE-2020-13826

A CSV injection aka Excel Macro Injection or Formula Injection issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export...

CVE-2020-10780

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affect...

CVE-2020-10780

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affect...

Input validation

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affect...

CVE-2020-10780

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affect...

CVE-2020-10780

CVE-2020-10780 affects Red Hat CloudForms 4.7 and 5, where a CSV Injection flaw in Orchestration Templates can be triggered when a crafted CSV is exported and opened in Excel. The underlying issue is loosely validated parameters allowing CSV formulae to execute after the file is opened, enabling ...

August 11, 2020—KB4571730 (Monthly Rollup)

August 11, 2020—KB4571730 Monthly Rollup IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. IMPORTANT WSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of devic...

IRFuzz - Simple Scanner with Yara Rule

IRFuzz is a simple scanner with yara rules for document archives or any files. Install 1. Prerequisites Linux or OS X Yara: just use the latest release source code, compile and install it or install it via pip install yara-python Yara Rules - You may download yara rules from here or import your...

[SECURITY] Fedora 32 Update: rpki-client-6.7p1-1.fc32

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

Fedora: Security Advisory for rpki-client (FEDORA-2020-25d8011cb4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 31 Update: rpki-client-6.7p1-1.fc31

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...