Fedora: Security Advisory for rpki-client (FEDORA-2020-9f31ce1df2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CSV Injection

cfme is vulnerable to CSV injection. The orchestration templates allow attackers to inject arbitrary CSV content such as formulas and exfiltrate data or further exploit other vulnerabilities...

Critical: Red Hat Security Advisory: CloudForms 5.0.7 bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

RHEL 8 : CloudForms 5.0.7 update (Critical) (RHSA-2020:3358)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3358 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

October CMS Build 465 XSS / File Read / File Deletion / CSV Injection Vulnerabilities

October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities. October CMS = Build 465 Multiple Vulnerabilities Author - Sivanesh Ashok |...

October CMS Build 465 XSS / File Read / File Deletion / CSV Injection

October CMS = Build 465 Multiple Vulnerabilities Author - Sivanesh Ashok | @sivaneshashok | stazot.com Date : 2020-03-31 Vendor : https://octobercms.com/ Version : = Build 465 Tested on : Build 465 CVE : CVE-2020-5295, CVE-2020-5296, CVE-2020-5297, CVE-2020-5298, CVE-2020-5299, CVE-2020-11083 Las...

Commit Stream - OSINT Tool For Finding Github Repositories By Extracting Commit Logs In Real Time From The Github Event API

commit-stream drinks commit logs from the Github event firehose exposing the author details name and email address associated with Github repositories in real time. OSINT / Recon uses for Redteamers / Bug bounty hunters: Uncover repositories which employees of a target company is commiting code...

Khan Academy: CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files

Insufficient CSV escaping could result in our site generating an unsafe CSV file for an end user under certain conditions. See the reporter's summary for more. Two CSV Injection Issues Was Discovered On Khan's Teacher CSV Export Function, That Could Allow Client Site Remote Code Execution, And...

Security Bulletin: CVE-2014-3524 CSV Injection in reports

Summary Cells in csv reports need to sanitize for legacy CSV Injection concerns. Vulnerability Details Third Party Entry: PSIRT-ADV0017245 DESCRIPTION: Created from Advisory: ADV0017245 CVSS Base score: 8.1 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products and Versions...

NTLMRecon - A Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints

A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains. NTLMRecon is built with flexibilty in mind. Need to run recon on a single URL, an IP address, an...

Nextcloud: Formula Injection vulnerability in CSV export feature

Dear Nextcloud Team – I have identified a formula injection vulnerability 12 in the CSV export feature of the Forms App. I am aware that the Forms app is not part of this bug bounty program but was advised to disclose it via hackerone anyway. Description. When a n Excel-/Calc- formula is sent as...

July 14, 2020—KB4565541 (Monthly Rollup)

July 14, 2020—KB4565541 Monthly Rollup NEW IMPORTANT Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operating system...

Wise Chat < 2.8.4 - CSV Injection

It could allow an unauthenticated or low privileges user to inject a command in chat messages that will be included in the exported CSV file via message backup, leading to possible code execution...

WordPress Wise Chat plugin <= 2.8.3 - CSV Injection vulnerability

CSV Injection vulnerability found by Vishnupriya Ilango Fortinet's FortiGuard Labs in WordPress Wise Chat plugin versions = 2.8.3. Solution Update the WordPress Wise Chat plugin to the latest available version at least 2.8.4...

CVE-2020-7049

Nozomi Networks OS before 19.0.4 allows //network?tab=networknodelist.html CSV Injection...

CVE-2020-7049

Nozomi Networks OS before 19.0.4 allows //network?tab=networknodelist.html CSV Injection...

Input validation

Nozomi Networks OS before 19.0.4 allows //network?tab=networknodelist.html CSV Injection...

CVE-2020-7049

Nozomi Networks OS before 19.0.4 allows //network?tab=networknodelist.html CSV Injection...

CVE-2020-7049

Summary: CVE-2020-7049 affects Nozomi Networks OS prior to version 19.0.4 and enables CSV injection via the path /#/network?tab=network_node_list.html. The provided documents name this as a CSV injection vulnerability in Nozomi Networks OS, with the affected state clearly tied to versions before ...

CVE-2020-13247

BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area...