5078 matches found
October 8, 2019—KB4519985 (Security-only update)
October 8, 2019—KB4519985 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Security updates to the Windows Cryptography, Windows Authentication, Windows Kernel, Microsoft JET Database Engine, Internet Information Services, and...
October 8, 2019—KB4520007 (Monthly Rollup)
October 8, 2019—KB4520007 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4516069released September 24, 2019 and addresses the following issues: Addresses an issue with applications and printer drivers that utilize the Window...
November 12, 2019—KB4525253 (Security-only update)
November 12, 2019—KB4525253 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against the Intel® Processor Machine Check Error vulnerability CVE-2018-12207. Use the registry setting as described in the Guidanc...
WordPress Admin Columns plugin <= 3.4.6 CSV Injection Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113559";...
CVE-2019-17661
A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...
CVE-2019-17661
A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...
Input validation
A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...
CVE-2019-17661
A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...
CVE-2019-17661
A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...
CVE-2019-17661
CVE-2019-17661 affects the WordPress plugin codepress-admin-columns (Admin Columns) v3.4.6. A CSV injection vulnerability allows a user with a crafted name (containing a formula) to cause exported CSV data to execute in Excel, potentially enabling remote control of a victim’s machine. The in‑docu...
PT-2019-15242 · Microsoft +1 · Office Excel +1
Name of the Vulnerable Software and Affected Versions: codepress-admin-columns plugin version 3.4.6 Description: A CSV injection in the codepress-admin-columns plugin for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as their first or last...
PESTO - PE (files) Statistical Tool
PESTO is a Python script that extracts and saves in a database some PE file security characteristics or flags searching for every PE binary in a whole directory, and saving results in a database. It checks for architecture flag in the header, and for the following security flags: ASLR, NOSEH, DEP...
CVE-2019-17592
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The isInt function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option...
CVE-2015-9512
The Easy Digital Downloads EDD CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
Code injection
The Easy Digital Downloads EDD CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
CVE-2015-9512
The CVE-2015-9512 entry concerns the Easy Digital Downloads CSV Manager extension for WordPress. It describes an XSS vulnerability caused by misusing add_query_arg, affecting EDD versions: 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2....
CVE-2015-9512
The Easy Digital Downloads EDD CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...
CVE-2019-17114
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...
CVE-2019-17114
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...