OpenEMR 5.0.1 Patch 6 SQLi Dump

This module exploits a SQLi vulnerability found in OpenEMR version 5.0.1 Patch 6 and lower. The vulnerability allows the contents of the entire database with exception of log and task tables to be extracted. This module saves each table as a .csv file in your loot directory and has been tested wi...

WordPress Simple 301 Redirects Plugin < 1.25 Multiple Vulnerabilities

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

CVE-2019-6182

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formul...

CVE-2019-6182

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formul...

Design/Logic Flaw

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formul...

CVE-2019-6182

CVE-2019-6182 - Lenovo XClarity Administrator (LXCA) A stored CSV Injection vulnerability exists in LXCA versions prior to 2.5.0. An administrative user could store malformed data in LXCA Jobs and Event Log data, resulting in crafted formulas being stored in an exported CSV file. The crafted form...

CVE-2019-6182

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formul...

WordPress Event Tickets plugin <= 4.10.7.1 - CSV Injection vulnerability

CSV Injection vulnerability found by MTK in WordPress Event Tickets plugin versions = 4.10.7.1. Solution 3 September 2019 - we were unable to find a patched version of this plugin. Deactivate and uninstall until the patched version release...

Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection

Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection Exploit Title: WordPress Plugin Event Tickets = 4.10.7.1 - CSV Injection Google Dork: inurl:"\wp-content\plugins\event-tickets" Date: 09-01-2019 Exploit Author: MTK http://mtk911.cf/ Vendor Homepage: https://tri.be/ Software Link:...

Event Tickets <= 4.10.7.1 - CSV Injection

The Event Tickets WordPress plugin was affected by a CSV Injection security vulnerability...

WordPress Event Tickets 4.10.7.1 CSV Injection

Exploit Title: WordPress Plugin Event Tickets = 4.10.7.1 - CSV Injection Google Dork: inurl:"\wp-content\plugins\event-tickets" Date: 09-01-2019 Exploit Author: MTK http://mtk911.cf/ Vendor Homepage: https://tri.be/ Software Link: https://downloads.wordpress.org/plugin/event-tickets.4.10.7.1.zip...

Wordpress Event Tickets 4.10.7.1 Plugin - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Event Tickets = 4.10.7.1 - CSV Injection Google Dork: inurl:"\wp-content\plugins\event-tickets" Exploit Author: MTK http://mtk911.cf/ Vendor Homepage: https://tri.be/ Software Link:...

WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection

Exploit Title: WordPress Plugin Event Tickets = 4.10.7.1 - CSV Injection Google Dork: inurl:"\wp-content\plugins\event-tickets" Date: 09-01-2019 Exploit Author: MTK http://mtk911.cf/ Vendor Homepage: https://tri.be/ Software Link: https://downloads.wordpress.org/plugin/event-tickets.4.10.7.1.zip...

WordPress Import any XML or CSV File to WordPress Plugin < 3.4.7 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113490";...

Security Bulletin: IBM Cognos Disclosure Management could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document (CVE-2016-6077)

Summary A specific usage scenario of IBM Cognos Disclosure Management could allow an Excel Macro execution on the client machine. Vulnerability Details CVEID: CVE-2016-6077 DESCRIPTION: IBM Cognos Disclosure Management could allow a remote attacker to insert a specially crafted Macro inside an...

CVE-2019-15776

The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file...

CVE-2019-15776

The CVE-2019-15776 entry concerns the WordPress plugin simple-301-redirects-addon-bulk-uploader before v1.2.5, which lacks protection against 301 redirect rule injection via a CSV file. Connected sources indicate a vulnerability enabling unintended redirects (potentially redirecting site traffic ...

WordPress Import & Export WordPress Data to CSV < 5.6.1 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Sudomy - Subdomain Enumeration & Analysis

Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way. Features For recent time,Sudomy has these 9 features: Easy, light, fast and powerful. Bash script is available by default in almost all Linux distributions...

WordPress Import Export WordPress Users plugin <= 1.3.1 - CSV Injection vulnerability

CSV Injection vulnerability found by Javier Olmedo in WordPress Import Export WordPress Users plugin versions = 1.3.1. Solution Update the WordPress Import Export WordPress Users plugin to the latest available version at least 1.3.2...