May 23, 2019—KB4499182 (Preview of Monthly Rollup)

May 23, 2019—KB4499182 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4499151 released May 14, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses an issue ...

ThreatHunting - A Splunk App Mapped To MITRE ATT&CK To Guide Your Threat Hunts

This is a Splunk application containing several dashboards and over 120 reports that will facilitate initial hunting indicators to investigate. You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found here Note: This application is not a magic bullet, it will...

Cross site scripting

The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS...

CVE-2015-9306

The CVE-2015-9306 entry concerns the WordPress plugin wp-ultimate-csv-importer; versions prior to 3.8.1 are affected by a Cross-Site Scripting (XSS) vulnerability. The issue arises from inadequate validation of client-side data. Impact is XSS execution within the context of the user’s browser; ex...

PT-2019-7265 · WordPress · Wp Ultimate Csv Importer

Name of the Vulnerable Software and Affected Versions: wp-ultimate-csv-importer plugin version prior to 3.8.1 for WordPress Description: The issue is related to a Cross-Site Scripting XSS problem. XSS is a type of security vulnerability that allows an attacker to inject malicious scripts into a...

osTicket 1.12 - Formula Injection

Exploit Title: osTicket-v1.12 Formula Injection Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14749 1. Description An issu...

osTicket 1.12 - Formula Injection

osTicket 1.12 - Formula Injection Exploit Title: osTicket-v1.12 Formula Injection Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE:...

openSUSE Security Update : rmt-server (openSUSE-2019-1824)

This update for rmt-server to version 2.3.1 fixes the following issues : - Fix mirroring logic when errors are encountered bsc1140492 - Refactor RMT::Mirror to download metadata/licenses in parallel - Check repo metadata GPG signatures during mirroring bsc1132690 - Add rmt-server-config subpackag...

osTicket 1.12 Formula Injection

Exploit Title: osTicket-v1.12 Formula Injection Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14749 1. Description An issu...

TeamPass <= 2.1.27.36 Multiple XSS Vulnerabilities

TeamPass is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

osTicket < 1.10.7, 1.12.x < 1.12.1 Multiple Vulnerabilities

osTicket is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-14683

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...

CVE-2019-14683

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...

Cross site request forgery (csrf)

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...

CVE-2018-19855

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

Design/Logic Flaw

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

CVE-2018-19855

CVE-2018-19855 affects UiPath Orchestrator versions prior to 2018.3.4. The vulnerability is described as a CSV Injection related to the Audit export, Robot log export, and Transaction log export features. Supported connected sources reiterate the same impact and affected version line; no addition...

CVE-2018-19855

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...