CVE-2019-14352

CVE-2019-14352 affects Joget Workflow 6.0.20 with CSV Injection (Formula Injection) in the endpoint for account creation through the Account ID/Name field (jw/web/userview/crm_community/crm_userview_sales/_/account_new). The vendor disputes the relevance of this finding because CSV is not the int...

PT-2019-13631 · Joget · Joget Workflow

Name of the Vulnerable Software and Affected Versions: Joget Workflow version 6.0.20 Description: The issue exists in Joget Workflow, where CSV Injection, also known as Formula Injection, can occur. This is demonstrated by the "/jw/web/userview/crm community/crm userview sales/ /account new"...

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2019:1973-1)

This update for rmt-server to version 2.3.1 fixes the following issues : Fix mirroring logic when errors are encountered bsc1140492 Refactor RMT::Mirror to download metadata/licenses in parallel Check repo metadata GPG signatures during mirroring bsc1132690 Add rmt-server-config subpackage with...

SUSE-SU-2019:1973-1 Security update for rmt-server

This update for rmt-server to version 2.3.1 fixes the following issues: - Fix mirroring logic when errors are encountered bsc1140492 - Refactor RMT::Mirror to download metadata/licenses in parallel - Check repo metadata GPG signatures during mirroring bsc1132690 - Add rmt-server-config subpackage...

REDCap 9.1.2 - Cross-Site Scripting

REDCap 9.1.2 - Cross-Site Scripting Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges to store it. -...

REDCap Cross Site Scripting

Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges to store it. - Location example:...

REDCap < 9.1.2 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges t...

CVE-2016-10762

The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...

CVE-2016-10762

The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...

Design/Logic Flaw

The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...

CVE-2016-10762

The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...

PasteHunter - Scanning Pastebin With Yara Rules

PasteHunter is a python3 application that is designed to query a collection of sites that host publicly pasted data. For all the pasts it finds it scans the raw contents against a series of Yara rules looking for information that can be used by an organisation or a researcher. For setup...

WooCommerce <= 3.6.4 - Cross-Site Request Forgery (CSRF) & File Type Check

Changelog mentions: Security – Introduce file type check for tax rate importer. Security – Added nonce check to CSV importer actions. RIPS Tech later released an advisory detailing the vulnerability, which can be found in the references...

DarkScrape - OSINT Tool For Scraping Dark Websites

OSINT Tool to find Media Links in Tor Sites. Tested On Kali Linux 2019.2 Ubuntu 18.04 Nethunter Arc Linux Installation git clone https://github.com/itsmehacker/DarkScrape.git pip3 install -r requirements.txt Features Download Media Scrape From Single Url Scraping From Files Txt Csv Excel Inspired...

Youzer - Fake User Generator For Active Directory Environments

Fake User Generator for Active Directory Environments Introduction The goal of Youzer is to create information rich Active Directory environments. This uses the python3 library 'faker' to generate random accounts. pip3 install faker You can either supply a wordlist or have the passwords generated...

CVE-2019-13144

myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5...

Input validation

myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5...

CVE-2019-13144

myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5...

CVE-2019-13144

CVE-2019-13144 affects myTinyTodo versions 1.3.3 through 1.4.3. The vulnerability is CSV Injection, with a fix implemented in version 1.5. The provided sources flag this as a CSV injection issue in the affected range; no exploit details are included in the documents beyond the vulnerability class...

CVE-2018-14861

Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users...