CVE-2018-14861

Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users...

CVE-2018-14861

An issue (CVE-2018-14861) affects Odoo Community 10.0/11.0 and Odoo Enterprise 10.0/11.0 where improper data access control allows authenticated users to export other users’ securely hashed passwords via CSV. Root cause: improper access controls on the CSV export feature. Impact: disclosure of pa...

CVE-2018-14861

Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users...

CVE-2018-14861

Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users...

LiveZilla < 8.0.1.1 Multiple Vulnerabilities

LiveZilla is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:livezilla:livezilla"; if...

Lst2X64Dbg - Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database

This script extracts all the labels found in the LST file that is given as the script's single argument. An x64dbg database is created in the current directory based on the extracted labels. The LST file can be generated in IDA from the File menu: Produce file - Create LST file... Example $ pytho...

WordPress Import users from CSV with meta plugin <= 1.14.1.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found in WordPress Import users from CSV with meta plugin versions = 1.14.1.3. Solution Update the WordPress Import users from CSV with meta plugin to the latest available version at least 1.14.2.2...

LiveZilla Server CSV Injection Vulnerability

LiveZilla is a free online customer service system, based on PHP architecture, can run on Linux hosts or windows hosts, mainly divided into the client, server and server side LiveZilla Server. LiveZilla Server 8.0.1.1 before the version of the export function exists CSV injection vulnerability, a...

CVE-2019-12961

LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function...

Input validation

LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function...

CVE-2019-12961

Affected software: LiveZilla Server prior to 8.0.1.1. Issue: CSV injection via the Export Function. Root cause: lack of input sanitization/export handling enabling CSV payloads in exported data. Impact (as described): vulnerability exists in the export feature; CVSS details are provided but the p...

CVE-2019-12961

LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function...

WordPress Shortlinks by Pretty Links plugin <= 2.1.9 - CSV injection vulnerability

CSV injection vulnerability found by Jerome Bruandet in WordPress Shortlinks by Pretty Links plugin versions = 2.1.9. Solution Update the WordPress Shortlinks by Pretty Links plugin to the latest available version at least 2.1.10...

Import users from CSV with meta <= 1.14.1.3 - CSRF leading to attachment deletion & Path Traversal

CSRF leading to attachment deletion via the acuideleteattachment AJAX function...

Import users from CSV with meta <= 1.14.1.2 - XSS

The Import and export users and customers WordPress plugin was affected by a XSS security vulnerability...

CVE-2019-4364

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680...

Design/Logic Flaw

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680...

CVE-2019-4364

CVE-2019-4364 affects IBM Maximo Asset Management core product 7.6. The vulnerability is CSV injection that could allow a remote authenticated attacker to execute arbitrary commands on the system. Remediation is provided by IBM Fix Central; affected 7.6 versions include 7.6.1.1 FP, 7.6.0.10 iFix,...

CVE-2019-4364

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680...

IBM Maximo Asset Management CSV Injection Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A CSV injection...