EUVD-2019-4349

An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...

CVE-2019-12765

An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...

CVE-2019-12765

CVE-2019-12765 affects Joomla! prior to 3.9.7. The issue is a CSV injection in the CSV export of the com_actionslogs component, caused by insufficient input validation during export. Public references (NVD/NIST, Nessus, OSV, CNVD, ENISA) confirm the vulnerability in Joomla! versions 3.9.0–3.9.6 (...

WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin <= 6.0.7 - Unauthenticated CSV Injection vulnerability

Unauthenticated CSV Injection vulnerability found by Mark Parfeniuk in WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin versions = 6.0.7. Solution Update the WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin to the latest available version at least 6.0.8.1...

May 19, 2019—KB4505064 (OS Build 17134.766)

May 19, 2019—KB4505064 OS Build 17134.766 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1803. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...

OPENSUSE-SU-2019:1527-1 Security update for rmt-server

This update for rmt-server to version 2.1.4 fixes the following issues: - Fix duplicate nginx location in rmt-server-pubcloud bsc1135222 - Mirror additional repos that were enabled during mirroring bsc1132690 - Make service IDs consistent across different RMT instances bsc1134428 - Make SMT data...

Security update for rmt-server (important)

openSUSE Security Update: Security update for rmt-server Announcement ID: openSUSE-SU-2019:1527-1 Rating: important References: 1107806 1117722 1118745 1125770 1128858 1129271 1129392 1132160 1132690 1134190 1134428 1135222 Cross-References: CVE-2019-11068 CVE-2019-5419 Affected Products: openSUS...

Design/Logic Flaw

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...

CVE-2019-12134

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...

CVE-2019-12134

CVE-2019-12134 describes a CSV/Formula injection in the Workday export feature. A value supplied by a low-privileged user in a contact form is mishandled during CSV export, potentially enabling Excel formula injection when opened in spreadsheet software. The connected documents confirm the vulner...

CVE-2019-12134

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...

H8Mail v2.0 - Email OSINT And Password Breach Hunting

Powerful and user-friendly password finder. Use h8mail to find passwords through different breach and reconnaissance services, or using local breaches such as Troy Hunt's "Collection1" or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for reading from...

Security Bulletin: IBM® Intelligent Operations Center does not correctly validate file types before uploading files (CVE-2019-4069)

Summary IBM® Intelligent Operations Center does not validate the content of CSV files that are uploaded by authenticated users. The upload of unvalidated CSV files by authenticated users might be a starting point for further attacks if it is combined with file renaming or other inclusion...

WordPress Hustle CSV Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Hustle a.k.a. wordpress-popup plugin is one of the online marketing plugins used in it. A CSV injection vulnerability exists in version...

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2019:1381-1)

This update for rmt-server to version 2.1.4 fixes the following issues : Fix duplicate nginx location in rmt-server-pubcloud bsc1135222 Mirror additional repos that were enabled during mirroring bsc1132690 Make service IDs consistent across different RMT instances bsc1134428 Make SMT data import...

SUSE-SU-2019:1381-1 Security update for rmt-server

This update for rmt-server to version 2.1.4 fixes the following issues: - Fix duplicate nginx location in rmt-server-pubcloud bsc1135222 - Mirror additional repos that were enabled during mirroring bsc1132690 - Make service IDs consistent across different RMT instances bsc1134428 - Make SMT data...

CVE-2019-11872

The Hustle aka wordpress-popup plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the...

CVE-2019-11872

The Hustle aka wordpress-popup plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the...

Input validation

The Hustle aka wordpress-popup plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the...

CVE-2019-11872

The Hustle (WordPress Hustle/wordpress-popup) plugin, version 6.0.7 for WordPress, is vulnerable to CSV Injection due to unsanitized user input in pop-ups. This can enable injection of malicious content into Excel, potentially allowing execution of code on an administrator’s machine. Documents co...