CVE-2018-15906

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file...

Design/Logic Flaw

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file...

Authentication flaw

In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval...

Escape code on Description field when exporting to CSV

When opening CSV files exported through the CSV Export of Jira on Excel, if there are written Excel codes on it, they will run automatically. The suggestion is to provide a setting/configuration that automatically escape special characters on the export...

CVE-2018-19514

In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval...

CVE-2018-15906

CVE-2018-15906 affects SolarWinds Serv-U FTP Server 15.1.6. A remote authenticated user can exploit the Import feature by modifying a CSV, enabling privilege escalation to SYSTEM and remote code execution on default Windows installations. Documented impact includes escalation from Domain Administ...

CVE-2018-15906

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file...

HackerOne: IDOR in Report CSV export discloses the IDs of Custom Field Attributes of Programs

Specifying a report ID of another team when requesting a CSV export leaks the ID of the Custom Field Attribute in the CSV header. Request POST /reports/export HTTP/1.1 Host: localhost:8080 ... ----------868143055 Content-Disposition: form-data; name="reportids" 17 ----------868143055...

August 30, 2018—KB4343893 (OS Build 16299.637)

August 30, 2018—KB4343893 OS Build 16299.637 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue in Microsoft Foundation Class MFC applications that may cause applications t...

Hostintel - A Modular Python Application To Collect Intelligence For Malicious Hosts

This tool is used to collect various intelligence sources for hosts. Hostintel is written in a modular fashion so new intelligence sources can be easily added. Hosts are identified by FQDN host name, Domain, or IP address. This tool only supports IPv4 at the moment. The output is in CSV format an...

Imago Forensics - Imago Is A Python Tool That Extract Digital Evidences From Images

Imago is a python tool that extract digital evidences from images recursively. This tool is useful throughout a digital forensic investigation. If you need to extract digital evidences and you have a lot of images, through this tool you will be able to compare them easily. Imago allows to extract...

WordPress Import users from CSV with meta Plugin < 1.12.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112516";...

February 12, 2019—KB4486993 (Security-only update)

February 12, 2019—KB4486993 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that may prevent applications that use a Microsoft Jet database...

Design/Logic Flaw

An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote...

CVE-2018-20752

An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote...

CVE-2018-20752

An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote...

UBUNTU-CVE-2018-20752

An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote...

CVE-2018-20752

An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote...

CVE-2018-20752

Recon-ng (before 4.9.5) contains a CSV injection vulnerability in modules/reporting/csv.py due to insufficient validation. When exporting a Twitter username with an Excel macro to CSV, sanitization fails, potentially enabling remote code execution for the attacker. No exploitation details are pro...

CVE-2018-20752

An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote...