5078 matches found
CVE-2018-20752
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote...
Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper...
SolarWinds Serv-U FTP 15.1.6 Privilege Escalation
CVE: CVE-2018-15906 Attack type: Remote, authenticated Discovered by: Chris Moberly @ The Missing Link Security Operating Systems: Verified on Win10 and Win2016 Vulnerable version: Tested on 15.1.6 current as of August 2018. Fixed in: Serv-U 15.1.6 Hotfix 2 Description SolarWinds Serv-U FTP Serve...
SolarWinds Serv-U FTP 15.1.6 Privilege Escalation Vulnerability
SolarWinds Serv-U FTP Server version 15.1.6 is vulnerable to privilege escalation from remote authenticated users by leveraging the CSV user import function. This leads to obtaining remote code execution under the context of the Windows SYSTEM account in a default installation. CVE: CVE-2018-1590...
WordPress Ad Manager WD 1.0.11 Arbitrary File Download
Exploit Title: WordPress Plugin ad manager wd v1.0.11 - Arbitrary File Download Google Dork: N/A Date: 25.01.2019 Vendor Homepage: https://web-dorado.com/products/wordpress-ad-manager-wd.html Software: https://wordpress.org/plugins/ad-manager-wd Version: 1.0.11 Tested on: Win7 x64, Exploit Author...
WiGLE - Wifi Wardriving (Nethugging Client For Android)
Open source network observation, positioning, and display client from the world's largest queryable database of wireless networks. Can be used for site-survey, security analysis, and competition with your friends. Collect networks for personal research or upload to https://wigle.net. WiGLE has be...
H8Mail - Email OSINT And Password Breach Hunting
Email OSINT and password finder. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for all those raw HTML files Small and fast Alpine Dockerfile available CLI or Bulk...
Input validation
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...
CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...
CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...
CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...
CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...
CVE-2018-8920
CVE-2018-8920 affects Synology DiskStation Manager (DSM) prior to 6.1.6-15266, via the Log Exporter. The root cause is improper neutralization of escape characters when exporting an archive in CSV format, enabling remote attackers to inject arbitrary content with an unspecified impact. The vulner...
[SECURITY] Fedora 29 Update: phpMyAdmin-4.8.4-1.fc29
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
WP Ultimate CSV Importer <= 5.6 - CSRF
The Import and Export WordPress Data as CSV or XML WordPress plugin was affected by a CSRF security vulnerability...
WordPress Import users from CSV with meta plugin <= 1.12 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability discovered by Slawek Zytko in WordPress Import users from CSV with meta plugin versions = 1.12. Solution Update the WordPress Import users from CSV with meta plugin to the latest available version at least 1.12.1...
CVE-2018-20101
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell...
CVE-2018-20101
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell...
Design/Logic Flaw
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell...
CVE-2018-20101
CVE-2018-20101 affects the WordPress plugin “Import users from CSV with meta” (versions