5078 matches found
CVE-2018-1774
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692...
Input validation
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692...
CVE-2018-1774
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692...
CVE-2018-1774
IBM API Connect is vulnerable to CSV Injection in the Developer Portal and analytics for versions 5.0.0.0–5.0.8.4 and 2018.1–2018.3.6. The underlying issue enables execution of malicious commands when opened by an administrator. Affected components include the Management server (iFix LI80404) and...
The AWS Exploitation Framework: Pacu
Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...
Security Bulletin: IBM API Connect is vulnerable to CSV Injection (CVE-2018-1774)
Summary IBM API Connect has addressed the following vulnerability. IBM API Connect is vulnerable to CSV Injection via the Developer Portal and analytics that could contain malicious commands that would be executed once opened by an administrator. Vulnerability Details CVEID: CVE-2018-1774...
Anviz AIM CrossChex Standard 4.3 - CSV Injection
Anviz AIM CrossChex Standard 4.3 - CSV Injection Exploit Title: Anviz AIM CrossChex Standard 4.3 - CSV Injection Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-01 Vendor: Anviz Biometric Technology Co., Ltd. Product web page: https://www.anviz.com Affected version: 4.3.6.0 Tested on...
Anviz AIM CrossChex Standard 4.3 - CSV Injection
Exploit Title: Anviz AIM CrossChex Standard 4.3 - CSV Injection Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-01 Vendor: Anviz Biometric Technology Co., Ltd. Product web page: https://www.anviz.com Affected version: 4.3.6.0 Tested on: Microsoft Windows 7 Professional SP1 EN CVE: N/...
data-tools 'tab-to-csv' function integer overflow vulnerability
data-tools is a command line tool for data extraction, data manipulation and file format conversion. An integer overflow vulnerability exists in the 'tab-to-csv' function of the tab-to-csv.c file in data-tools versions 2017-07-26 and earlier. An attacker can exploit this vulnerability to cause a...
Oracle Siebel CRM 8.1.1 CSV Injection
Exploit Title: Oracle Siebel CRM 8.1.1 - CSV Injection Date: 2018-10-21 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: http://www.oracle.com/us/products/applications/siebel/siebel-crm-8-1-1-066196.html Version: Oracle Siebel CRM Versio...
Oracle Siebel CRM 8.1.1 - CSV Injection
Oracle Siebel CRM 8.1.1 - CSV Injection Exploit Title: Oracle Siebel CRM 8.1.1 - CSV Injection Date: 2018-10-21 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link:...
Oracle Siebel CRM 8.1.1 - CSV Injection Vulnerability
Exploit for java platform in category web applications Exploit Title: Oracle Siebel CRM 8.1.1 - CSV Injection Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link:...
Munin - Online Hash Checker For Virustotal And Other Services
Munin is a online hash checker utility that retrieves valuable information from various online sources The current version of Munin queries the following services: Virustotal Malshare HybridAnalysis Note: Munin is based on the script "VT-Checker", which has been maintained in the LOKI repository...
biz.netcentric.cq.tools.accesscontroltool:sling-minimum-version-environment (>=4.2.0 <=4.2.1), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.6.100 <=6.4.4) +632 more potentially affected by CVE-2016-4434 via org.apache.tika:tika-core (>=0.4 <=1.12)
org.apache.tika:tika-core MAVEN version =0.4, =4.2.0, =5.6.100, =2.0.6, =1.0.10, =1.0.12, =1.0.8, =0.6, =1.0.8, =1.0.12 and more Source cves: CVE-2016-4434 Source advisory: OSV:GHSA-4XR4-4C65-HJ7F...
Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zahir Enterprise Plus 6 Stack Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Zahir Enterprise Plus version ...
XenMobile: Supported File Formats with Quick Edit
Question and Answers Which all file formats are supported within Quick Edit? QuickEdit supports the following types of files: Microsoft Word – .doc and .docx Microsoft Excel – .xls and .xlsx Microsoft PowerPoint – .ppt and .pptx PDF TXT and RTF iOS only CSV iOS only GIF, JPEG, BMP, and PNG These...
Zahir Enterprise Plus 6 Stack Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zahir Enterprise Plus 6 Stack Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Zahir Enterprise Plus version ...
CVE-2018-17408
Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu...
Stack overflow
Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu...
CVE-2018-17408
Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu...