5078 matches found
CVE-2018-17408
CVE-2018-17408 concerns a stack-based buffer overflow in Zahir Accounting Enterprise Plus 6 through build 10b. A crafted CSV file opened via the Import CSV File menu can allow remote attackers to execute arbitrary code. Multiple public exploits exist, including a Metasploit module and PoC/payload...
Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)
Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Google Dork: - Date: 2018-09-28 Exploit Author: modpr0be Vendor Homepage: http://www.zahiraccounting.com/ Software Link:...
Zahir Enterprise Plus 6 Build 10b Buffer Overflow
Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Google Dork: - Date: 2018-09-28 Exploit Author: modpr0be Vendor Homepage: http://www.zahiraccounting.com/ Software Link: http://zahiraccounting.com/files/zahir-accounting-6-free-trial.zip Version: 6 build 10b - Download here:...
Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Exploit Author: modpr0be Vendor Homepage: http://www.zahiraccounting.com/ Software Link: http://zahiraccounting.com/files/zahir-accounting-6-free-trial.zip Version: 6 bui...
Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)
Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Google Dork: - Date: 2018-09-28 Exploit Author: modpr0be Vendor Homepage: http://www.zahiraccounting.com/ Software Link: http://zahiraccounting.com/files/zahir-accounting-6-free-trial.zip Version: 6 build 10b - Download here:...
Zahir Enterprise Plus 6 Stack Buffer Overflow
This module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler...
Qualys Cloud Platform 2.34.1 New Features
This release of the Qualys Cloud Platform version 2.34.1 includes updates and new features for Cloud Agent & AWS EC2 Connector, AssetView, CloudView, and Security Assessment Questionnaire, highlights as follows. Cloud Agent & AWS EC2 Connector Automatic Merge of Cloud Agents running in Amazon Web...
phpMyFAQ <= 2.9.10 Multiple Vulnerabilities
phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...
CSV Injection
phpmyfaq/phpmyfaq is vulnerable to CSV injection attacks. The vulnerability exists due to the lack of sanitization of characters that allows a string to be interpreted as a formula...
CVE-2018-15474
CSV Injection aka Excel Macro Injection or Formula Injection in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "th...
Design/Logic Flaw
DISPUTED CSV Injection aka Excel Macro Injection or Formula Injection in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has...
CVE-2018-15474
CSV Injection aka Excel Macro Injection or Formula Injection in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "th...
UBUNTU-CVE-2018-15474
DISPUTED CSV Injection aka Excel Macro Injection or Formula Injection in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has...
CVE-2018-15474
CSV Injection aka Excel Macro Injection or Formula Injection in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "th...
CVE-2018-15474
Summary: CVE-2018-15474 affects DokuWiki up to version 2018-04-22a (Greebo) in /lib/plugins/usermanager/admin.php. A value mishandled during CSV export enables CSV/Formula Injection, allowing remote data exfiltration and potential arbitrary code execution. The vulnerability is described across mu...
CVE-2018-15474
CSV Injection aka Excel Macro Injection or Formula Injection in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "th...
Design/Logic Flaw
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...
CVE-2018-16651
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...
CVE-2018-16651
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...
CVE-2018-16651
The CVE-2018-16651 entry applies to phpMyFAQ (admin backend) before version 2.9.11, where CSV injection in reports is possible due to insufficient sanitization of report content. The vulnerability is reflected with a HIGH CVSS score (3.0: 7.2; 2.0: 9.0) and can impact multiple CIA aspects as defi...