CVE-2018-15571

The CVE-2018-15571 entry concerns the WordPress Export Users to CSV plugin (versions up to 1.1.1). The connected documents confirm a CSV injection vulnerability in the plugin, enabling an attacker to craft CSV fields that execute commands when a CSV file is opened by a user with sufficient privil...

WordPress Ninja Forms plugin <= 3.3.13 - CSV Injection vulnerability

CSV Injection vulnerability fund by Mostafa Gharzi in WordPress Ninja Forms plugin versions = 3.3.13. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.3.14...

Active Directory Privilege Relationships: BloodHound

BloodHound is a single page Javascript web application, built on top of Linkurious , compiled with Electron , with a Neo4j database fed by a PowerShell ingestor . BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attacks c...

Wordpress Ninja Forms 3.3.13 Plugin - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and befor...

April 18, 2017—KB4015553 (Preview of Monthly Rollup)

April 18, 2017—KB4015553 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of Monthly Rollup KB4015550 released April 11, 2017 and also includes these new quality improvements as a preview of the next Monthly Rollup update:...

Wordpress Plugin Ninja Forms CSV Injection Vulnerability

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Software Foundation, which supports personal blog sites on servers with PHP and MySQL. Ninja Forms is the ultimate free form creation tool for WordPress. A CSV injection vulnerability exists in WordPress Nin...

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/...

Ninja Forms <= 3.3.13 - CSV Injection

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a CSV Injection security vulnerability...

WordPress Plugin Ninja Forms 3.3.13 - CSV Injection

Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and before Active...

WordPress Ninja Forms 3.3.13 CSV Injection

Exploit Title: Wordpress Plugin Ninja Forms - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and before Active installations: 1+...

WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection

WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link:...

Wordpress Export Users to CSV 1.1.1 Plugin - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version:...

Export Users to CSV <= 1.1.1 - CSV Injection

WordPress Export users to CSV plugin version 1.1.1. and before are affected by Remote Code Execution through the CSV injection vulnerability. This allows an application user to inject commands as part of the fields of his profile and these commands are executed when a user with greater privilege...

WordPress Export Users To CSV 1.1.1 CSV Injection

Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version: 1.1.1 and before Acti...

Export Users to CSV <= 1.1.1 - CSV Injection

WordPress Export users to CSV plugin version 1.1.1. and before are affected by Remote Code Execution through the CSV injection vulnerability. This allows an application user to inject commands as part of the fields of his profile and these commands are executed when a user with greater privilege...

WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection

Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version: 1.1.1 and before Acti...

The vulnerability of the Nikto web application security scanner lies in the lack of mechanisms to neutralize special elements in the input commands of the operating system. This allows attackers to execute arbitrary commands on the operating system.

The vulnerability of the Nikto web scanner is related to the lack of neutralization of special elements in the input data of the operating system during the generation of CSV files containing the results of scanning. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

FF Password Exporter - Easily Export Your Passwords From Firefox

It can be difficult to export your passwords from Firefox. Since version 57 of Firefox Quantum existing password export addons no longer work. Mozilla provides no other official alternatives. FF Password Exporter makes it quick and easy to export all of your passwords from Firefox. You can use FF...

(0Day) Wecon LeviStudioU Datalogtool file.creation-data Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

Chaturbate: CSV Injection with the CSV export feature

Hi there, hope you are well, The "Download as a CSV" feature of does not properly "escape" fields. So that particular field is vulnerable to CSV injection. Steps of POC Step 1 : Go to any chat room and donate any token to some and in note insert =4+4. Step 2 : Now go to on this link and download...