Joomla! Component AcySMS 3.5.0 - CSV Macro Injection

Exploit Title: Joomla! Component AcySMS 3.5.0 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extensions/extension/communication/phone-a-sms/acysms/ Affected Version: 3.5...

Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection

Exploit Title: Joomla! Component Acymailing Starter 5.9.5 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extension/acymailing-starter/ Affected Version: 5.9.5 Category:...

WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection

Exploit Title : Contact Form 7 to Database Extension Wordpress Plugin CSV Injection Date: 23-03-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: None Software Link: https://wordpress.org/plugins/contact-form-7-to-database-extension Version: 2.10.32...

Design/Logic Flaw

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export...

Design/Logic Flaw

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export...

CVE-2018-9106

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export...

CVE-2018-9107

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export...

CVE-2018-9106

CVE-2018-9106 affects the Joomla! AcySMS extension prior to 3.5.1. The vulnerability is a CSV Injection/Formula Injection in the export feature, where a value mishandled in a CSV export can be exploited. Documented impact includes CSV injections via exported data, potentially enabling adversaries...

CVE-2018-9106

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export...

CVE-2018-9107

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export...

CVE-2018-9107

CVE-2018-9107 affects the Joomla! AcyMailing extension (Acymailing) before 5.9.6, where the CSV export feature mishandles a value in the exported data, enabling CSV/Excel macro injection (CSV Injection). Public references describe an attack method for Acymailing Starter 5.9.5 and report CVE-2018-...

AcySMS, 3.5.0, CSV Injection

AcySMS by Acyba, versions 3.5.0 and previous, CSV Injection see https://vel.joomla.org/articles/2140-introducing-csv-injection resolution: update to 3.5.1 update notice: https://www.acyba.com/acysms/change-log.html...

AcyMailing, 5.9.5, CSV Injection

AcyMailing by Acyba, versions 5.9.5 and previous, CSV Injection see https://vel.joomla.org/articles/2140-introducing-csv-injection Resolution: update to 5.9.6 update notice: https://www.acyba.com/acymailing/change-log.html...

Eramba Cross-Site Scripting Vulnerability (CNVD-2018-06086)

Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program features IT security, compliance auditing and analysis, and more. A cross-site scripting vulnerability exists in the error page of the CSV file inclusion tab of /importTool/preview URI in Eramba e...

WordPress Import any XML or CSV File to WordPress plugin <=3.4.6 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Yuji Tounai in WordPress Import any XML or CSV File to WordPress plugin versions =3.4.6. Solution Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version at least 3.4.7...

WordPress Import any XML or CSV File to WordPress plugin <=3.4.5 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Mardan Muhidin in WordPress Import any XML or CSV File to WordPress plugin versions =3.4.5. Solution Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version at least 3.4.6...

CVE-2018-7997

Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript...

CVE-2018-7997

Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript...

Cross site scripting

Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript...

CVE-2018-7997

Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript...