CVE-2018-7997

Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript...

Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting (XSS)

The Import any XML or CSV File to WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

Tiki CSV Injection Vulnerability

Tiki is a suite of open source content management and portal applications from the Tiki software community that can be used to create Web applications, portals, corporate intranets, extranets, and more. A security vulnerability exists in Tiki version 17.1 that stems from the program's failure to...

Elastic Logstash 'CVE-2016-1000222' Malicious Input Vulnerability

Elastic Logstash is prone to a vulnerability related to malicious input. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Input validation

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...

CVE-2018-7304

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...

CVE-2018-7304

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...

CVE-2018-7304

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...

CVE-2018-7304

CVE-2018-7304 affects Tiki Wiki CMS Groupware (Tiki) version 17.1. The vulnerability arises because the application does not validate user input containing special characters in CSV fields, enabling CSV Injection that can trigger commands on the victim’s machine (for example, an input payload lik...

Qualys Cloud Platform 2.32 New Features

This release of the Qualys Cloud Platform version 2.32 includes updates and new features for AssetView, EC2 Connector, File Integrity Monitoring, Indication of Compromise, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows. Post update...

IBM Content Navigator CSV Injection Vulnerability

IBM Content Navigator is a Web client from IBM USA that supports searching and processing documents stored in content servers around the world from a Web browser. A CSV injection vulnerability exists in IBM Content Navigator versions 2.0.3.7 through 2.0.3.8 and 3.0.0 through 3.0.3. An attacker ca...

CVE-2018-1366

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value CSV Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452...

Input validation

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value CSV Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452...

CVE-2018-1366

Summary of CVE-2018-1366 (IBM Content Navigator) : The vulnerability affects IBM Content Navigator versions 2.0.3.7–2.0.3.8 and 3.0.0–3.0.3, where a CSV Injection flaw exists in the CSV handling/submission path. The underlying issue enables an attacker to inject content into CSV-enabled workflows...

CVE-2018-1366

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value CSV Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452...

WordPress Email Subscribers & Newsletters Plugin Information Disclosure Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters plugin is used in one of the push message plugin. An information disclosure vulnerability exists in...

Design/Logic Flaw

An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=viewallsubscribers in the body, allows downloading of a CSV data file with all subscriber data...

CVE-2018-6015

The CVE-2018-6015 issue affects WordPress Email Subscribers & Newsletters plugin prior to v3.4.8. An attacker can trigger an information-disclosure by sending an HTTP POST to a URI ending with /?es=export and including option=view_all_subscribers in the body, which allows downloading a CSV contai...

CVE-2018-6015

An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=viewallsubscribers in the body, allows downloading of a CSV data file with all subscriber data...

Wavecrack - Web Interface For Password Cracking With Hashcat

A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Screenshots The homepage Adding an hash to crack Seeing the results and some stats Outline This Web application can be used to launch asynchronous password cracks with hashcat. The...