5078 matches found
Enumdb - MySQL and MSSQL Brute Force And Post Exploitation Tool To Search Through Databases And Extract Sensitive Information
Enumdb is brute force and post exploitation tool for MySQL and MSSQL databases. When provided a list of usernames and/or passwords, it will cycle through each looking for valid credentials. By default enumdb will use newly found, or given, credentials to search the database and find tables...
CVE-2017-18049
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...
Design/Logic Flaw
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...
CVE-2017-18049
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...
CVE-2017-18049
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...
CVE-2017-18049
In SilverStripe, the CSV export feature is vulnerable to Macro Injection, where output may contain macros or scripts susceptible to execution when opened in software like Microsoft Excel. Affected versions are before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1; the issue arises from un-saniti...
UPDATE: OWASP Dependency-Check 3.1.0
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.0! This release comes with...
Web Reconnaissance Framework: Recon-ng
Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can...
[SECURITY] Fedora 27 Update: phpMyAdmin-4.7.7-1.fc27
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
WordPress Easy2Map plugin path traversal vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL server set up a personal blog site. easy2Map is one of the support to create a customized Google Maps plugin. A path traversal vulnerability exists in...
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince...
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Websit...
Huawei SmartCare CSV Injection Vulnerability
Huawei SmartCare is an end-to-end user perception enhancement and assurance solution from Huawei, China, to improve customer experience in the telecom sector. A CSV injection vulnerability exists in Huawei SmartCare. A remote attacker can exploit this vulnerability to inject malicious CSV...
SilverStripe CMS 3.6.2 CSV Excel Macro Injection
Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: web...
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection
Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: web...
CVE-2017-15313
Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...
Input validation
Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...
CVE-2017-15313
CVE-2017-15313 affects Huawei SmartCare V200R003C10, which has a CSV injection vulnerability. A remote authenticated attacker could inject malicious CSV expressions into the affected device. The connected documents confirm the vulnerability and its impact but do not provide exploit status beyond ...
CVE-2017-15313
Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...
Wordpress esb-csv-import-export plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . esb-csv-import-export plugin is used in one of the plug-ins for importing and exporting CSV files . A...