Making Splunk searches using REST API

When you have already learned how to make search requests in Splunk GUI, it may be nice to figure out how do the same from your own scripts using the Splunk REST API. It's really easy! Ok, we have a Splunk SIEM account: user="user" pass="Password123" And we want to execute this search request:...

Dropbox: CSV Injection with the CVS export feature

The report mentions a well known problem with any CSV export function. If the exported data has an Excel formula, the user will be warned and if the user clicks through a warning they might get some code execution. At the same time, fixing this bug means that the CSV data is no longer correct and...

Cross site scripting

Cross-site scripting XSS vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi...

CVE-2015-8010

Cross-site scripting XSS vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi...

UBUNTU-CVE-2015-8010

Cross-site scripting XSS vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi...

CVE-2015-8010

Removed by vendor...

GitLab: CSV injection in gitlab.com via issues export feature.

Dear GitLab bug bounty team, Summary --- GitLab allows users to export issues as a .csv file. By injecting a payload into an issue title an attacker could exfiltrate data or execute code on the target machine. For instance, by naming an issue =cmd|' /C calc'!A0 I am able to open up calc.exe on...

FTPShell Server 6.56 Import CSV Buffer Overflow

Title: FTPShell Server 6.56 - Import CSV Buffer Overflow + Credits / Discovery: Nassim Asrir + Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A Vendor: =============== www.ftpshell.com Download: ===========...

CVE-2017-6095

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php Unauthenticated with the GET Parameter: listid...

CVE-2017-6095

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php Unauthenticated with the GET Parameter: listid...

CVE-2017-6095

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php Unauthenticated with the GET Parameter: listid...

HackerOne: Information leakage via CSV when content is valid JavaScript

Summary: The function "Download as CSV" might leak information to 3rd domains. The exploitation seems unlikely and purely theoretical but it might work in some cases. Description Include Impact: Take downloading payments as CSV, for example, which is recently launched. The response to...

AD ACL Scanner

AD ACL Scanner AD ACL Scanner is a tool completly written in PowerShell with GUI used to create reports of access control lists DACLs and system access control lists SACLs in Active Directory . New Features Faster compare of Access Control Lists using USN from replication metadata. Primary...

FullContact BB #2 - CSV Excel Macro Injection Vulnerability

Document Title: =============== FullContact BB 2 - CSV Excel Macro Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1904 Release Date: ============= 2017-01-19 Vulnerability Laboratory ID VL-ID: ====================================...

FullContact BB #2 - CSV Excel Macro Injection Vulnerability

Document Title: =============== FullContact BB 2 - CSV Excel Macro Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1904 Release Date: ============= 2017-01-19 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2016-10112

Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format...

Denial Of Service (DoS)

wger is vulnerable to denial-of-service DoS attacks. The vulnerability exists as there are no limit checks in the csv upload functionality and it is exploitable by importing large size csv...

FTPShell Server 6.36 - .csv Local Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit FTPShell server 6.36 '.csv' CrashPoC Author: albalawisultan Tested on:win7 st :http://www.ftpshell.com/download.htm 1-open FTPShell Server Administrator 2-manage Ftp accounts 3-import from csv ban=...

FTPShell Server 6.36 - .csv Local Denial of Service

FTPShell Server 6.36 - .csv Local Denial of Service Exploit FTPShell server 6.36 '.csv' CrashPoC Author: albalawisultan Tested on:win7 st :http://www.ftpshell.com/download.htm 1-open FTPShell Server Administrator 2-manage Ftp accounts 3-import from csv ban=...

Man In The Middle (MitM)

geoip-lite-country is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads a CSV resource via HTTP, allowing MitM attacks...