Shopify: XSS on postal codes

Hi, 190951 is not fully fixed. Scripts can be injected via a csv file and make it execute in the application. Screenshots attached...

WordPress ZX CSV Upload 1 Plugin - Authenticated SQL Injection

This plugin is prone to an SQL injection vulnerability. It allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

WordPress ZX CSV Upload 1 Plugin - Authenticated SQL Injection

This plugin is prone to an SQL injection vulnerability. It allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

RecuperaBit - A Tool For Forensic File System Reconstruction

A software which attempts to reconstruct file system structures and recover files. Currently it supports only NTFS. RecuperaBit attempts reconstruction of the directory structure regardless of: missing partition table unknown partition boundaries partially-overwritten metadata quick format You ca...

Cold Disk Quick Response: CDQR

Cold Disk Quick Response tool The CDQR tool uses Plaso to parse disk images with specific parsers and create easy to analyze custom reports. The parsers were chosen based on my experience and triaging best practices and the custom reports group like items together to make analysis easier. The...

Malicious Host Intelligence: hostintel

Malicious Host Intelligence This tool is used to collect various intelligence sources for hosts. Hostintel is written in a modular fashion so new intelligence sources can be easily added. Hosts are identified by FQDN host name, Domain, or IP address. This tool only supports IPv4 at the moment. Th...

BBQSQL - A Blind SQL Injection Exploitation Tool

Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don't you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues. BBQSQL is a blind SQL injection framework written in Python. It is...

CampTix Event Ticketing <= 1.5.0 - CSV Injection Bypasses and XSS

The CampTix Event Ticketing WordPress plugin was affected by a CSV Injection Bypasses and XSS security vulnerability...

Flash Operator Panel 2.31.03 - CSV Persistent Vulnerability

Document Title: =============== Flash Operator Panel 2.31.03 - CSV Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1908 Release Date: ============= 2016-10-05 Vulnerability Laboratory ID VL-ID: ===================================...

Flash Operator Panel 2.31.03 - CSV Persistent Vulnerability

Document Title: =============== Flash Operator Panel 2.31.03 - CSV Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1908 Release Date: ============= 2016-10-04 Vulnerability Laboratory ID VL-ID: ===================================...

UDAdmin.exe tool has been enhanced for better reporting and exporting of User Device License usage

Question: How to check license usage in Xendesktop/Xenapp with the enhanced UDAdmin.exe tool for reporting and monitoring? Answer: With License Server 11.14.0.1 Build 23101, some enhancements have been made to the UDAdmin command for better reporting of User Device License usage. The enhancements...

Forensic File System Reconstruction: RecuperaBit

Forensic File System Reconstruction A software which attempts to reconstruct file system structures and recover files. Currently it supports only NTFS. RecuperaBit attempts reconstruction of the directory structure regardless of: missing partition table unknown partition boundaries...

Ian Dunn: CSV Injection in Camptix

Hello, Ian! I see you tried to escape "=, -, +, @" in your code 151516, but let me show simple workaround. I've made CSV injection by using this string ";=cmd|' /C calc'!A5" without doublequotes. ";" will bypass your trying to set the quote in the beginning of the string. ";" acts as a new cell...

WordPress Plugin Mail Masta 1.0 - Local File Inclusion

WordPress Plugin Mail Masta 1.0 - Local File Inclusion + Date: 23-8-2016 + Autor Guillermo Garcia Marcos + Vendor: https://downloads.wordpress.org/plugin/mail-masta.zip + Title: Mail Masta WP Local File Inclusion + info: Local File Inclusion The File Inclusion vulnerability allows an attacker to...

Ian Dunn: bypass to csv injection

Hi Ian, I would like to add payload to this report 151516. payload used: http://google.com?,=2+2-2+3+cmd|' /C calc'!G2 When injecting https://google.com? it will be rendered as a link but when comma , it will be rendered in a new cell which will execute the command. Thanks,...

Ian Dunn: Bypassing CSV injection using new line charcter

whitewalker reported that esccsv could be bypassed by using %0A-3+3+cmd|' /C calc'!D2 as the payload. For example, the firstname parameter in the following request: curl -ik 'https://2016.misc.wordcamp.dev/tickets/?tixaction=checkouttix' -H 'Host: 2016.misc.wordcamp.dev' -H 'User-Agent: Mozilla/5...

Internet Bug Bounty: integer overflow in the _csv module's join_append_data function

I described this vulnerability in detail in a mail to the PSRT. A copy of my email, plus the fix for this issue, can be found here: https://bugs.python.org/issue27758...

CampTix Event Ticketing <= 1.4.2 - CSV Injection and XSS

The CampTix Event Ticketing WordPress plugin was affected by a CSV Injection and XSS security vulnerability...

DEBIAN-CVE-2016-5000

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

UBUNTU-CVE-2016-5000

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...