5077 matches found
Windows Mapped Network Drives
Nessus was able to generate a report of mapped network drives on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid92422; scriptversion"1.6"; scriptcvsdate"Date: 2018/11/15 20:50:27"; scriptnameenglish:"Windows Mapped Network Drives";...
Microsoft Office Macros Configuration
Nessus was able to collect Office macro configuration information for active accounts on the remote Windows host and generate a report as a CSV attachment. C Tenable Network Security, Inc. include"compat.inc"; if !definedfunc"nasllevel" || nasllevel 5200 exit0, "Not Nessus 5.2+"; if description...
Microsoft Windows Environment Variables
Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment. C Tenable, Inc. include"compat.inc"; if description scriptid92364; scriptversion"1.14"; scriptsetattributeattribute:"pluginmodificationdate",...
Microsoft Windows Scripting Host Settings
Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid92368; scriptversion"1.5"; scriptcvsdate"Date: 2018/05/23 16:10:01"...
Explorer Search History
Nessus was able to gather evidence of cached search results from Windows Explorer searches. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid92439; scriptversion"1.6"; scriptcvsdate"Date: 2018/11/15 20:50:27"; scriptnameenglish:"Explorer Search History";...
Internet Explorer Typed URLs
Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar. C Tenable Network Security, Inc. include"compat.inc"; if !definedfunc"nasllevel" || nasllevel 5200 exit0, "Not Nessus 5.2+"; if description scriptid92421; scriptversion"1.6";...
Ian Dunn: CSV Injection at Camptix Event Ticketing
Hi, As you mentioned the scope of vulnerability as Any plugin listed on my WordPress.org profile. I am reporting this issue. I have seen from your WordPress.org profile the second plugin listed is Camptix Event Ticketing So I looked at the source code of the plugin...
HPE LoadRunner Virtual Table Server import_csv Remote File Deletion DoS
The Hewlett Packard Enterprise HPE LoadRunner Virtual Table Server application running on the remote host is affected by a flaw in the importcsv feature due to a failure to restrict file paths sent to an unlink call. An unauthenticated, remote attacker can exploit this to delete arbitrary files o...
[SECURITY] Fedora 22 Update: phpMyAdmin-4.6.3-1.fc22
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Pornhub: RCE Possible Via Video Manager Export using @ character in Video Title
The researcher identified that it was possible to inject arbitrary characters into video titles, that when exported via video manager would result in client-side code execution. The researcher was successful in getting a pingback from a meterpreter shell on the victim's machine. Essentially using...
[SECURITY] Fedora 24 Update: phpMyAdmin-4.6.2-1.fc24
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
HP LoadRunner 11.52 / 12.00 / 12.01 / 12.02 / 12.50 Multiple Vulnerabilities
The version of HP LoadRunner installed on the remote Windows host is 11.52, 12.00, 12.01, 12.02, or 12.50, without the HPSBGN03609 hotfix. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists in mchan.dll due to a failure to validate the size of a user-supplied...
CVE-2016-4360
web/admin/data.js in the Performance Center Virtual Table Server VTS component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through...
WordPress Stream Plugin <= 3.0.5 - Unauthenticated Events Export
Because of this vulnerability, unauthenticated users can export CSV or JSON of recent events. Solution Update the plugin...
WordPress CSV Import Plugin Cross-Site Scripting
A cross-site scripting vulnerability exists in WordPress CSV Import Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Pornhub: CSV Macro injection in Video Manager (CEMI)
Missing character escaping in video title delivery of an executable CSV payload to when exporting stats to file...
IPGeoLocation - A tool to retrieve IP Geolocation information
A tool to retrieve IP Geolocation information Powered by ip-api Requirements Python 3.x Features Retrieve IP or Domain Geolocation. Retrieve your own IP Geolocation. Retrieve Geolocation for IPs or Domains loaded from file. Each target in new line. Define your own custom User Agent string. Select...
Tsusen - Network Traffic Sensor
Tsusen 津波センサー is a standalone network sensor made for gathering information from the regular traffic coming from the outside i.e. Internet on a daily basis e.g. mass-scans, service-scanners, etc.. Any disturbances should be closely watched for as those can become a good prediction base of...
WordPress Import CSV Plugin 1.0 - Directory Traversal
No description provided by source...
Moneybird: CSV Injection with the CSV export feature
This researcher pointed at that is was possible to include formulas in the CSV export of Moneybird. Because these CSV files are interpreted by Excel, the formulas are executed on the clients computer. We are now filtering the input into the CSV export to prevent this behaviour...