5077 matches found
WordPress Import CSV Directory Traversal Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...
CVE-2015-5349
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...
Design/Logic Flaw
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...
CVE-2015-5349
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...
CVE-2015-5349
CVE-2015-5349 : The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet. ...
CVE-2015-5349
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...
BugCrowd CSV Injection
Description: A vulnerability in the file upload feature allows attackers to send malicious csv files. By using the Microsoft Excel DDE function an attacker can launch arbritary commands on the victims system. Many companies don't allow xslx or docx files to be uploaded by security testers, becaus...
CSV Viewer - Dangerous filesystem permissions, GPL license, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application CSV Viewer published at the 'play' market has multiple vulnerabilities...
New Relic: CSV Injection in sub_accounts.csv
As an admin of a company, I can set my company name to be something like "=1+1", which, when downloaded by me or anyone else with permission to access that file, will execute and show "2" in the excel file. While this may seem safe, I am able to make the name something more malicious, such as...
Uber: CSV Injection in business.uber.com
business.uber.com allows for names to begin with an = which allows for injection of formulas into the downloaded CSVs. I wasn't quite sure what to categorize this as since there are two main problems with allowing injection of formulas into a CSV: 1. It allows for data exfiltration through...
WordPress Import CSV 1.1 Directory Traversal
Exploit Title: Wordpress Import CSV | Directory Traversal Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip Stable Tag: 1.1 Tested on: Xampp on Windows7 Version Disclosure...
WordPress Plugin Import CSV 1.0 - Directory Traversal
WordPress Plugin Import CSV 1.0 - Directory Traversal Exploit Title: Wordpress Import CSV | Directory Traversal Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip Stable Tag: 1.1 Tested...
WordPress Import CSV Plugin 1.0 - Directory Traversal
This Import CSV plugin is prone to a directory-traversal vulnerability. It fails to clean up user-supplied input. Using this plugin allows an attacker to obtain an important information which could aid in further attacks. Solution Upgrade the plugin...
WordPress Import CSV 1.0 Plugin - Directory Traversal
Exploit for php platform in category web applications Exploit Title: Wordpress Import CSV | Directory Traversal Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip Stable Tag: 1.1 Tested...
WordPress Plugin Import CSV 1.0 - Directory Traversal
Exploit Title: Wordpress Import CSV | Directory Traversal Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip Stable Tag: 1.1 Tested on: Xampp on Windows7 Version Disclosure...
HackerOne: CSV Injection via the CSV export feature
I've bypassed 111192 by using this string ";=cmd|' /C calc'!A0" without doublequotes. Steps to reproduce are as in 111192. Tested in excel 2003-2013...
Fedora 23 : bugzilla-4.4.11-1.fc23 (2015-247b517a18)
The following security issues have been discovered in Bugzilla: Unfiltered HTML injected into a dependency graph could be used to create a cross-site scripting attack. Some web browsers incorrectly parse CSV files as valid JavaScript code which could lead to data leak. This updates fixes these...
HackerOne: CSV Injection at the CSV export feature
Hi there, I have find a way to bypass the mitigation done in 72785 and 111192. What happens if an attacker creates a Ticket with the Tittle ":";-3+3+cmd|' /C calc'!D2. The ; will break the field making excel think that there are two fields. Although, you are using "" to encapsulate a field and , ...
WordPress CSV Import 1.0 Cross Site Scripting
FULL DISCLOSURE Product : CSV Import Exploit Author : Rahul Pratap Singh Version : 1.0 Home page Link : https://wordpress.org/plugins/csv-import/ Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 23/Feb/2016 XSS Vulnerability:...
Shopify: Injection via CSV Export feature in Admin Orders
i found out that the filtering of "=,-,+" is not working in all data. there's a way to bypass it. 1. Create a product with title =cmd|' /C calc'!'D2' 2. Add variants more than 2 variants then save it. 3. Go to Orders Create Order 4. search the product we made =cmd|' /C calc'!'D2' 5. Add 2 variant...