WordPress Import CSV Plugin <= 1.0 - Cross Site Scripting

This WordPress plugin is prone to a cross-site scripting XSS vulnerability, because "alertmsg" parameter is not sanitized. Solution Update the plugin...

CSV Import 1.0 - Reflected Cross-Site Scripting (XSS)

The CSV Import WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

Cybozu Office Denial of Service Vulnerability (CNVD-2016-01263)

Cybozu Office is a WEB-based cross-platform office solution developed by Cybozu Japan. A denial of service vulnerability exists in Cybozu Office versions 9.9.0 through 10.3.0 that could allow an authenticated remote user to cause a denial of service via a crafted CSV file...

Zendesk: Chat History CSV Export Excel Injection Vulnerability

I have found a vulnerability in the Chat History export function. If an attacker submits a special name containing a system command when chatting with an agent and that agent later exports the history of that chat to CSV, the resulting CSV may execute commands when opened. I have tested this usin...

CVE-2015-8489

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service excessive database locking via a crafted CSV file, a different vulnerability than CVE-2016-1153...

Design/Logic Flaw

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service excessive database locking via a crafted CSV file, a different vulnerability than CVE-2016-1153...

CVE-2015-8489

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service excessive database locking via a crafted CSV file, a different vulnerability than CVE-2016-1153...

CVE-2015-8489

Cybozu Office up to 10.3.0 contains a DoS via a crafted CSV file that triggers excessive database locking. The affected range is 9.9.0–10.3.0, and exploitation requires remote authentication. The issue is explicitly described as a denial of service, with the potential impact limited to availabili...

WordPress User Meta Manager 3.4.6 Information Disclosure

Exploit Title: WordPress User Meta Manager Plugin Information Disclosure Discovery Date: 2015-12-28 Public Disclosure Date: 2016-02-01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://jasonlau.biz/home/ Software Link:...

WordPress User Meta Manager 3.4.6 Plugin - Information Disclosure

Exploit for php platform in category web applications Exploit Title: WordPress User Meta Manager Plugin Information Disclosure Discovery Date: 2015-12-28 Public Disclosure Date: 2016-02-01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...

[SECURITY] Fedora 23 Update: phpMyAdmin-4.5.4.1-1.fc23

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

FastIR Collector - Windows Incident Response Tool

This tool collects different artefacts on live Windows and records the results in csv files. With the analyses of this artefacts, an early compromission can be detected. Requirements pywin32 python WMI python psutil python yaml construct distorm3 hexdump pytz Execution ./fastIRx64.py -h for help...

WordPress Ultimate CSV Importer Plugin <= 3.8.6 - Reflected Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability, because "alertmsg" parameter is not sanitized. Solution Update the plugin...

WordPress Ultimate CSV Importer 3.8.6 Cross Site Scripting

FULL DISCLOSURE Product : WP-Ultimate CSV Importer Exploit Author : Rahul Pratap Singh Version : 3.8.6 Home page Link : https://wordpress.org/plugins/wp-ultimate-csv-importer Website Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date Date : 27/Jan/201...

WP Ultimate CSV Importer <= 3.8.6 - Reflected Cross-Site Scripting (XSS)

The Import and Export WordPress Data as CSV or XML WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

KeePass Password Safe Classic 1.29 - Crash

1 . run python code : python crash.py 2 . open “KeePass” 3 . File — New Create New Password Database 4 . File — Import — CSV File… 5 . open r3z4.csv 6 . Right Click on “R3Z4” username and edit 7 . Crashed crash.py: !/usr/bin/env python hdr = '"' start syntax hcr = "R3Z4" user oth = ',"' user oth2...

HackerOne: CSV Injection via the CSV export feature

Hi , I have managed to bypass your fix for 72785 by submitting a report with NewLine character 0x0a in the title before the CSV formula. Steps to reproduce: 1. As a researcher , Submit a report to a program with the title %0A-2+3+cmd|' /C calc'!D2 , here is an example request: POST...

Mageia: Security Advisory (MGASA-2016-0006)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated bugzilla packages fix security vulnerability

Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested...

KeePass Password Safe Classic 1.29 - Crash (PoC)

Exploit for windows platform in category dos / poc Title : KeePass Password Safe Classic 1.29 - Crash Proof Of Concept Affected Versions: All Version Founder : keepass.info Tested on Windows 7 / Server 2008 Download Link :...