5077 matches found
Coinbase: Direct URL access to completed reports
Access to non-HTML contents such as CSV report is not restricted to authenticated users. Anyone would be able to access a CSV report by giving the direct URL and downloading it. The URL could be obtained from browser history. The following URL is an example...
KeePass Password Safe Classic 1.29 Buffer Overflow
Title : KeePass Password Safe Classic 1.29 - Crash Proof Of Concept Affected Versions: All Version Founder : keepass.info Tested on Windows 7 / Server 2008 Download Link : http://sourceforge.net/projects/keepass/files/KeePass%201.x/1.30/KeePass-1.30.zip Author : Mohammad Reza Espargham Linkedin :...
CVE-2015-8509
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code...
Code injection
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code...
CVE-2015-8509
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code...
CVE-2015-8509
CVE-2015-8509 affects Bugzilla templates (Template.pm) across Bugzilla 2.x, 3.x, 4.x up to 4.2.16/4.3.x and 4.4.x up to 4.4.11, and 4.5.x–5.0.x up to 5.0.2. The issue stems from improper CSV construction that, when a CSV is interpreted as JavaScript by a browser, may leak sensitive information. T...
FreeBSD : Bugzilla security issues (54075861-a95a-11e5-8b40-20cf30e32f6d)
Bugzilla Security Advisory During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap...
Cookiescanner - Tool to Check the Cookie Flag for a Multiple Sites
Tool to do more easy the web scan proccess to check if the secure and HTTPOnly flags are enabled in the cookies path and expires too. This tools allows probe multiple urls through a input file, by a google domain looking in all subdomains or by a unique url. Also, supports multiple output like...
Generate CSV Organizational Chart Data Using Manager Information
This module will generate a CSV file containing all users and their managers, which can be imported into Visio which will render it. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Generate CSV...
Shopify: CSV Excel Macro Injection Vulnerability in export list of current users - app.shopify.com
Hi , I have found that when a user tries to Export list of current users who installed his apps through: https://app.shopify.com/services/partners/apiclients//exportinstalledusers the fields of the CSV file are not properly escaped. which makes them vulnerable to CSV Excel Macro Injection...
WordPress Users Ultra Plugin 1.5.50 - Unrestricted File Upload
Because of this vulnerability, there is no sanitization for values in CSV file this file is accessible by anyone, all additional columns are in this file. In this way, an attacker can create and activate user accounts and compromise the whole site. Solution Upgrade the plugin...
WordPress Users Ultra 1.5.50 Unrestricted File Upload Vulnerability
WordPress Users Ultra plugin version 1.5.50 suffers from an unrestricted file upload vulnerability. Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact:...
WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload
WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...
WordPress Users Ultra 1.5.50 Unrestricted File Upload
Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link:...
WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload
Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link:...
WordPress Users Ultra Membership Plugin <= 1.5.58 - Unrestricted File Upload
Because of this vulnerability, any user can exploit a misbehavior of the plugin in order to upload csv files to the infected website. Solution Update the plugin...
Recovery Media Creation and Servers with Cluster Shared Volumes
Challenge The Windows Agent Backup job for a failover cluster node with a cluster shared volume displays the following notice: Skipping recovery media collection: cluster contains CSV disks Attempting to create recovery media manually using the Recovery Media Creator on the failover cluster node...
Automattic: CSV Injection in polldaddy.com
Hello, We can inject commands in any fields of a member in an email group =210 for example, and when it's exported to CSV it will be evaluated to 20 in the corresponding cell, this enables an attacker to spread malware and execute system level commands on a victim's machine if the victim download...
Trello: CSV Injection
Hello, We can inject commands in the name field of a board =210 for example, and when it's exported to CSV it will be evaluated to 20 in the corresponding cell, this enables an attacker to spread malware and execute system level commands on a victim's machine if the victim downloaded the CSV file...
Hyper-V crash consistent Backups/Replicas due to McAfee mfehidk driver
Challenge If McAfee FS minifilter MFEHIDK driver is loaded into Windows kernel, then it doesn't allow any other driver to load at lower altitudes, it only allows other drivers to load at higher altitudes, supposedly because of proactive defense logic of McAfee Antivirus. Therefore Veeam CBT drive...