5077 matches found
Zendesk: CSV Excel Macro Injection Vulnerability in export chat logs
Scenario: An attacker creates a name as =AND21 with a fake email and with random text in the message body. This is similar to a vulnerability recently found in zendesk.com as well. When a team member clicks export as csv and opens it instead of seeing =AND21 they see TRUE. Meaning that cell is no...
Zendesk: CSV Excel Macro Injection Vulnerability in export customer tickets
Scenario: An attacker creates a name as =AND21 and creates a ticket. When a team member clicks export as csv and opens it instead of seeing =AND21 they see TRUE. This means that the cell is active. An attacker could basically attack makes a ticket, use -2+3+cmd|' /C calc'!E1 and could execute...
[SECURITY] Fedora 22 Update: phpMyAdmin-4.4.14.1-1.fc22
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Noriben - Your Personal, Portable Malware Sandbox
Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample's activities. Noriben...
WP Ultimate Csv Importer < 3.8.1 - XSS
The Import and Export WordPress Data as CSV or XML WordPress plugin was affected by a XSS security vulnerability...
WordPress Users to CSV plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. A cross-site request forgery vulnerability exists in the WordPress Users...
HackerOne: CSV Injection with the CVS export feature
The "Download as a CSV" feature of HackerOne does not properly "escape" fields. This allows an adversary to turn a field into active content so when a response team download the csv and opens it, the active content gets executed. Here is more information about this issue:...
Users to CSV <= 1.4.5 - Cross-Site Request Forgery (CSRF)
The users-to-csv WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability. http://www.example.com/wp-admin/users.php?page=users2csv.php&csv=true&table=users http://www.example.com/wp-admin/users.php?page=users2csv.php&csv=true&table=comments...
WordPress Users To CSV 1.4.5 Cross Site Request Forgery
Title: Cross-Site Request Forgery Vulnerability in Users to CSV Wordpress Plugin v1.4.5 Submitter: Nitin Venkatesh Product: Users to CSV Wordpress Plugin Product URL: https://wordpress.org/plugins/users-to-csv/ disabled Plugin SVN URL: https://plugins.svn.wordpress.org/users-to-csv/ active...
WordPress Users to CSV Plugin <= 1.4.5 - Cross Site Request Forgery (CSRF)
Because of this vulnerabiliy, user information can be exported via a GET request to users.php. Solution Disable the plugin...
WordPress Users to CSV Plugin <= 1.4.5 - Cross Site Request Forgery (CSRF)
Because of this vulnerabiliy, user information can be exported via a GET request to users.php. Solution Disable the plugin...
Chrome Autofill Viewer - Tool to View or Delete Autocomplete data from Google Chrome browser
Chrome Autofill Viewer is the free tool to easily see and delete all your autocomplete data from Google Chrome browser. Chrome stores Autofill entries typically form fields such as login name, pin, passwords, email, address, phone, credit/debit card number, search history etc in an internal...
[SECURITY] Fedora 20 Update: phpMyAdmin-4.4.6.1-1.fc20
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
CVE-2014-9204
Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file...
Stack overflow
Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file...
CVE-2014-9204
Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file...
CVE-2014-9204
CVE-2014-9204 affects Rockwell Automation RSLinx Classic OPCTest.exe prior to version 3.73.00. The flaw is a stack-based buffer overflow triggered by loading a crafted CSV file, which could crash the application or allow code execution when a user opens the file. Affected product is RSLinx Classi...
WordPress Ultimate CSV Importer Plugin <= 3.7.0 - Directory Traversal
Because of this vulnerability, the attackers can read files on the filesystem without authorization. Solution Update the plugin...
WP Ultimate CSV Importer < 3.7.1 - Directory Traversal
The Import and Export WordPress Data as CSV or XML WordPress plugin was affected by a Directory Traversal security vulnerability...
Moodle 2.0.x < 2.0.3 Multiple Vulnerabilities
Binary data 8710.prm...