CVE-2022-26867

Dell PowerStore (SW v2.1.1.0) allows exporting data to CSV/XLSX without validation or sanitization. A malicious, authenticated user can inject payloads that spreadsheet applications may interpret as formulas when opening the exported file. This is a formula-injection risk in data export functiona...

CVE-2022-26867

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...

CVE-2021-34588

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...

CVE-2021-34588

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...

Code injection

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...

CVE-2021-34588 Bender Charge Controller: Unprotected data export

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...

CVE-2021-34588

The CVE-2021-34588 issue affects Bender ebee Charge Controllers (CC612/CC613 series, ICC15xx/ICC16xx). It arises from an unprotected data export where the backup export is protected by a random key that is set at user login and becomes empty after reboot, enabling credential checks bypass and pri...

Bender ebee 充电控制器 安全漏洞

The ebee is a charge controller from Bender. A security vulnerability exists in the Bender ebee Charge Controller that stems from an unprotected data export. The backup export is protected by a random key. The key is set at user login. It is empty after a reboot. An attacker can exploit this...

CVE-2022-26867

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...

CVE-2022-29287

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

All Vulnerabilities for skhdt.hanam.gov.vn Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| skhdt.hanam.gov.vn ---|--- Open Bug...

SUSE-SU-2022:0769-1 Security update for libcaca

This update for libcaca fixes the following issues: - CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte bsc1184751, bsc1184752...

[SECURITY] Fedora 35 Update: phpMyAdmin-5.1.3-1.fc35

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and i...

Dell Wyse Device Agent 信息泄露漏洞

Wyse Device Agent is a unified agent for all thin client management solutions from Dell, U.S.A. Wyse Device Agent is vulnerable to an information disclosure vulnerability due to excessive data exported by the application. An attacker could exploit the vulnerability to access potentially sensitive...

CVE-2021-44793

CVE-2021-44793 affects Single Connect via the sc-reports-ui module, where an missing authorization check allows a remote attacker to access the device configuration page and export data. The attacker could potentially obtain sensitive information including database credentials; the database runs ...

CVE-2021-44793 Information Leakege via Unauthorized Access in Single Connect

Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to...

Kron Single Connect 安全漏洞

Kron Single Connect is a comprehensive Privileged Access Management Pam software suite from Kron Turkey. Designed to create a flexible, centrally managed and layered defense security architecture against insider threats. A security vulnerability exists in Kron Single Connect that stems from. Sing...

QNAP NAS 信息泄露漏洞

QNAP NAS is an accessible and fast storage solution from China Weilian Technology QNAP. QNAP NAS suffers from an information disclosure vulnerability that originates from an application exporting too much data. A remote attacker could exploit this vulnerability to gain unauthorized access to...

WordPress 插件安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin Contact Form Advanced Database 1.0.8 and earlier versions have a security bypass vulnerability that stems from the absence of any...

Synel Eharmonynew 授权问题漏洞

Synel Eharmonynew is a time and attendance system from Synel Israel. Synel eharmonynew suffers from an authorization issue vulnerability that stems from the ability to log in to the system using default credentials and export eHarmony system reports containing sensitive data employee names,...