CSV Injection Vulnerability

Impact In some circumstances, it was possible to export data in CSV format that could trigger a payload in old versions of Excel. If you are accepting user input from untrusted sources and will be exporting that data in CSV format from element index pages and there is a chance users will open tha...

CVE-2021-38180

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel CSV injection due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while...

Input validation

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel CSV injection due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while...

CVE-2021-38180

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel CSV injection due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while...

CVE-2021-38180

SAP Business One 10.0 is vulnerable to CSV injection during data export. The root cause is improper sanitation of exported data, enabling an attacker to inject formulas in CSV exports. If a victim opens the CSV in Excel with macros enabled and the security settings allow command execution, this c...

CSV injection in shuup

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

CVE-2021-25962

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

CVE-2021-25962

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

CVE-2021-25960

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...

Design/Logic Flaw

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

PYSEC-2021-355

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

CVE-2021-34647 Ninja Forms <= 3.5.7 Sensitive Information Disclosure

The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via t...

PT-2021-20615 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms WordPress plugin versions up to and including 3.5.7 Description: The issue allows authenticated attackers to export all Ninja Forms submissions data via the "/ninja-forms-submissions/export" REST API, which can include personally...

Dell Vnx2 Oe For File 日志信息泄露漏洞

Dell Vnx2 Oe For File is an operating environment from Dell, Inc. A sensitive information vulnerability exists in Dell VNX2 OE for File versions 8.1.21.266 and earlier, which stems from an application exporting too much data. An attacker could use this vulnerability to obtain log information...

MISP 命令注入漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A command injection vulnerability exists in MISP, which originates in the product...

Gitlab -- Vulnerabilities

Gitlab reports: Stored XSS in DataDog Integration Invited group members continue to have project access even after invited group is deleted Specially crafted requests to apollouploadserver middleware leads to denial of service Privilege escalation of an external user through project token Missing...

All Vulnerabilities for aulacensfe.edu.do Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| aulacensfe.edu.do ---|--- Open Bug Boun...

Welcart e-Commerce < 2.2.8 - Authenticated System Information Disclosure

The uscesdownloadsysteminformation AJAX action of the plugin did not have capability check in place, allowing any authenticated user such as subscriber to can export data including WordPress settings, theme and plugins active/inactive along with their version, Welcart general settings and payment...

Moodle 信息泄露漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the application exporting too much data. A remote attacker...

VAST - Visibility Across Space And Time

The network telemetry engine for data-driven security investigations. Getting Started — Installation — Documentation — Development — Changelog — License and Scientific Use Chat with us on Gitter, or join us on Matrix at tenzirvast:gitter.im. Key Features High-Throughput Ingestion : import numerou...