615 matches found
CVE-2022-26867
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...
CVE-2022-26867
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...
CVE-2022-26867
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...
CVE-2022-26867
Dell PowerStore (SW v2.1.1.0) allows exporting data to CSV/XLSX without validation or sanitization. A malicious, authenticated user can inject payloads that spreadsheet applications may interpret as formulas when opening the exported file. This is a formula-injection risk in data export functiona...
CVE-2021-34588
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...
CVE-2021-34588
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...
Code injection
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...
CVE-2021-34588 Bender Charge Controller: Unprotected data export
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...
CVE-2021-34588
The CVE-2021-34588 issue affects Bender ebee Charge Controllers (CC612/CC613 series, ICC15xx/ICC16xx). It arises from an unprotected data export where the backup export is protected by a random key that is set at user login and becomes empty after reboot, enabling credential checks bypass and pri...
Bender ebee 充电控制器 安全漏洞
The ebee is a charge controller from Bender. A security vulnerability exists in the Bender ebee Charge Controller that stems from an unprotected data export. The backup export is protected by a random key. The key is set at user login. It is empty after a reboot. An attacker can exploit this...
CVE-2022-26867
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...
CVE-2022-29287
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...
All Vulnerabilities for skhdt.hanam.gov.vn Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| skhdt.hanam.gov.vn ---|--- Open Bug...
SUSE-SU-2022:0769-1 Security update for libcaca
This update for libcaca fixes the following issues: - CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte bsc1184751, bsc1184752...
[SECURITY] Fedora 35 Update: phpMyAdmin-5.1.3-1.fc35
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and i...
Dell Wyse Device Agent 信息泄露漏洞
Wyse Device Agent is a unified agent for all thin client management solutions from Dell, U.S.A. Wyse Device Agent is vulnerable to an information disclosure vulnerability due to excessive data exported by the application. An attacker could exploit the vulnerability to access potentially sensitive...
CVE-2021-44793 Information Leakege via Unauthorized Access in Single Connect
Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to...
CVE-2021-44793
CVE-2021-44793 affects Single Connect via the sc-reports-ui module, where an missing authorization check allows a remote attacker to access the device configuration page and export data. The attacker could potentially obtain sensitive information including database credentials; the database runs ...
Kron Single Connect 安全漏洞
Kron Single Connect is a comprehensive Privileged Access Management Pam software suite from Kron Turkey. Designed to create a flexible, centrally managed and layered defense security architecture against insider threats. A security vulnerability exists in Kron Single Connect that stems from. Sing...
QNAP NAS 信息泄露漏洞
QNAP NAS is an accessible and fast storage solution from China Weilian Technology QNAP. QNAP NAS suffers from an information disclosure vulnerability that originates from an application exporting too much data. A remote attacker could exploit this vulnerability to gain unauthorized access to...