9 matches found
CVE-2022-1539
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...
CVE-2022-1539
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...
CVE-2022-1539
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...
CVE-2022-1539 Exports and Reports < 0.9.2 - Contributor+ CSV Injection
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...
Serv-U FTP Server 15.1.7 CSV Injection Vulnerability
Exploit for windows platform in category web applications Issue: Serv-U FTP Server 15.1.7 CSV Injection Vulnerability CVE: CVE-2019-13181 Security researcher: Richard Tan @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.7 Fixed in: Serv-U 15.1.7 Hotfix 2...
Serv-U FTP Server 15.1.7 CSV Injection
Issue: CSV injection vulnerability CVE: CVE-2019-13181 Security researcher: Richard Tan @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.7 Fixed in: Serv-U 15.1.7 Hotfix 2 Overview The application allowed table entries to contain a string which could be...
UPDATE: Luckystrike 2.0!
PenTestIT RSS Feed My first post regarding this malicious Microsoft Office document generator was about an older version. However a few hours ago, an update was released - Luckystrike 2.0! Major highlights for this awesome release include full support for Microsoft Word in addition to a new COM...
FullContact BB #2 - CSV Excel Macro Injection Vulnerability
Document Title: =============== FullContact BB 2 - CSV Excel Macro Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1904 Release Date: ============= 2017-01-19 Vulnerability Laboratory ID VL-ID: ====================================...
BugCrowd CSV Injection
Description: A vulnerability in the file upload feature allows attackers to send malicious csv files. By using the Microsoft Excel DDE function an attacker can launch arbritary commands on the victims system. Many companies don't allow xslx or docx files to be uploaded by security testers, becaus...