Advantech WebAccess/SCADA 代码注入漏洞

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An arbitrary file overwrite vulnerability exist...

Open-AudIT 2.1 - CSV Macro Injection

Open-AudIT 2.1 - CSV Macro Injection Hi Guys, Exploit Title: Open-AudIT 2.1 - CSV Macro Injection Vulnerability Google Dork: N/A Date: 21-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://opmantek.com Software Link:...

Ian Dunn: Bypass fix in https://hackerone.com/reports/151516 report.

Hi. Steps to reproduce: 1. The same in previous https://hackerone.com/reports/151516 report. 2. But payload to bypass your fix would be like this: ;=cmd|' /C calc'!A0 Solution: 1. Add ; in your escape function esccsv on line 2858 of camptix.php References: 1...

Zendesk: Chat History CSV Export Excel Injection Vulnerability

I have found a vulnerability in the Chat History export function. If an attacker submits a special name containing a system command when chatting with an agent and that agent later exports the history of that chat to CSV, the resulting CSV may execute commands when opened. I have tested this usin...