56 matches found
EUVD-2020-17861
Malware in sbrugna...
CVE-2021-43515
CSV Injection aka Excel Macro Injection or Formula Injection exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file...
CVE-2021-43515
CSV Injection aka Excel Macro Injection or Formula Injection exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file...
CVE-2021-43515
CSV Injection aka Excel Macro Injection or Formula Injection exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file...
CVE-2021-43515
CVE-2021-43515 corresponds to a CSV Injection vulnerability in Kimai 2. The issue arises when creating a new timesheet and entering a payload in the Description field; during CSV export, this input is not sanitized and can be interpreted by spreadsheet programs (e.g., Excel) as formulas or comman...
Kimai 1.14 CSV Injection
Exploit Title: Kimai 1.14 - CSV Injection Date: 26/04/2021 Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.kimai.org/ Software Link: https://github.com/kevinpapst/kimai2 Version: 1.14 Payload: @SUM1+9cmd|' /C calc'!A0 Tested on: Win10x64 Proof Of Concept: CSV Injection aka Excel...
Kimai 1.14 - CSV Injection Vulnerability
Exploit Title: Kimai 1.14 - CSV Injection Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.kimai.org/ Software Link: https://github.com/kevinpapst/kimai2 Version: 1.14 Payload: @SUM1+9cmd|' /C calc'!A0 Tested on: Win10x64 Proof Of Concept: CSV Injection aka Excel Macro Injection or...
Tendenci 12.3.1 - CSV/ Formula Injection
Exploit Title: Tendenci 12.3.1 - CSV/ Formula Injection Date: 2020-10-29 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.tendenci.com/ Software Link: https://github.com/tendenci/tendenci Version: 12.3.1 Payload: =10+20+cmd|' /C calc'!A0 Tested on: Kali Linux 2020.3 Proof Of...
CVE-2020-25170
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...
Design/Logic Flaw
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...
CVE-2020-14026
CSV Injection aka Excel Macro Injection or Formula Injection exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export...
Design/Logic Flaw
CSV Injection aka Excel Macro Injection or Formula Injection exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export...
CVE-2020-14026
CSV Injection aka Excel Macro Injection or Formula Injection exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export...
CVE-2020-14026
CSV Injection in Ozeki NG SMS Gateway (Export Of Contacts CSV) up to version 4.17.6 is caused by mishandling values in CSV export. Several sources describe potential command execution when a malicious CSV is opened, indicating a high-severity issue with remote code execution implications in affec...
CVE-2020-13826
A CSV injection aka Excel Macro Injection or Formula Injection issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export...
CVE-2020-13826
A CSV injection aka Excel Macro Injection or Formula Injection issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export...
Design/Logic Flaw
A CSV injection aka Excel Macro Injection or Formula Injection issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export...
CVE-2020-13826
The CVE-2020-13826 entry concerns i-doit 1.14.2, where a CSV export mishandles the Title parameter, enabling CSV/Excel macro injection that could execute arbitrary commands. This is a vulnerability in the CSV export functionality, caused by unsafely embedded data in export output. Affected compon...
CVE-2020-13826
A CSV injection aka Excel Macro Injection or Formula Injection issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export...
Design/Logic Flaw
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external...