43 matches found
Automattic: CSV Injection in polldaddy.com
Hello, We can inject commands in any fields of a member in an email group =210 for example, and when it's exported to CSV it will be evaluated to 20 in the corresponding cell, this enables an attacker to spread malware and execute system level commands on a victim's machine if the victim download...
CVE-2010-2092
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rraid parameter in a GET request in conjunction with a valid rraid value in a POST request or a cookie, which causes the POST or cookie value to bypass the...
CVE-2000-0088
CVE-2000-0088 describes a buffer overflow in the conversion utilities for Word 5 documents (Japanese, Korean and Chinese) that allows a local attacker to execute arbitrary commands. The vulnerability is identified as the "Malformed Conversion Data" issue. The available references indicate a high ...