Lucene search
+L

107 matches found

Cvelist
Cvelist
added 2021/08/16 10:5 p.m.18 views

CVE-2021-37709 Insecure direct object reference of log files of the Import/Export feature

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...

6.5CVSS6.6AI score0.00774EPSS
Exploits0References2
NVD
NVD
added 2021/08/16 4:15 a.m.20 views

CVE-2021-38711

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...

7.5CVSS0.01258EPSS
Exploits0References2
OSV
OSV
added 2021/08/16 4:15 a.m.2 views

DEBIAN-CVE-2021-38711

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...

7.5CVSS7.3AI score0.01258EPSS
Exploits0References1
Prion
Prion
added 2021/08/16 4:15 a.m.12 views

Information disclosure

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...

5CVSS7.3AI score0.01258EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2021/08/16 4:15 a.m.38 views

CVE-2021-38711

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...

7.5CVSS7.1AI score0.01258EPSS
Exploits0References3
OSV
OSV
added 2021/08/16 4:15 a.m.33 views

UBUNTU-CVE-2021-38711

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...

7.5CVSS7.1AI score0.01258EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2021/08/16 3:18 a.m.23 views

CVE-2021-38711

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...

7.5CVSS7.3AI score0.01258EPSS
Exploits0
CNNVD
CNNVD
added 2021/08/16 12:0 a.m.3 views

gitit 安全漏洞

gitit is an open source wiki program written in Haskell. It uses Happstack as a web server and pandoc for markup processing. A security vulnerability exists in gitit versions prior to 0.15.0.0, which can be exploited to leak information from files using the export feature...

7.5CVSS7.3AI score0.01258EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.4 views

WordPress 代码注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code injection vulnerability exists in WordPress Plugin Speed Booster that stems from the product'...

7.2CVSS7.3AI score0.01721EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2021/04/05 11:15 p.m.2 views

CVE-2021-30141

Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid...

7.5CVSS7AI score0.01517EPSS
Exploits1References3
OSV
OSV
added 2021/03/12 7:15 p.m.4 views

CVE-2021-21085

Adobe Connect version 11.0.7 and earlier is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine...

7.8CVSS7AI score0.03738EPSS
Exploits0References1
Prion
Prion
added 2021/03/12 7:15 p.m.20 views

Input validation

Adobe Connect version 11.0.7 and earlier is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine...

6.8CVSS7.6AI score0.03738EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/12 6:14 p.m.30 views

CVE-2021-21085 Adobe Connect CSV injection via export feature could lead to code execution

Adobe Connect version 11.0.7 and earlier is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine...

7.8CVSS7.8AI score0.03738EPSS
Exploits0References1
OSV
OSV
added 2020/11/16 7:15 p.m.4 views

CVE-2020-26508

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI...

9.8CVSS7.3AI score0.01121EPSS
Exploits0References1
Prion
Prion
added 2020/11/16 7:15 p.m.16 views

Code injection

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI...

5CVSS9.3AI score0.01121EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/11/06 5:15 p.m.3 views

CVE-2020-25170

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...

7.8CVSS7.1AI score0.00965EPSS
Exploits0References1
Prion
Prion
added 2020/11/06 5:15 p.m.17 views

Design/Logic Flaw

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...

6.8CVSS8.3AI score0.00965EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/06 4:8 p.m.25 views

CVE-2020-25170 B. Braun OnlineSuite

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...

7.8AI score0.00965EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/07/04 4:51 a.m.10 views

Automattic: Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal

Summary: Hi team, If you upgraded your account, you can share your survey results via "Share" button. F893428 As you can see, I selected Results page on Allow access to the following. So user will access only Results page. But if user has the Export feature. User can export the restricted pages...

0.6AI score
Exploits0
CNVD
CNVD
added 2020/04/28 12:0 a.m.5 views

SolarWinds WebHelpDesk Code Injection Vulnerability

SolarWinds WebHelpDesk is a suite of helpdesk and asset management software from SolarWinds USA. The software supports centralized knowledge base, IT asset management, project and task management, and more. A security vulnerability exists in the export feature in SolarWinds WebHelpDesk version...

7.8CVSS6.9AI score0.01259EPSS
Exploits0References1
Rows per page
Query Builder