107 matches found
CVE-2021-37709 Insecure direct object reference of log files of the Import/Export feature
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...
CVE-2021-38711
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...
DEBIAN-CVE-2021-38711
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...
Information disclosure
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...
CVE-2021-38711
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...
UBUNTU-CVE-2021-38711
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...
CVE-2021-38711
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files...
gitit 安全漏洞
gitit is an open source wiki program written in Haskell. It uses Happstack as a web server and pandoc for markup processing. A security vulnerability exists in gitit versions prior to 0.15.0.0, which can be exploited to leak information from files using the export feature...
WordPress 代码注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code injection vulnerability exists in WordPress Plugin Speed Booster that stems from the product'...
CVE-2021-30141
Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid...
CVE-2021-21085
Adobe Connect version 11.0.7 and earlier is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine...
Input validation
Adobe Connect version 11.0.7 and earlier is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine...
CVE-2021-21085 Adobe Connect CSV injection via export feature could lead to code execution
Adobe Connect version 11.0.7 and earlier is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine...
CVE-2020-26508
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI...
Code injection
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI...
CVE-2020-25170
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...
Design/Logic Flaw
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...
CVE-2020-25170 B. Braun OnlineSuite
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...
Automattic: Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal
Summary: Hi team, If you upgraded your account, you can share your survey results via "Share" button. F893428 As you can see, I selected Results page on Allow access to the following. So user will access only Results page. But if user has the Export feature. User can export the restricted pages...
SolarWinds WebHelpDesk Code Injection Vulnerability
SolarWinds WebHelpDesk is a suite of helpdesk and asset management software from SolarWinds USA. The software supports centralized knowledge base, IT asset management, project and task management, and more. A security vulnerability exists in the export feature in SolarWinds WebHelpDesk version...