8698 matches found
Design/Logic Flaw
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the userurl, displayname, firstname, and lastname columns in an exported CSV file created by the WFCustomerImpExpCsvExporter class...
CVE-2019-8447
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery CSRF vulnerability...
CVE-2019-8447
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery CSRF vulnerability...
CVE-2019-8447
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery CSRF vulnerability...
CVE-2019-8447
CVE-2019-8447 affects Atlassian Jira before 8.3.2, where the ServiceExecutor resource is vulnerable to CSRF, enabling remote attackers to trigger the creation of export files. The issue is noted in multiple sources (NVD entry; Jira RS-69776 ticket; Nessus summary for Jira
strip-curtains.com Open Redirect vulnerability
Security Researcher k0t Helped patch 2130 vulnerabilities Received 9 Coordinated Disclosure badges Received 95 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting strip-curtains.com website and its users. Following coordinate...
WordPress users-customers-import-export-for-wp-woocommerce plugin CSV injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. users-customers-import-export-for-wp-woocommerce is a user import/export plugin used in it. A CSV injection vulnerability exists in th...
CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
Design/Logic Flaw
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
Local File Disclosure via Word Export in Confluence Server - CVE-2019-3394
Confluence Server and Data Center had a local file disclosure vulnerability in the page export function. A remote attacker who has Add Page space permission would be able to read arbitrary files in the /confluence/WEB-INF/ directory and it's subdirectories, which may contain configuration files...
WordPress Tribulant Newsletters Plugin Path Traversal Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Tribulant Newsletters plugin is a full-featured newsletter plugin used in it. A path traversal vulnerability exists in the WordPress...
CVE-2019-14788
wp-admin/admin-ajax.php?action=newslettersexportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers11 parameter in conjunction with an exportfile=../ value...
CVE-2019-14800
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI...
CVE-2017-18510
The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions...
May 23, 2019—KB4499182 (Preview of Monthly Rollup)
May 23, 2019—KB4499182 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4499151 released May 14, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses an issue ...
Apache Ranger Cross-Site Request Forgery Vulnerability
Apache Ranger is a set of architectures from the Apache USA Software Foundation that implement comprehensive security measures for Hadoop clusters. The product provides centralized security policy management for core enterprise security requirements such as authorization, billing and data...
Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
Ghidra Linux 9.0.4 - .gar Arbitrary Code Execution import os import inspect import argparse import shutil from shutil import copyfile print"" print"" print"" print"" print"------------------CVE-2019-13623----------------" print"" print"" print""...
Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 - Multiple Issues
Unauthenticated option changes vulnerability that could allow an attacker to redirect all pages and posts of the blog to a malicious website, as well as an authenticated options export/deletion vulnerability...