8698 matches found
Code injection
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution...
CVE-2018-20468
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution...
CVE-2019-12765
An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...
Input validation
An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...
EUVD-2019-4349
An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...
CVE-2019-12765
An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...
CVE-2019-12765
CVE-2019-12765 affects Joomla! prior to 3.9.7. The issue is a CSV injection in the CSV export of the com_actionslogs component, caused by insufficient input validation during export. Public references (NVD/NIST, Nessus, OSV, CNVD, ENISA) confirm the vulnerability in Joomla! versions 3.9.0–3.9.6 (...
Brocade Network Advisor Vulnerabilities - US
Lenovo Security Advisory: LEN-25655 Potential Impact: Code execution, privilege escalation Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-6443, CVE-2018-6444, CVE-2018-6445, CVE-2019-6446 Summary Description: Vulnerabilities found in Brocade Network Advisor before versio...
CVE-2019-12134
CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...
CVE-2019-12134
CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...
CVE-2019-12134
CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...
leports114.com Cross Site Scripting vulnerability
Security Researcher calv1n Helped patch 22043 vulnerabilities Received 12 Coordinated Disclosure badges Received 37 recommendations , a holder of 12 badges for responsible and coordinated disclosure, found a security vulnerability affecting leports114.com website and its users. Following...
[SECURITY] Fedora 30 Update: drupal7-path_breadcrumbs-3.4-1.fc30
Path breadcrumbs module helps you to create breadcrumbs for any page with a ny selection rules and load any entity from the URL. Features Breadcrumbs navigation may be added to any kind of page: static example: node/1 or dynamic example: node/NID. You can load contexts from URL and use it like...
TableField - Moderately critical - Access bypass and Cross Site Scripting - SA-CONTRIB-2019-051
This module allows you to attach tabular data to an entity. Access bypass There's no access check for users with an "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities. This vulnerability is mitigated by the fact that an attacker must ha...
IPFinder CLI - The Official Command Line Client For IPFinder
The Official Command Line Client For IPFinder: Supports Single IP Address, asn, ranges, firewall as Input Supports Bulk Exports Results to Screen or to An Output File Supports IPv4 and IPv6 Supports ASN number , RANGES , Firewall Getting Started singing up for a free account at...
CVE-2019-11875
In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user...
WordPress FV Flowplayer Video Player plugin <= 7.3.14.727 - CSV Export vulnerability
CSV Export vulnerability found in WordPress FV Flowplayer Video Player plugin versions = 7.3.14.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.3.15.727...
FV Flowplayer Video Player <= 7.3.14.727 - CSV Export
Changelog states: Security - fix for email subscription CSV export capability available to guest users...
FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored XSS
The vulnerable function is exposed to unauthenticated users over wpajaxnoprivfvwpflowplayeremailsignup ajax hook. It saves anything that user provides in email POST parameter. PoC Send POST request to wp-admin/admin-ajax.php with body content: "[email protected]" The...
The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection, related to errors in processing the relative path to the directory, allows a hacker to execute arbitrary code.
The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection lies in errors in processing the relative path to the catalog during the export of repository content into an archive. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the server by...