Lucene search
K

8698 matches found

Prion
Prion
added 2019/06/17 2:15 p.m.12 views

Code injection

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution...

6.8CVSS9AI score0.02223EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/06/17 1:35 p.m.15 views

CVE-2018-20468

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution...

9AI score0.02223EPSS
Exploits1References1
NVD
NVD
added 2019/06/11 7:29 p.m.24 views

CVE-2019-12765

An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...

9.8CVSS9.6AI score0.1049EPSS
Exploits1References2
Prion
Prion
added 2019/06/11 7:29 p.m.25 views

Input validation

An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...

7.5CVSS9.6AI score0.1049EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2019/06/11 6:35 p.m.7 views

EUVD-2019-4349

An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...

9.8CVSS9.5AI score0.1049EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/06/11 6:35 p.m.27 views

CVE-2019-12765

An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...

9.6AI score0.1049EPSS
Exploits1References2
CVE
CVE
added 2019/06/11 6:35 p.m.232 views

CVE-2019-12765

CVE-2019-12765 affects Joomla! prior to 3.9.7. The issue is a CSV injection in the CSV export of the com_actionslogs component, caused by insufficient input validation during export. Public references (NVD/NIST, Nessus, OSV, CNVD, ENISA) confirm the vulnerability in Joomla! versions 3.9.0–3.9.6 (...

9.8CVSS9.5AI score0.1049EPSS
Exploits1References2Affected Software1
Lenovo
Lenovo
added 2019/06/10 3:6 p.m.154 views

Brocade Network Advisor Vulnerabilities - US

Lenovo Security Advisory: LEN-25655 Potential Impact: Code execution, privilege escalation Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-6443, CVE-2018-6444, CVE-2018-6445, CVE-2019-6446 Summary Description: Vulnerabilities found in Brocade Network Advisor before versio...

10CVSS3.2AI score0.17078EPSS
Exploits6
OSV
OSV
added 2019/06/06 2:29 p.m.4 views

CVE-2019-12134

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...

8.8CVSS7.3AI score0.01411EPSS
Exploits0References1
NVD
NVD
added 2019/06/06 2:29 p.m.17 views

CVE-2019-12134

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...

8.8CVSS8.8AI score0.01411EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/06/06 1:27 p.m.23 views

CVE-2019-12134

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...

8.8AI score0.01411EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2019/06/05 11:18 a.m.10 views

leports114.com Cross Site Scripting vulnerability

Security Researcher calv1n Helped patch 22043 vulnerabilities Received 12 Coordinated Disclosure badges Received 37 recommendations , a holder of 12 badges for responsible and coordinated disclosure, found a security vulnerability affecting leports114.com website and its users. Following...

0.2AI score
Exploits0
Fedora
Fedora
added 2019/06/02 12:55 a.m.13 views

[SECURITY] Fedora 30 Update: drupal7-path_breadcrumbs-3.4-1.fc30

Path breadcrumbs module helps you to create breadcrumbs for any page with a ny selection rules and load any entity from the URL. Features Breadcrumbs navigation may be added to any kind of page: static example: node/1 or dynamic example: node/NID. You can load contexts from URL and use it like...

0.4AI score
Exploits0
Drupal
Drupal
added 2019/05/29 12:0 a.m.17 views

TableField - Moderately critical - Access bypass and Cross Site Scripting - SA-CONTRIB-2019-051

This module allows you to attach tabular data to an entity. Access bypass There's no access check for users with an "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities. This vulnerability is mitigated by the fact that an attacker must ha...

5.8AI score
Exploits0References8
Kitploit
Kitploit
added 2019/05/24 10:28 p.m.243 views

IPFinder CLI - The Official Command Line Client For IPFinder

The Official Command Line Client For IPFinder: Supports Single IP Address, asn, ranges, firewall as Input Supports Bulk Exports Results to Screen or to An Output File Supports IPv4 and IPv6 Supports ASN number , RANGES , Firewall Getting Started singing up for a free account at...

7.5AI score
Exploits0References3
OSV
OSV
added 2019/05/24 4:29 p.m.2 views

CVE-2019-11875

In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user...

8.8CVSS5.8AI score0.02273EPSS
Exploits2References2
Patchstack
Patchstack
added 2019/05/21 12:0 a.m.13 views

WordPress FV Flowplayer Video Player plugin <= 7.3.14.727 - CSV Export vulnerability

CSV Export vulnerability found in WordPress FV Flowplayer Video Player plugin versions = 7.3.14.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.3.15.727...

3.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/20 12:0 a.m.10 views

FV Flowplayer Video Player <= 7.3.14.727 - CSV Export

Changelog states: Security - fix for email subscription CSV export capability available to guest users...

2.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/20 12:0 a.m.24 views

FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored XSS

The vulnerable function is exposed to unauthenticated users over wpajaxnoprivfvwpflowplayeremailsignup ajax hook. It saves anything that user provides in email POST parameter. PoC Send POST request to wp-admin/admin-ajax.php with body content: "[email protected]" The...

4.3CVSS2.3AI score0.02022EPSS
Exploits2References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/05/06 12:0 a.m.3 views

The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection, related to errors in processing the relative path to the directory, allows a hacker to execute arbitrary code.

The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection lies in errors in processing the relative path to the catalog during the export of repository content into an archive. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the server by...

5CVSS6AI score
Exploits0Affected Software1
Rows per page
Query Builder