8696 matches found
Design/Logic Flaw
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...
CVE-2018-15571
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...
CVE-2018-15571
The CVE-2018-15571 entry concerns the WordPress Export Users to CSV plugin (versions up to 1.1.1). The connected documents confirm a CSV injection vulnerability in the plugin, enabling an attacker to craft CSV fields that execute commands when a CSV file is opened by a user with sufficient privil...
Arbitrary File Deletion Vulnerability in LibreHealthIO LH-EHR
LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file deletion vulnerability exists in the export template in the LibreHealthIO LH-EHR REL-2.0.0 release. An attacker can exploit this vulnerability to cause a denial of servic...
Arbitrary File Write Vulnerability in LibreHealthIO LH-EHR
LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file write vulnerability exists in the export template in the LibreHealthIO LH-HER REL-2.0.0 release. An attacker can exploit this vulnerability to write files with malicious...
Wordpress Plugin Ninja Forms CSV Injection Vulnerability
WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Software Foundation, which supports personal blog sites on servers with PHP and MySQL. Ninja Forms is the ultimate free form creation tool for WordPress. A CSV injection vulnerability exists in WordPress Nin...
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection
Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and before Active...
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link:...
WordPress Export Users To CSV 1.1.1 CSV Injection
Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version: 1.1.1 and before Acti...
Wordpress Export Users to CSV 1.1.1 Plugin - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version:...
Export Users to CSV <= 1.1.1 - CSV Injection
WordPress Export users to CSV plugin version 1.1.1. and before are affected by Remote Code Execution through the CSV injection vulnerability. This allows an application user to inject commands as part of the fields of his profile and these commands are executed when a user with greater privilege...
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection
Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version: 1.1.1 and before Acti...
August 14, 2018—KB4343892 (OS Build 10240.17946)
August 14, 2018—KB4343892 OS Build 10240.17946 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against a new speculative execution side-channel vulnerability known as ...
Serve DLL via webdav server
This module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module creates a webdav server that hosts a dll file. When the user types the provided rundll32 command on a system, rundll32 will load the dll remotly and execute the provided export function. The export...
CVE-2018-5490
Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release...
CVE-2018-5490
Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, and Rational Developer for Power Systems Software (CVE-2015-0138, CVE-2015-0410, CVE-2015-0400, CVE-2014-6593)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7 that are used by Rational Developer for i, Rational Developer for AIX and Linux, and Rational Developer for Power Systems Software. These issues were disclosed as part of the IBM Java SDK updates in...
TI Online Examination System 2 Arbitrary File Download
Exploit Title: TI Online Examination System v2 - Arbitrary File Download Dork: N/A Date: 02.08.2018 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor Homepage: https://codecanyon.net/item/ti-online-examination-system-v2/11248904 Version: 2.0 Category: Webapps Tested on: Kali linux Description : Th...
Foxit Reader Arbitrary File Write Remote Code Execution Vulnerability (CNVD-2018-15093)
Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...
CVE-2018-14280
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...