8690 matches found
CVE-2018-9107
CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export...
Next Generation Graphical Network Analyzer: Deplug
Deplug is a graphical network analyzer powered by web technologies. Features Cross-Platform macOS, Linux, Windows Web-based UI Built-in Package Manager SDK for JavaScript and Rust Concurrency Support Import / Export Deplug supports following formats by default. Pcap File .pcap Preferences...
Zonemaster Web GUI Cross-Site Scripting Vulnerability
Zonemaster Web GUI is an open source Web graphical user interface in the Zonemaster project . A cross-site scripting vulnerability exists in the lib/Zonemaster/GUI/Dancer/Export.pm file in Zonemaster Web GUI. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML...
Cross site scripting
lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS...
CVE-2018-7652
CVE-2018-7652 affects Zonemaster Web GUI, specifically lib/Zonemaster/GUI/Dancer/Export.pm, with a cross-site scripting (XSS) vulnerability present in versions before 1.0.11. The issue is triggered by unsanitized data in the Export.pm component, enabling injection of arbitrary script or HTML. Pub...
[SECURITY] Fedora 26 Update: phpMyAdmin-4.7.8-1.fc26
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Qualys Cloud Platform 2.32 New Features
This release of the Qualys Cloud Platform version 2.32 includes updates and new features for AssetView, EC2 Connector, File Integrity Monitoring, Indication of Compromise, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows. Post update...
UBUNTU-CVE-2018-1000028
Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server nfsd that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS...
Quest NetVault Backup Denial of Service Vulnerability
Quest NetVault Backup is a scalable data backup and recovery solution for organizations with multiple IT environments. A denial of service vulnerability exists in the handling of Export requests in Quest NetVault Backup 11.2.0.13. The vulnerability arises due to a failure to properly validate a...
CVE-2018-1162
This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw...
Design/Logic Flaw
This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw...
CVE-2018-1162
This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw...
Uniview - Remote Command Execution / Export Config (PoC) Vulnerability
Exploit for multiple platform in category remote exploits STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config...
WordPress Email Subscribers & Newsletters Plugin Information Disclosure Vulnerability
WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters plugin is used in one of the push message plugin. An information disclosure vulnerability exists in...
CVE-2018-6015
An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=viewallsubscribers in the body, allows downloading of a CSV data file with all subscriber data...
Wavecrack - Web Interface For Password Cracking With Hashcat
A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Screenshots The homepage Adding an hash to crack Seeing the results and some stats Outline This Web application can be used to launch asynchronous password cracks with hashcat. The...
CVE-2017-18049
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...
Design/Logic Flaw
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...
CVE-2017-18049
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...
CVE-2017-18049
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...