Lucene search
K

8691 matches found

Cvelist
Cvelist
added 2018/01/23 6:0 a.m.21 views

CVE-2017-18049

In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...

5.3AI score0.00916EPSS
Exploits1References2
CVE
CVE
added 2018/01/23 6:0 a.m.53 views

CVE-2017-18049

In SilverStripe, the CSV export feature is vulnerable to Macro Injection, where output may contain macros or scripts susceptible to execution when opened in software like Microsoft Excel. Affected versions are before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1; the issue arises from un-saniti...

5.5CVSS5.3AI score0.00916EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/01/23 1:29 a.m.2 views

CVE-2017-16595

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...

6.5CVSS4.9AI score0.03455EPSS
Exploits0References2
OSV
OSV
added 2018/01/23 1:29 a.m.3 views

CVE-2017-16595

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...

6.5CVSS5.3AI score0.03455EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2018/01/16 12:0 a.m.33 views

(0Day) Quest NetVault Backup Server Process Manager Service Export Method Directory Traversal Denial of Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within...

8.5CVSS7.8AI score0.05029EPSS
Exploits0
CNVD
CNVD
added 2018/01/11 12:0 a.m.2 views

Unspecified Vulnerability in Apache Sling JCR ContentLoader XmlReader

Apache Sling JCR ContentLoader is the United States Apache Apache Software Foundation for the Java platform for a set of open source Web framework. The framework can be in the JCR Content Repository Java Content Repository on the creation of content-oriented applications . XmlReader is one of the...

7.5CVSS6.7AI score0.03143EPSS
Exploits0References1
NVD
NVD
added 2018/01/08 7:29 p.m.22 views

CVE-2013-4364

1 oo-analytics-export and 2 oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp...

7.8CVSS7.8AI score0.00414EPSS
Exploits0References1
Prion
Prion
added 2018/01/08 7:29 p.m.17 views

Design/Logic Flaw

1 oo-analytics-export and 2 oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp...

7.2CVSS7.1AI score0.00414EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/01/08 7:0 p.m.22 views

CVE-2013-4364

1 oo-analytics-export and 2 oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp...

7.8AI score0.00414EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2018/01/04 12:0 a.m.34 views

Boost My Campaign 1.1 Information Disclosure

======================================================================================================= | Title : Boost My Campaign 1.1 Unauthenticated Administrative Access Vulnerability | | Author : indoushka | | email : [email protected] | | Tested on : windows 10 FranASSais V.Pro | |...

7.1AI score
Exploits0
Fedora
Fedora
added 2018/01/02 4:29 p.m.22 views

[SECURITY] Fedora 26 Update: phpMyAdmin-4.7.7-1.fc26

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

1.3AI score
Exploits0
NVD
NVD
added 2018/01/01 8:29 p.m.11 views

CVE-2018-3813

getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVIUSERID and AVIUSERPASSWORD fields via a direct request...

9.8CVSS9.5AI score0.01186EPSS
Exploits1References1
0day.today
0day.today
added 2017/12/27 12:0 a.m.26 views

SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/12/26 12:0 a.m.39 views

SilverStripe CMS 3.6.2 CSV Excel Macro Injection

Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: web...

Exploits0
exploitpack
exploitpack
added 2017/12/26 12:0 a.m.39 views

SilverStripe CMS 3.6.2 - CSV Excel Macro Injection

SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Websit...

Exploits0
Exploit DB
Exploit DB
added 2017/12/26 12:0 a.m.45 views

SilverStripe CMS 3.6.2 - CSV Excel Macro Injection

Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: web...

7.4AI score
Exploits0
NVD
NVD
added 2017/12/20 11:29 p.m.18 views

CVE-2017-14387

The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings including the NFS export security flavor for authentication that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly...

6.5CVSS6.4AI score0.00914EPSS
Exploits0References2
OSV
OSV
added 2017/12/20 11:29 p.m.4 views

CVE-2017-14387

The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings including the NFS export security flavor for authentication that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly...

6.5CVSS5.8AI score0.00914EPSS
Exploits0References2
CVE
CVE
added 2017/12/20 11:0 p.m.50 views

CVE-2017-14387

The CVE-2017-14387 issue concerns EMC Isilon OneFS NFS exports. The affected products are OneFS versions 8.1.0.0, 8.0.1.0–8.0.1.1, and 8.0.0.0–8.0.0.4. The flaw is that changes to the default NFS export security flavor are not consistently propagated to all new and existing NFS exports configured...

6.5CVSS6.4AI score0.00914EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2017/12/20 12:0 a.m.21 views

WordPress CSV Import-Export plugin <=1.1.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress CSV Import-Export plugin versions =1.1.0. Solution Dec 20, 2017 - we were unable to find a patched version of this plugin last updated three years ago. Uninstall or use it at your own risk...

6.1CVSS1.5AI score0.00845EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder