8691 matches found
CVE-2017-18049
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software including Microsoft Excel. For example, the CSV data may contai...
CVE-2017-18049
In SilverStripe, the CSV export feature is vulnerable to Macro Injection, where output may contain macros or scripts susceptible to execution when opened in software like Microsoft Excel. Affected versions are before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1; the issue arises from un-saniti...
CVE-2017-16595
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...
CVE-2017-16595
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...
(0Day) Quest NetVault Backup Server Process Manager Service Export Method Directory Traversal Denial of Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within...
Unspecified Vulnerability in Apache Sling JCR ContentLoader XmlReader
Apache Sling JCR ContentLoader is the United States Apache Apache Software Foundation for the Java platform for a set of open source Web framework. The framework can be in the JCR Content Repository Java Content Repository on the creation of content-oriented applications . XmlReader is one of the...
CVE-2013-4364
1 oo-analytics-export and 2 oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp...
Design/Logic Flaw
1 oo-analytics-export and 2 oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp...
CVE-2013-4364
1 oo-analytics-export and 2 oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp...
Boost My Campaign 1.1 Information Disclosure
======================================================================================================= | Title : Boost My Campaign 1.1 Unauthenticated Administrative Access Vulnerability | | Author : indoushka | | email : [email protected] | | Tested on : windows 10 FranASSais V.Pro | |...
[SECURITY] Fedora 26 Update: phpMyAdmin-4.7.7-1.fc26
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
CVE-2018-3813
getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVIUSERID and AVIUSERPASSWORD fields via a direct request...
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince...
SilverStripe CMS 3.6.2 CSV Excel Macro Injection
Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: web...
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Websit...
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection
Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: web...
CVE-2017-14387
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings including the NFS export security flavor for authentication that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly...
CVE-2017-14387
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings including the NFS export security flavor for authentication that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly...
CVE-2017-14387
The CVE-2017-14387 issue concerns EMC Isilon OneFS NFS exports. The affected products are OneFS versions 8.1.0.0, 8.0.1.0–8.0.1.1, and 8.0.0.0–8.0.0.4. The flaw is that changes to the default NFS export security flavor are not consistently propagated to all new and existing NFS exports configured...
WordPress CSV Import-Export plugin <=1.1.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress CSV Import-Export plugin versions =1.1.0. Solution Dec 20, 2017 - we were unable to find a patched version of this plugin last updated three years ago. Uninstall or use it at your own risk...