EUVD-1999-0166

Malware in sbrugna...

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection via the Quick Export process. An attacker can execute arbitrary commands on the victim's machine by injecting malicious formulas into fields that are later exported to CSV and opened in spreadsheet applications. This is on...

CVE-2024-13556

The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to...

WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.4 - Sensitive Data Exposure via Exported File vulnerability

Sensitive Data Exposure via Exported File vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.5.4...

CVE-2023-44318

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...

SUSE CVE-2005-3623

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAYSATTR privilege before setting access controls ACL on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems...

kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence

A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...

CVE-2018-10255

A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

CVE-1999-0166

The CVE-1999-0166 issue concerns NFS where a client can issue a "cd .." to escape the exported tree and access other directories beyond the intended NFS export. The connected sources describe it as an information-disclosure risk, potentially enabling an attacker to read files outside the exported...

PT-1991-1000 · Oracle · Sunos

Name of the Vulnerable Software and Affected Versions: SunOS affected versions not specified Description: The issue allows unauthorized access to the exported file system by guessing NFS file handles. Recommendations: At the moment, there is no information about a newer version that contains a fi...