Import Export WordPress Users < 1.3.9 - Authenticated Arbitrary User Creation

"The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users" providing subscriber-level users and above with the ability to escalate their privileges. PoC POST /wp-admin/admin-ajax.php?importpage=wordpresshfusercsv=3...

WordPress Import Export WordPress Users plugin <= 1.3.8 - Arbitrary User Creation vulnerability

Arbitrary User Creation vulnerability discovered by WordFence in WordPress Import Export WordPress Users plugin versions = 1.3.8. Solution Update the WordPress Import Export WordPress Users plugin to the latest available version at least 1.3.9...

UBUNTU-CVE-2020-6813

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox 74...

WordPress Comments Import & Export plugin <= 2.1.10 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by WordFence in WordPress Comments Import & Export plugin versions = 2.1.10. Solution Update the WordPress Comments Import & Export plugin to the latest available version at least 2.1.11...

Multiple WebToffee Plugins - Cross-Site Request Forgery (CSRF) Issue

From https://www.wordfence.com/blog/2020/03/vulnerability-patched-in-import-export-wordpress-users/ at the bottom "Several additional WooCommerce-centric import/export plugins from WebToffee used the same import functionality. However, they were unable to be activated unless WooCommerce was...

UBUNTU-CVE-2019-12445

An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS...

SUSE SLED12 Security Update : gimp (SUSE-SU-2020:0601-1)

This update for gimp fixes the following issues : Fix for crashing due to segmentation fault caused by importing ghostscript files. bsc1161998 Security issues fixed: CVE-2017-17785: Fixed an heap-based buffer overflow in FLI import bsc1073625 CVE-2017-17786: Fixed an out-of-bounds read in TGA...

CVE-2020-9457

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to import custom vulnerable forms and change form settings via classrmformsettingscontroller.php, resulting in privilege escalation...

Ubiquiti Configuration Importer

This module imports an Ubiquiti device configuration. The db file within the .unf backup is the data file for Unifi. This module can take either the db file or .unf...

Citrix App Layering - Error while trying to import layers

While trying to import layers, App Layering console displays an error: "An unexpected exception occurred. If this problem continues, contact Technical Support and provide them with the details of this exception". Looking at the ELM Web logs, we might see the below errors: ERROR 2832HandlerHelper:...

EulerOS 2.0 SP8 : git (EulerOS-SA-2020-1151)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The...

Free import of AWS CloudTrail logs through June 2020 and other exciting Azure Sentinel updates

SecOps teams are increasingly challenged to protect assets across distributed environments, analyze the growing volume of security data, and prioritize response to real threats. As a cloud-native SIEM solution security information and event management, Azure Sentinel uses artificial intelligence ...

CVE-2016-1000004

Insufficient type checks were employed prior to casting input data in SimpleXMLElementexportNode and simplexmlimportdom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 inclusive, and all versions between 3.13.0 and 3.14.1 inclusive...

UBUNTU-CVE-2016-1000004

Insufficient type checks were employed prior to casting input data in SimpleXMLElementexportNode and simplexmlimportdom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 inclusive, and all versions between 3.13.0 and 3.14.1 inclusive...

WordPress Advanced Import plugin <= 1.0.7 - Unauthenticated Database Reset vulnerability leading to Privilege Escalation

Unauthenticated Database Reset vulnerability leading to Privilege Escalation discovered by NinTechNet in WordPress Advanced Import plugin versions = 1.0.7. Solution Update the WordPress Advanced Import plugin to the latest available version at least 1.0.8...

CVE-2020-9012

A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

CVE-2020-9012

Technical details governing CVE-2020-9012 (affected products, versions, root cause, fix) are not publicly provided in the supplied Connected documents. Monitor for updates from official advisories.

CVE-2020-9012

A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

[SECURITY] Fedora 31 Update: php-horde-Horde-Data-2.1.5-1.fc31

A data import and export API, with backends for: CSV TSV iCalendar vCard vNote vTodo...

Fedora: Security Advisory for php-horde-Horde-Data (FEDORA-2020-0248ad925e)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...