CVE-2019-14683

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...

CVE-2019-14679

core/views/arpriceimportexport.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arpliteimportexport CSRF...

Cross site request forgery (csrf)

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...

CVE-2019-14683

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...

CVE-2019-12397

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix...

Workspace App for Android - RSA software token import errors

Unable to import RSA Soft Token file in Workspace App for Android receiving error message: "Token import failed" or “Error code %1$X...

PT-2019-13823 · Backdrop · Backdrop Cms

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions 1.12.x through 1.12.7 Backdrop CMS versions 1.13.x through 1.13.2 Description: The issue allows the upload of entire-site configuration archives through the user interface or command line, without sufficiently checking...

PT-2019-13779 · WordPress · Import-Users-From-Csv-With-Meta

Name of the Vulnerable Software and Affected Versions: Import users from CSV with meta plugin versions prior to 1.14.2.2 Description: The issue allows for a CSRF attack via the "wp-admin/admin-ajax.php?action=acui delete attachment" API endpoint. This affects the "Import users from CSV with meta"...

Cross site scripting

An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload...

CVE-2019-14671

Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fintsurl to import/job/configuration, and import/create/fints...

CVE-2019-14671

Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fintsurl to import/job/configuration, and import/create/fints...

CVE-2019-7896

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...

CVE-2019-7896

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...

Remote code execution

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...

CVE-2019-7896

CVE-2019-7896 affects Magento versions prior to 2.1.18 (2.1.x), 2.2 prior to 2.2.9, and 2.3 prior to 2.3.2. The flaw allows an authenticated administrator with access to layouts to execute arbitrary code via a combination of product import, a crafted CSV file, and an XML layout update, resulting ...

CVE-2019-7896

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...

OPENSUSE-SU-2019:1824-1 Security update for rmt-server

This update for rmt-server to version 2.3.1 fixes the following issues: - Fix mirroring logic when errors are encountered bsc1140492 - Refactor RMT::Mirror to download metadata/licenses in parallel - Check repo metadata GPG signatures during mirroring bsc1132690 - Add rmt-server-config subpackage...

DEBIAN-CVE-2019-0193

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debuggi...

WordPress Order XML File Export Import for WooCommerce plugin <= 1.2.2 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Order XML File Export Import for WooCommerce plugin versions = 1.2.2. Solution Update the WordPress Order XML File Export Import for WooCommerce plugin to the latest available version at least 1.2.3...

Design/Logic Flaw

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...