CVE-2017-0919

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized...

CVE-2018-7765

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...

CVE-2018-10075

Cross-site scripting XSS vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature...

Cross site scripting

Cross-site scripting XSS vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature...

CVE-2018-10075

Cross-site scripting XSS vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature...

CVE-2018-10075

Cross-site scripting XSS vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature...

Brave Software: Local files reading using `link[rel="import"]`

Summary: HTML file could import another file using . Brave returns Access-Control-Allow-Origin: response header for local HTML files. That leads to local files reading. This vulnerability makes 369218 critical. Products affected: Brave: 0.23.19 V8: 6.7.288.46 rev:...

DEBIAN-CVE-2018-1000546

Triplea version = 1.9.0.0.10291 contains a XML External Entity XXE vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file XML...

UBUNTU-CVE-2018-1000546

Triplea version = 1.9.0.0.10291 contains a XML External Entity XXE vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file XML...

WordPress Plugin Comments Import Export 2.0.4 - CSV Injection

WordPress Plugin Comments Import Export 2.0.4 - CSV Injection Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected...

Wordpress Comments Import & Export Plugin < 2.0.4 - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected Version: 2.0.4 and before Category: Plugi...

WordPress Plugin Comments Import &amp; Export &lt; 2.0.4 - CSV Injection

Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected Version: 2.0.4 and before Category: Plugins and Extensions...

WordPress Comments Import And Export CSV Injection

Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected Version: 2.0.4 and before Category: Plugins and Extensions...

WordPress Comments Import & Export plugin <= 2.3.1 - CSV Injection vulnerability

CSV Injection vulnerability found by Bhushan B. Patil in WordPress Comments Import & Export plugin versions = 2.0.5. No fully patched version available...

WordPress Comments Import & Export <= 2.0.4 - CSV Injection

The WordPress Comments Import & Export WordPress plugin was affected by a CSV Injection security vulnerability...

WordPress Comments Import & Export CSV Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Comments Import & Export is used in one of the comments import/export plugin. A CSV injection vulnerability exists...

PHPOK Arbitrary File Upload Vulnerability

PHPOK is an enterprise building system that supports expansion. An arbitrary file upload vulnerability exists in the 'importf' function in the framework/admin/moduleccontrol.php file in PHPOK version 4.9.032. An attacker can exploit this vulnerability to upload arbitrary zip files...

Input validation

The plugin "WordPress Comments Import & Export" for WordPress v2.0.4 and before is vulnerable to CSV Injection...

CVE-2018-11526

The plugin "WordPress Comments Import & Export" for WordPress v2.0.4 and before is vulnerable to CSV Injection...

CVE-2018-11526

The plugin "WordPress Comments Import & Export" for WordPress v2.0.4 and before is vulnerable to CSV Injection...