CVE-2018-11526

The plugin "WordPress Comments Import & Export" for WordPress v2.0.4 and before is vulnerable to CSV Injection...

CVE-2018-11526

CVE-2018-11526 affects the WordPress plugin Comments Import & Export (versions 2.0.4 and earlier). The vulnerability is a CSV injection flaw in the plugin when exporting data, enabling an attacker to inject commands via form fields. Public PoCs and exploit resources describe a remote command exec...

Privilege escalation

PHPOK 4.9.032 has an arbitrary file upload vulnerability in the importf function in framework/admin/moduleccontrol.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944...

Description of the security update for SharePoint Enterprise Server 2016: June 12, 2018

Description of the security update for SharePoint Enterprise Server 2016: June 12, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

HPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM

Potential Security Impact Remote disclosure of information VULNERABILITY SUMMARY A potential security vulnerability known as “ROCA: Vulnerable RSA Generation” has been identified with the RSA keys generated by the HP Trusted Platform Module TPM Accessory and printers equipped with a TPM. This...

[SECURITY] Fedora 28 Update: xmlrpc-3.1.3-20.fc28

Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Apache XML-RPC was previously known as Helma XML-RPC. If you have code using the Helma library, all you should have to do is change the import statements in your cod...

CSV Import & Export 1.1.0 - SQL Injection / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: CSV Import & Export v1.1.0 - SQL Injection / Cross-Site Scripting Exploit Author: Kağan Çapar Contact: email protected Vendor Homepage: https://codecanyon.net/item/csv-import-export/21105509 Version: 1.1.0 Category: Webapps Test...

CSV Import And Export 1.1.0 Cross Site Scripting / SQL Injection

Exploit Title: CSV Import & Export v1.1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 30.05.2018 Exploit Author: Kagan Capar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/csv-import-export/21105509 Version: 1.1.0 Category: Webapps Tested on: Kali Linux...

CSV Import Export 1.1.0 - SQL Injection Cross-Site Scripting

CSV Import Export 1.1.0 - SQL Injection Cross-Site Scripting Exploit Title: CSV Import & Export v1.1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/csv-import-export/2110550...

GitLab: Potensial SSRF via Git repository URL

Duplicate: Fixed in 8.17.4, 8.16.8, and 8.15.8 Original report: https://hackerone.com/reports/135937 SSRF when importing a project from a Repo by URL GitLab instances that have enabled project imports using "Repo by URL" were vulnerable to Server-Side Request Forgery attacks. By specifying a...

radare2 denial of service vulnerability (CNVD-2018-12198)

Radare2 is a complete framework for reverse engineering and analyzing binaries, consisting of a series of small utilities that can be used together or independently of the command line. A denial of service vulnerability exists in the parseimportptr function in radare2 2.5.0. A remote attacker can...

Unspecified Vulnerability in SAP Note Assistan

SAP Note Assistant is a tool to help automate the import of changes in SAP Notes, a document created by a developer who finds a bug in an ABAP program that describes the problem and the associated program modification code. An unspecified vulnerability exists in SAP Note Assistant. An attacker...

Security update for libreoffice (moderate)

This update for libreoffice to 6.0.4.2 fixes lots of bugs and also the following issues: Security issues fixed: - CVE-2018-10120: The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx did not validate a customizations index, which allowed remote attackers to cause a denial of...

OpenFire User Import Export Plugin XML External Entity Injection Vulnerability

OpenFire is an open source real-time collaboration RTC server . User Import Export Plugin is one of the ability to import and export Openfire user data through the management console plugin . An XML external entity injection vulnerability exists in the OpenFire User Import Export Plugin version...

openSUSE Security Update : libreoffice (openSUSE-2018-467)

This update for libreoffice to 6.0.4.2 fixes lots of bugs and also the following issues : Security issues fixed : - CVE-2018-10120: The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx did not validate a customizations index, which allowed remote attackers to cause a denial of...

SUSE SLED12 Security Update : libreoffice (SUSE-SU-2018:1296-1)

This update for libreoffice to 6.0.4.2 fixes lots of bugs and also the following issues: Security issues fixed : - CVE-2018-10120: The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx did not validate a customizations index, which allowed remote attackers to cause a denial of...

Design/Logic Flaw

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

CVE-2017-2815

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

CVE-2017-2815

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

CVE-2017-2815

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...