CVE-2018-3710

CVE-2018-3710 affects GitLab Community/Enterprise Edition 10.3.3, with an insecure temporary file in the project import component enabling remote code execution. Multiple sources (NVD, Debian DSA, CNVD, OSV) corroborate an arbitrary code execution via project import; CVE-2018-3710 is part of a se...

Next Generation Graphical Network Analyzer: Deplug

Deplug is a graphical network analyzer powered by web technologies. Features Cross-Platform macOS, Linux, Windows Web-based UI Built-in Package Manager SDK for JavaScript and Rust Concurrency Support Import / Export Deplug supports following formats by default. Pcap File .pcap Preferences...

PT-2018-16134 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab Community and Enterprise Editions version 10.3.3 Description: The issue is related to an insecure temporary file in the project import component, which can result in remote code execution. Recommendations: For Gitlab Community and...

I Librarian I-librarian XXE vulnerability

I Librarian I-librarian is an application for editing PDF files. An XXE vulnerability exists in line 154 of the importmetadata.php file in I Librarian I-librarian 4.8 and earlier versions. An attacker can exploit this vulnerability to read the contents of a file and perform a server-side request...

CVE-2018-0941

Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924...

CVE-2018-0941

Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924...

Information disclosure

Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924...

CVE-2018-0941

Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924...

Eramba Cross-Site Scripting Vulnerability (CNVD-2018-06086)

Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program features IT security, compliance auditing and analysis, and more. A cross-site scripting vulnerability exists in the error page of the CSV file inclusion tab of /importTool/preview URI in Eramba e...

CVE-2018-1000090

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

Design/Logic Flaw

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

CVE-2018-1000090

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

KLA11212 Multiple vulnerabilities in Microsoft Exchange Server

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in way that Microsoft...

WordPress Import any XML or CSV File to WordPress plugin <=3.4.5 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Mardan Muhidin in WordPress Import any XML or CSV File to WordPress plugin versions =3.4.5. Solution Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version at least 3.4.6...

Cisco Secure Access Control Server XML External Entity Injection Vulnerability (CNVD-2018-05230)

Cisco Secure Access Control Server ACS is a secure access control server from Cisco USA. The server provides a comprehensive identity-based access control solution for Cisco intelligent information networks. An XML external entity injection vulnerability exists in the Web-based user interface in...

Ping Identity: Server-Side Request Forgery on SAML Application - Import via URL

Summary == The My Applications feature on PingOne Identity admin allows you to add new SAML applications to your account. One feature allows you to import metadata via URI instead of via upload. This uses Java 1.8 to make an external web request to the URI supplied. Typically this is hard to...

Cross site scripting

Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0546

Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0547

Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0546

Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors...