14 matches found
EUVD-2018-19037
Malware in sbrugna...
EUVD-2022-2978
Malicious code in bioql PyPI...
CVE-2018-7304
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...
CVE-2018-7303
The Calendar component in Tiki 17.1 allows HTML injection...
CVE-2018-7302
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS...
Input validation
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...
CVE-2018-7303
The Calendar component in Tiki 17.1 allows HTML injection...
Design/Logic Flaw
The Calendar component in Tiki 17.1 allows HTML injection...
Cross site scripting
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS...
CVE-2018-7302
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS...
CVE-2018-7304
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...
CVE-2018-7304
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...
CVE-2018-7302
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS...
CVE-2018-7303
The Calendar component in Tiki 17.1 allows HTML injection...