CVE-2023-54348 ERPGo SaaS 3.9 CSV Injection via Vendor Creation

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' ...

CVE-2023-54348

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' ...

EUVD-2024-55338

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...

CVE-2024-58293

CVE-2024-58293 affects Akaunting 3.1.8 with a server-side template injection vulnerability. Authenticated administrators can inject template expressions into multiple form fields (items, taxes, transactions, vendor name), enabling arithmetic operations and string manipulations. Public sources in ...

CVE-2024-58293 Akaunting 3.1.8 Server-Side Template Injection via Multiple Form Fields

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...

Faraday v3.3 - Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.3: Workspace archive You are now able to make the whole workspace read only and archive it for future use. This allows to clear the clutter from all your ongoing projects while giving you the opportunity to continue with your work later ...

[USBLogView] Records the details of any USB device that is plugged or unplugged into your system

USBLogView is a small utility that runs in the background and records the details of any USB device that is plugged or unplugged into your system. For every log line created by USBLogView, the following information is displayed: Event Type Plug/Unplug, Event Time, Device Name, Description, Device...

CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ eFront-learning PHP file inclusion vulnerability 1. Advisory Information Title: eFront-learning PHP file inclusion vulnerability Advisory Id: CORE-2010-0311 Advisory...

DDIVRT-2009-22 SMART Board Whiteboard Directory Traversal Vulnerability

Title ----- DDIVRT-2009-22 SMART Board Whiteboard Directory Traversal Vulnerability Severity -------- High Date Discovered --------------- January 19th, 2009 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: David Marshall and r@b13$ Vulnerability Description...

MS:C7DB1D28-9160-4E63-9EAE-2C7DF322DC00

...