CWE:
 

Topic
Date
Author
High
VBox Satellite Express Arbitrary Write Privilege Escalation
19.09.2015
KoreLogic
Med.
SiS Windows VGA Display Manager Multiple Privilege Escalation
02.09.2015
KoreLogic
Med.
XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation
02.09.2015
KoreLogic
High
FortiClient Antivirus Information Exposure / Access Control
02.09.2015
CORE
Med.
Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
22.07.2014
Matt Bergin of KoreLog...
Med.
Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
22.07.2014
Matt Bergin of KoreLog...
Med.
Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
16.07.2014
Matt Bergin of KoreLog...


CVEMAP Search Results

CVE
Details
Description
2021-07-14
Medium
CVE-2020-25445

Vendor: Bookingcore
Software: Booking core
 

 

 
2021-07-12
Medium
CVE-2021-24441

Vendor: Fetchdesigns
Software: Sign-up sheets
 

 
The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue

 
2021-06-21
Medium
CVE-2020-22390

Vendor: Akaunting
Software: Akaunting
 

 
Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.

 
2021-05-13
Medium
CVE-2021-22153

Vendor: Blackberry
Software: Unified endp...
 

 

 
2021-05-06
Medium
CVE-2021-1520

Updating...
 

 
A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS). This vulnerability exists because an internal messaging service does not properly sanitize input. An attacker could exploit this vulnerability by first authenticating to the device and then sending a crafted request to the internal service. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying OS. To exploit this vulnerability, the attacker must have valid Administrator credentials for the device.

 
2021-04-27
Medium
CVE-2021-29667

Updating...
 

 
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.

 
2021-04-08
Waiting for details
CVE-2021-1474

Updating...
 

 
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

 
Waiting for details
CVE-2021-1475

Updating...
 

 
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

 
2021-03-24
Medium
CVE-2021-1390

Vendor: Cisco
Software: Ios xe
 

 
A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnerability exists because the affected software permits modification of the run-time memory of an affected device under specific circumstances. An attacker could exploit this vulnerability by authenticating to the affected device and issuing a specific diagnostic test command at the CLI. A successful exploit could trigger a logic error in the code that was designed to restrict run-time memory modifications. The attacker could take advantage of this logic error to overwrite system memory locations and execute arbitrary code on the underlying Linux operating system (OS) of the affected device.

 
2021-03-03
Medium
CVE-2021-27839

Vendor: Bigprof
Software: Online invoi...
 

 
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top