CWE:
 

Topic
Date
Author
High
VBox Satellite Express Arbitrary Write Privilege Escalation
19.09.2015
KoreLogic
Med.
SiS Windows VGA Display Manager Multiple Privilege Escalation
02.09.2015
KoreLogic
Med.
XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation
02.09.2015
KoreLogic
High
FortiClient Antivirus Information Exposure / Access Control
02.09.2015
CORE
Med.
Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
22.07.2014
Matt Bergin of KoreLog...
Med.
Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
22.07.2014
Matt Bergin of KoreLog...
Med.
Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
16.07.2014
Matt Bergin of KoreLog...


CVEMAP Search Results

CVE
Details
Description
2022-11-28
Waiting for details
CVE-2022-3603

Updating...
 

 
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection.

 
2022-11-21
Waiting for details
CVE-2022-3600

Updating...
 

 
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.

 
Waiting for details
CVE-2022-3634

Updating...
 

 
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection

 
2022-11-14
Waiting for details
CVE-2022-3574

Updating...
 

 
The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection.

 
2022-11-07
Waiting for details
CVE-2022-3558

Updating...
 

 
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.

 
Waiting for details
CVE-2022-3463

Updating...
 

 
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection

 
2022-10-25
Waiting for details
CVE-2022-3393

Updating...
 

 
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection

 
2022-09-16
Waiting for details
CVE-2022-1194

Updating...
 

 
The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.

 
Waiting for details
CVE-2022-2798

Updating...
 

 
The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data

 
2022-07-25
Waiting for details
CVE-2022-2240

Updating...
 

 
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it

 

 


Copyright 2022, cxsecurity.com

 

Back to Top