CWE:
 

Topic
Date
Author
High
VBox Satellite Express Arbitrary Write Privilege Escalation
19.09.2015
KoreLogic
Med.
SiS Windows VGA Display Manager Multiple Privilege Escalation
02.09.2015
KoreLogic
Med.
XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation
02.09.2015
KoreLogic
High
FortiClient Antivirus Information Exposure / Access Control
02.09.2015
CORE
Med.
Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
22.07.2014
Matt Bergin of KoreLog...
Med.
Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
22.07.2014
Matt Bergin of KoreLog...
Med.
Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
16.07.2014
Matt Bergin of KoreLog...


CVEMAP Search Results

CVE
Details
Description
2021-05-06
Medium
CVE-2021-1520

Updating...
 

 
A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS). This vulnerability exists because an internal messaging service does not properly sanitize input. An attacker could exploit this vulnerability by first authenticating to the device and then sending a crafted request to the internal service. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying OS. To exploit this vulnerability, the attacker must have valid Administrator credentials for the device.

 
2021-04-27
Medium
CVE-2021-29667

Updating...
 

 
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.

 
2021-04-08
Waiting for details
CVE-2021-1475

Updating...
 

 
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

 
Waiting for details
CVE-2021-1474

Updating...
 

 
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

 
2021-03-24
Medium
CVE-2021-1390

Vendor: Cisco
Software: Ios xe
 

 
A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnerability exists because the affected software permits modification of the run-time memory of an affected device under specific circumstances. An attacker could exploit this vulnerability by authenticating to the affected device and issuing a specific diagnostic test command at the CLI. A successful exploit could trigger a logic error in the code that was designed to restrict run-time memory modifications. The attacker could take advantage of this logic error to overwrite system memory locations and execute arbitrary code on the underlying Linux operating system (OS) of the affected device.

 
2021-03-03
Medium
CVE-2021-27839

Vendor: Bigprof
Software: Online invoi...
 

 
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to.

 
2021-02-26
Medium
CVE-2021-21302

Vendor: Prestashop
Software: Prestashop
 

 
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2

 
2021-02-19
Medium
CVE-2020-19513

Vendor: Aida64
Software: Aida64
 

 
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.

 
2021-02-06
Low
CVE-2020-9205

Vendor: Huawei
Software: Manageone
 

 
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

 
2021-01-26
High
CVE-2021-3188

Vendor: Phplist
Software: Phplist
 

 
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top