CWE:
 

Topic
Date
Author
High
VBox Satellite Express Arbitrary Write Privilege Escalation
19.09.2015
KoreLogic
Med.
SiS Windows VGA Display Manager Multiple Privilege Escalation
02.09.2015
KoreLogic
Med.
XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation
02.09.2015
KoreLogic
High
FortiClient Antivirus Information Exposure / Access Control
02.09.2015
CORE
Med.
Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
22.07.2014
Matt Bergin of KoreLog...
Med.
Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
22.07.2014
Matt Bergin of KoreLog...
Med.
Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
16.07.2014
Matt Bergin of KoreLog...


CVEMAP Search Results

CVE
Details
Description
2022-07-25
Waiting for details
CVE-2022-1539

Updating...
 

 
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks.

 
Waiting for details
CVE-2022-2240

Updating...
 

 
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it

 
2022-06-17
Waiting for details
CVE-2022-2112

Updating...
 

 
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.

 
2022-06-13
Medium
CVE-2022-1202

Vendor: Usabilitydynamics
Software: Wp-crm
 

 
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.

 
2022-06-09
Low
CVE-2022-2027

Vendor: Kromit
Software: Titra
 

 
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.

 
2022-06-07
Medium
CVE-2020-36531

Vendor: IBM
Software: Sevone netwo...
 

 
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely.

 
2022-05-05
Medium
CVE-2021-38441

Vendor: Eclipse
Software: Cyclonedds
 

 
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.

 
2022-05-01
Medium
CVE-2022-28481

Vendor: Csv-safe project
Software: Csv-safe
 

 
CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.

 
2022-04-19
High
CVE-2022-29315

Vendor: Invicti
Software: Acunetix
 

 
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used.

 
2022-04-14
Medium
CVE-2021-43257

Vendor: Mantisbt
Software: Mantisbt
 

 
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top