Arxes Tolina CSV Injection
A CSV Injection vulnerability in the arxes-tolina web application with version 3.0.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Firma” (company name), an attacker can create a new company with the name variable that contains malicious code.
Arxes Tolina User Disclosure via Application Function
A username disclosure vulnerability via the arxes-tolina web application allows authenticated users to see other users’ login usernames. By sending a HTTP Get Request to the API object the application discloses the usernames of those users that took part in the execution of this contract.
Wordpress CSV Injection
A CSV injection in the WordPress plugin “Admin Columns” with version 3.4.6 from Codepress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create user with names that contain malicious code.
“vBSecurity” by DragonByte