51 matches found
EUVD-2005-0411
Malware in sbrugna...
EUVD-2005-0230
Malware in sbrugna...
EUVD-2005-0412
Malware in sbrugna...
EUVD-2005-0410
Malware in sbrugna...
Malicious code in citrusdb (npm)
The package citrusdb was found to contain malicious code...
MAL-2025-17073 Malicious code in citrusdb (npm)
The package citrusdb was found to contain malicious code...
CitrusDB 0.3.6 Arbitrary Local PHP File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12564/info CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input. This issue is reported...
CitrusDB 0.1/0.2/0.3 Credit Card Data Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12402/info A remote information disclosure issue affects CitrusDB. This issue is due to a design problem that grants unauthorized users the ability to export sensitive data. An attacker may leverage this issue to gain...
CitrusDB 0.3.6 importcc.php Arbitrary Database Injection
No description provided by source. source: http://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the...
CitrusDB 0.3.6 uploadcc.php Arbitrary Database Injection
No description provided by source. source: http://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the...
CitrusDB 0.3.6 - Remote Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12560/info CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information. An attacker could exploit thi...
CitrusDB 0.3.6 importcc.php CSV File SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the...
CitrusDB 2.4.1 - LFI/SQLi Vulnerability
CitrusDB 2.4.1 - LFI/SQLi Vulnerability Author: Michal wacky Blaszczak WWW: blaszczakm.blogspot.com CitrusDB is an open source customer service and billing database. It can be used by customer service personnel to provide sales and support to customers, and by billing staff to bill customers for...
CitrusDB 2.4.1 - Local File Inclusion SQL Injection
CitrusDB 2.4.1 - Local File Inclusion SQL Injection source: https://www.securityfocus.com/bid/52946/info CitrusDB is prone to a local file-include vulnerability and an SQL-injection vulnerability. An attacker can exploit these issues to compromise the application, access or modify data, exploit...
CitrusDB 2.4.1 - Local File Inclusion / SQL Injection
source: https://www.securityfocus.com/bid/52946/info CitrusDB is prone to a local file-include vulnerability and an SQL-injection vulnerability. An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, an...
CitrusDB 2.4.1 Local File Inclusion / SQL Injection
CitrusDB 2.4.1 - LFI/SQLi Vulnerability Author: Michal wacky Blaszczak WWW: blaszczakm.blogspot.com CitrusDB is an open source customer service and billing database. It can be used by customer service personnel to provide sales and support to customers, and by billing staff to bill customers for...
Credit Card Data Disclosure in CitrusDB
CitrusDB uses a textfile to temporarily store credit card information. This textfile is located in the web tree via a static URL and thus accessible to third parties. It also isn SPDX-FileCopyrightText: 2005 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are...
CVE-2005-0229
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt...
CVE-2005-0408
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the idhash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in th...
CVE-2005-0411
CVE-2005-0411 affects CitrusDB up to version 0.3.6 (and earlier). The vulnerability is a directory-traversal in index.php where the GET parameter load can include arbitrary local PHP files via .. sequences, enabling remote attackers and local users to include PHP files. The issue is documented wi...