51 matches found
EUVD-2005-0412
Malware in sbrugna...
EUVD-2005-0410
Malware in sbrugna...
EUVD-2005-0230
Malware in sbrugna...
EUVD-2005-0411
Malware in sbrugna...
MAL-2025-17073 Malicious code in citrusdb (npm)
The package citrusdb was found to contain malicious code...
Malicious code in citrusdb (npm)
The package citrusdb was found to contain malicious code...
CitrusDB 0.3.6 importcc.php Arbitrary Database Injection
No description provided by source. source: http://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the...
CitrusDB 0.3.6 - Remote Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12560/info CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information. An attacker could exploit thi...
CitrusDB 0.3.6 Arbitrary Local PHP File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12564/info CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input. This issue is reported...
CitrusDB 0.3.6 importcc.php CSV File SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the...
CitrusDB 0.1/0.2/0.3 Credit Card Data Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12402/info A remote information disclosure issue affects CitrusDB. This issue is due to a design problem that grants unauthorized users the ability to export sensitive data. An attacker may leverage this issue to gain...
CitrusDB 0.3.6 uploadcc.php Arbitrary Database Injection
No description provided by source. source: http://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the...
CitrusDB 2.4.1 - LFI/SQLi Vulnerability
CitrusDB 2.4.1 - LFI/SQLi Vulnerability Author: Michal wacky Blaszczak WWW: blaszczakm.blogspot.com CitrusDB is an open source customer service and billing database. It can be used by customer service personnel to provide sales and support to customers, and by billing staff to bill customers for...
CitrusDB 2.4.1 - Local File Inclusion SQL Injection
CitrusDB 2.4.1 - Local File Inclusion SQL Injection source: https://www.securityfocus.com/bid/52946/info CitrusDB is prone to a local file-include vulnerability and an SQL-injection vulnerability. An attacker can exploit these issues to compromise the application, access or modify data, exploit...
CitrusDB 2.4.1 - Local File Inclusion / SQL Injection
source: https://www.securityfocus.com/bid/52946/info CitrusDB is prone to a local file-include vulnerability and an SQL-injection vulnerability. An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, an...
CitrusDB 2.4.1 Local File Inclusion / SQL Injection
CitrusDB 2.4.1 - LFI/SQLi Vulnerability Author: Michal wacky Blaszczak WWW: blaszczakm.blogspot.com CitrusDB is an open source customer service and billing database. It can be used by customer service personnel to provide sales and support to customers, and by billing staff to bill customers for...
Credit Card Data Disclosure in CitrusDB
CitrusDB uses a textfile to temporarily store credit card information. This textfile is located in the web tree via a static URL and thus accessible to third parties. It also isn SPDX-FileCopyrightText: 2005 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are...
CVE-2005-0229
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt...
CVE-2005-0410
SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file...
CVE-2005-0411
Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. dot dot sequences in the load parameter...