CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the idhash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in th...

9.9AI score0.04866EPSS

Exploits1References2

Cvelist•added 2005/02/16 5:0 a.m.•20 views

CVE-2005-0409

CitrusDB 0.3.6 and earlier does not verify authorization for the 1 importcc.php and 2 uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of...

6.4AI score0.05657EPSS

Exploits1References2

Cvelist•added 2005/02/16 5:0 a.m.•14 views

CVE-2005-0411

Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. dot dot sequences in the load parameter...

6.8AI score0.02194EPSS

Exploits1References2

Exploit DB•added 2005/02/15 12:0 a.m.•31 views

CitrusDB 0.3.6 - 'importcc.php' Arbitrary Database Injection

source: https://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user...

7.4AI score

Exploits0

Exploit DB•added 2005/02/15 12:0 a.m.•19 views

CitrusDB 0.3.6 - 'uploadcc.php' Arbitrary Database Injection

7.4AI score

Exploits0

Exploit DB•added 2005/02/15 12:0 a.m.•35 views

CitrusDB 0.3.6 - 'importcc.php' CSV File SQL Injection

7AI score

Exploits0

securityvulns•added 2005/02/15 12:0 a.m.•30 views

[Full-Disclosure] Advisory: Directory traversal in CitrusDB

Advisory: Directory traversal in CitrusDB RedTeam found a directory traversal vulnerability in CitrusDB which results in inclusion of any accessible local .php file. Details ======= Product: CitrusDB Affected Version: 0.3.6, probably = 0.3.5, too Immune Version: none 2005-02-03 OS affected: all...

7.5CVSS6.3AI score0.02194EPSS

Exploits1

securityvulns•added 2005/02/15 12:0 a.m.•31 views

[Full-Disclosure] Advisory: Upload Authorization bypass in CitrusDB

Advisory: Upload Authorization bypass in CitrusDB A group of students at our lab called RedTeam found an authorization bypass vulnerability in CitrusDB which results in upload of fake credit card data, SQL-Injection and disclosure of credit card data. Details ======= Product: CitrusDB Affected...

7.5CVSS9.4AI score0.07652EPSS

Exploits4

securityvulns•added 2005/02/15 12:0 a.m.•34 views

[Full-Disclosure] Advisory: Authentication bypass in CitrusDB

Advisory: Authentication bypass in CitrusDB A group of Students in our lab called RedTeam found an authentication bypass vulnerability in CitrusDB which can result in complete corruption of the installed CitrusDB application. Details ======= Product: CitrusDB Affected Version: 0.3.6 verified,...

7.5CVSS0.2AI score0.04866EPSS

Exploits1

exploitpack•added 2005/02/15 12:0 a.m.•10 views

CitrusDB 0.3.6 - importcc.php Arbitrary Database Injection

CitrusDB 0.3.6 - importcc.php Arbitrary Database Injection source: https://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The...

7.7AI score

Exploits0

NVD•added 2005/02/14 5:0 a.m.•15 views

CVE-2005-0410

SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file...

5CVSS7.5AI score0.01848EPSS

Exploits1References2

NVD•added 2005/02/14 5:0 a.m.•8 views

CVE-2005-0411

Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. dot dot sequences in the load parameter...

7.5CVSS6.8AI score0.02194EPSS

Exploits1References2

NVD•added 2005/02/14 5:0 a.m.•17 views

CVE-2005-0408

9.8CVSS9.9AI score0.04866EPSS

Exploits1References2

securityvulns•added 2005/02/14 12:0 a.m.•40 views

[Full-Disclosure] Credit Card data disclosure in CitrusDB

Credit Card data disclosure in CitrusDB A group of students at our lab called RedTeam found an information disclosure vulnerability in CitrusDB which can result in disclosure of credit card information. Details ======= Product: CitrusDB Affected Version: = 0.3.5 Immune Version: =0.3.6 OS affected...

5CVSS0.1AI score0.07652EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by