[SA16338] Jax LinkLists Cross-Site Scripting and Information Disclosure

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

K-COLLECT CSV_DB / i_DB csv_db.cgi file Parameter Arbitrary Command Execution

The remote host is running K-COLLECT csv-database, a web application written in perl. The remote version of this software fails to sanitize user input to the 'file' parameter of the 'csvdb.cgi' script before using it to run a shell command. An unauthenticated can exploit this issue to execute...

CVE-2005-0410

CVE-2005-0410 affects CitrusDB up to version 0.3.6, where importcc.php is vulnerable to SQL injection via fields in uploaded CSV data. This allows remote attackers to inject data into the database through crafted CSV files. Evidence from multiple sources confirms the vulnerability exists in Citru...

CVE-2005-0410

SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file...

CitrusDB 0.3.6 - importcc.php CSV File SQL Injection

CitrusDB 0.3.6 - importcc.php CSV File SQL Injection source: https://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue...

CitrusDB 0.3.6 - 'uploadcc.php' Arbitrary Database Injection

source: https://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user...

CitrusDB 0.3.6 - 'importcc.php' CSV File SQL Injection

source: https://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user...

CVE-2005-0410

SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file...

CVE-2004-1266

Buffer overflow in the getfieldheaders function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file...

CVE-2004-1266

Buffer overflow in the getfieldheaders function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file...