Comdev CSV Importer 3.1 :) <= Remote File Inclusion

+-------------------------------------------------------------------- + + Comdev CSV Importer 3.1 : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Comdev CSV Importer 3.1 + Venedor ...........: http://www.comdevweb.com +...

Comdev Links Directory 3.1 :) <= Remote File Inclusion

+-------------------------------------------------------------------- + + Comdev Links Directory 3.1 : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Comdev CSV Importer 3.1 + Venedor ...........: http://www.comdevweb.com +...

Comdev News Publisher 3.1 :) <= Remote File Inclusion

+-------------------------------------------------------------------- + + Comdev News Publisher 3.1 : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Comdev News Publisher 3.1 + Venedor ...........: http://www.comdevweb.com ...

Comdev eCommerce 3.1 :) <= Remote File Inclusion

+-------------------------------------------------------------------- + + Comdev eCommerce 3.1 : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Comdev eCommerce 3.1 + Venedor ...........: http://www.comdevweb.com + Class...

PYSEC-2006-8

The docutils module in Zope Zope2 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText reST markup, which allows remote attackers to read arbitrary files via a csvtable directive, a different vulnerability than CVE-2006-3458...

CVE-2005-4190

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by 1 the identity field, 2 Category and 3 Label search fields, 4 the Mobile Phone field, and ...

CVE-2005-4190

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by 1 the identity field, 2 Category and 3 Label search fields, 4 the Mobile Phone field, and ...

[SA16338] Jax LinkLists Cross-Site Scripting and Information Disclosure

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

K-COLLECT CSV_DB / i_DB csv_db.cgi file Parameter Arbitrary Command Execution

The remote host is running K-COLLECT csv-database, a web application written in perl. The remote version of this software fails to sanitize user input to the 'file' parameter of the 'csvdb.cgi' script before using it to run a shell command. An unauthenticated can exploit this issue to execute...

CVE-2005-0410

SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file...

CVE-2005-0410

CVE-2005-0410 affects CitrusDB up to version 0.3.6, where importcc.php is vulnerable to SQL injection via fields in uploaded CSV data. This allows remote attackers to inject data into the database through crafted CSV files. Evidence from multiple sources confirms the vulnerability exists in Citru...

CitrusDB 0.3.6 - importcc.php CSV File SQL Injection

CitrusDB 0.3.6 - importcc.php CSV File SQL Injection source: https://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue...

CitrusDB 0.3.6 - 'uploadcc.php' Arbitrary Database Injection

source: https://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user...

CitrusDB 0.3.6 - 'importcc.php' CSV File SQL Injection

source: https://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user...

CVE-2005-0410

SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file...

CVE-2004-1266

Buffer overflow in the getfieldheaders function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file...

CVE-2004-1266

Buffer overflow in the getfieldheaders function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file...