CVE-2023-53896 D-Link DAP-1325 Hardware A1 Unauthenticated Configuration Download

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...

UBUNTU-CVE-2025-60797

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

CVE-2025-64167 Combodo iTop vulnerable to reflected XSS in webservices/export.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-site scripting attack leading to JS execution when editing the URL parameter. Versions 2.7.13 and 3.2.2 don't use export.php, which was deprecated. They use export-v2.php instead...

EUVD-2013-3178

Malware in sbrugna...

EUVD-2012-6605

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-19799

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. CVE-2018-19799 Note that Nessus relies on the presence of the package as reported by t...

CVE-2025-30059

Technical details about CVE-2025-30059 are not provided in the connected EUVD entries or the references. Monitor for updates; the current documents do not specify affected versions, root cause specifics, or remediation steps.

Linux Distros Unpatched Vulnerability : CVE-2007-4306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the 1 unlimnumrows, 2...

CVE-2012-10059 Dolibarr ERP/CRM Post-Auth OS Command Injection

Dolibarr ERP/CRM versions = 3.1.1 and = 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sqlcompat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code...

CVE-2012-10059

Dolibarr ERP/CRM contains a post-authenticated OS command injection in its database backup feature. In versions <= 3.1.1 and

WordPress Enfold theme <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php vulnerability

Missing Authorization to Sensitive Information Disclosure in avia-export-class.php vulnerability discovered by mikemyers in WordPress Theme Enfold versions = 6.0.9...

UBUNTU-CVE-2023-37543

Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a different vulnerability than CVE-2019-16723...

SUSE CVE-2013-3241

export.php aka the export script in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request...

Denial Of Service (DoS)

libpng is vulnerable to denial of service. The vulnerability exists due to an absolute path in the export script that crashes when reading multiple zTXT chunks...

Chadha PHPKB OS Command Injection Vulnerability

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. An OS command injection vulnerability exists in export.php in Chadha PHPKB Standard Multi-Language 9. A remote attacker can exploit...

CVE-2013-3241

export.php aka the export script in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request...

CVE-2013-3241

export.php aka the export script in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request...

CVE-2013-3241

export.php aka the export script in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request...

CVE-2013-3241

export.php aka the export script in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request...

Global variables overwrite in "export.php".

PMASA-2013-5 Announcement-ID: PMASA-2013-5 Date: 2013-04-24 Summary Global variables overwrite in "export.php". Description The export script generates global variables from those present in the $$POST superglobal. This may lead to other exploits in the export script. Severity We consider this...