Server: Calendar export: Authorization Bypass Through User-Controlled Key

Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calid" GET parameter to export.php in /apps/calendar/ For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

ClaSS <= 0.8.60 (export.php ftype) Local File Inclusion Vulnerability

No description provided by source. ClaSS http://www.laex.org/class/ - =0.8.60 - magicquotesgpc = Off registerglobals = On - File Disclosure/Download - http://site/Class/class/scripts/export.php?ftype= /../../path/to/Class/school.php /../../path/to/Class/dbhconnect.php /../../etc/passwd - Timeline...

phpMyAdmin 2.x Export.PHP File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9564/info phpMyAdmin is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. The issue is reported to exist in the 'export.php' script and may be...

Design/Logic Flaw

export.php aka the export script in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request...

CVE-2013-3241

CVE-2013-3241 refers to a vulnerability in phpMyAdmin 4.x prior to 4.0.0-rc3 where export.php overwrites global variables based on the POST contents, enabling remote authenticated users to inject values via crafted requests. This entry is corroborated by NVD, and related advisories describe multi...

GD Star Rating Plugin for WordPress 'export.php' Authentication Bypass Information Disclosure

The GD Star Rating Plugin for WordPress installed on the remote host is affected by a security bypass information disclosure vulnerability. The issue is triggered when the 'plugins/gd-star-rating/export.php' script fails to properly verify user authentication, which allows a remote attacker to...

Privilege escalation in the calendar application - ownCloud

Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calid" GET parameter to export.php in /apps/calendar/ Affected Software ownCloud Server 4.5.7 CVE-2013-0304 Action Taken It is recommended that all instances...

WordPress Advanced Custom Fields Plugin - Remote File Inclusion

WordPress Advanced Custom Fields plugin is prone to a remote file inclusion vulnerability. It allows for remote file inclusion and remote code execution via the export.php script. Solution Update the plugin...

WordPress GD Star Rating 1.9.10 SQL Injection

Exploit Title: WordPress GD Star Rating plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- ./export.php requireonce"./code/cls/export.php"; ... if isset$GET"ex" $exporttype = $GET"ex"; ... switch$exporttype case "user":...

Directory traversal

Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when registerglobals is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the exportto parameter...

CVE-2009-0535

CVE-2009-0535 describes a directory traversal in export.php of Thyme 1.3 and earlier, where, when register_globals is disabled, an attacker can read arbitrary files by supplying a .. in the export_to parameter. The NVD entry scores this as 7.5/10 (HIGH) with network access, low attack complexity,...

CVE-2009-0535

Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when registerglobals is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the exportto parameter...

CVE-2008-5856

CVE-2008-5856 : A directory traversal vulnerability affects ClaSS prior to 0.8.61 in the scripts/export.php component. By supplying traversal sequences via the ftype parameter, a remote attacker could read arbitrary files, exposing potentially sensitive data. The public records consistently descr...

ClaSS 0.8.60 - &#039;export.php&#039; Local File Inclusion

ClaSS http://www.laex.org/class/ - =0.8.60 - magicquotesgpc = Off registerglobals = On - File Disclosure/Download - http://site/Class/class/scripts/export.php?ftype= /../../path/to/Class/school.php /../../path/to/Class/dbhconnect.php /../../etc/passwd - Timeline - Author notified: Dec 19 Patch...

CVE-2006-4578

export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information...

CVE-2006-4578

The Address Book 1.04e is affected by CVE-2006-4578 via export.php, which dumps MySQL contents and writes username and password hash information to a publicly accessible file. Root cause is the dump exposing credentials in publicly accessible storage, enabling remote attackers to obtain sensitive...

CVE-2006-4578

export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information...

phpMyAdminexport.php文件泄露漏洞

phpMyAdmin是一个免费工具，为管理MySQL提供了一个WWW管理接口。phpMyAdmin包含的'export.php'脚本对用户提交参数缺少充分过滤，远程攻击者可以利用这个漏洞进行目录遍历攻击。phpMyAdmin包含的'export.php'脚本对用户提交给'what'的参数缺少充分过滤，远程攻击者提交包含多个'../'字符的数据，可绕过WEB ROOT限制，以WEB权限查看系统上的任意文件信息。 phpMyAdmin2.5-2.5.5-pl1 phpMyAdmin...

CVE-2005-2380

PHP Surveyor 0.98 is affected by multiple cross-site scripting vulnerabilities. The issue allows remote attackers to inject arbitrary script/HTML via parameters to browse.php (sid, start, id) or to dataentry.php/export.php (sid). OpenVAS notes additional vulnerabilities (SQL injection and path di...

Multiple Vulnerabilities in PHP Surveyor

----------------------------------------------------------- Multiple Vulnerabilities in PHP Surveyor version 0.98 stable ------------------------------------------------------------ Summary: PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures. Details:...