16 matches found
EUVD-2006-4538
Malware in sbrugna...
EUVD-2006-4540
Malware in sbrugna...
EUVD-2006-4539
Malware in sbrugna...
[SA22000] Feedsplitter Script Insertion and Local File Inclusion
TITLE: Feedsplitter Script Insertion and Local File Inclusion SECUNIA ADVISORY ID: SA22000 VERIFY ADVISORY: http://secunia.com/advisories/22000/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Feedsplitter...
CVE-2006-4549
CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified...
CVE-2006-4550
Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. dot dot sequences in the format parameter with a leading ".", which bypasses a security check...
CVE-2006-4551
Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via 1 the file specified as the value of the format parameter, and possibly 2 the RSS feed...
CVE-2006-4551
Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via 1 the file specified as the value of the format parameter, and possibly 2 the RSS feed...
CVE-2006-4549
CHXO Feedsplitter (
CVE-2006-4550
CVE-2006-4550 describes a directory traversal vulnerability in CHXO Feedsplitter (2006-01-21) where remote attackers can read arbitrary XML files by manipulating the format parameter with a leading dot, bypassing a security check. The NVD entry lists the vulnerability with network access, low att...
CVE-2006-4550
Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. dot dot sequences in the format parameter with a leading ".", which bypasses a security check...
CVE-2006-4549
CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified...
CVE-2006-4552
The CVE-2006-4552 entry concerns CHXO Feedsplitter (RSS/RDF feed converter) with a cross-site scripting flaw. The Feedsplitter component (feedsplitter.php) processes the format parameter when parsing an XML feed, and improper validation allows a remote attacker to inject arbitrary script via a fe...
CVE-2006-4551
The CVE-2006-4551 entry describes an eval injection vulnerability in Feedsplitter (the feedsplitter.php handling path) that allows remote attackers to execute arbitrary PHP code by supplying the file to the value of the format parameter, and possibly via a malicious RSS feed. The root cause is im...
feedsplitter considered harmful
I was looking through the feedsplitter.php script avaiable from http://chxo.com/software/feedsplitter/, version 2006-01-21 revision 1.7 according to the RCS $Id$, but that looks out of date today, and noticed a few problems. Background: feedsplitter turns RSS feeds into HTML or javascript so you...
Feedsplitter <= 2006-01-21 Multiple Remote Vulnerabilities (XSS, Traversal, Disc)
The remote host is running Feedsplitter, a PHP script for converting RSS / RDF feeds into HTML. The version of Feedsplitter installed on the remote host fails to properly validate the 'format' parameter of the 'feedsplitter.php' script before using it to parse an arbitrary XML file. An...