4 matches found
CVE-2006-4549
CHXO Feedsplitter (
CVE-2006-4550
CVE-2006-4550 describes a directory traversal vulnerability in CHXO Feedsplitter (2006-01-21) where remote attackers can read arbitrary XML files by manipulating the format parameter with a leading dot, bypassing a security check. The NVD entry lists the vulnerability with network access, low att...
CVE-2006-4551
The CVE-2006-4551 entry describes an eval injection vulnerability in Feedsplitter (the feedsplitter.php handling path) that allows remote attackers to execute arbitrary PHP code by supplying the file to the value of the format parameter, and possibly via a malicious RSS feed. The root cause is im...
CVE-2006-4552
The CVE-2006-4552 entry concerns CHXO Feedsplitter (RSS/RDF feed converter) with a cross-site scripting flaw. The Feedsplitter component (feedsplitter.php) processes the format parameter when parsing an XML feed, and improper validation allows a remote attacker to inject arbitrary script via a fe...