Vulnerabilities > CVE-2005-0229 - Remote Information Disclosure vulnerability in CitrusDB Credit Card Data
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Exploit-Db
description | CitrusDB 0.1/0.2/0.3 Credit Card Data Remote Information Disclosure Vulnerability. CVE-2005-0229. Remote exploits for multiple platform |
id | EDB-ID:25072 |
last seen | 2016-02-03 |
modified | 2005-01-31 |
published | 2005-01-31 |
reporter | Maximillian Dornseif |
source | https://www.exploit-db.com/download/25072/ |
title | CitrusDB 0.1/0.2/0.3 Credit Card Data Remote Information Disclosure Vulnerability |
References
- http://marc.info/?l=full-disclosure&m=110824766519417&w=2
- http://securitytracker.com/id?1013040
- http://www.citrusdb.org/forums/viewtopic.php?t=49
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt
- http://www.securityfocus.com/bid/12402
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19145