Vulnerabilities > CVE-2005-0229 - Unspecified vulnerability in Citrusdb Customer Database
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN citrusdb
exploit available
Summary
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Exploit-Db
| description | CitrusDB 0.1/0.2/0.3 Credit Card Data Remote Information Disclosure Vulnerability. CVE-2005-0229. Remote exploits for multiple platform |
| id | EDB-ID:25072 |
| last seen | 2016-02-03 |
| modified | 2005-01-31 |
| published | 2005-01-31 |
| reporter | Maximillian Dornseif |
| source | https://www.exploit-db.com/download/25072/ |
| title | CitrusDB 0.1/0.2/0.3 Credit Card Data Remote Information Disclosure Vulnerability |
References
- http://marc.info/?l=full-disclosure&m=110824766519417&w=2
- http://marc.info/?l=full-disclosure&m=110824766519417&w=2
- http://securitytracker.com/id?1013040
- http://securitytracker.com/id?1013040
- http://www.citrusdb.org/forums/viewtopic.php?t=49
- http://www.citrusdb.org/forums/viewtopic.php?t=49
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt
- http://www.securityfocus.com/bid/12402
- http://www.securityfocus.com/bid/12402
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19145
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19145