OSVDB: Open Sourced Vulnerability Database

Affiliation/Organization: IT Security Solutions

Time to Patch Stats

For vulnerabilities disclosed through this affiliation where we have sufficient data to calculate the time to patch (9 vulns), the following statistics apply:

Min Time To Patch:	4 days
Avg Time To Patch:	20 days
Max Time To Patch:	29 days

Other Affiliations

Creditees Affiliated with IT Security Solutions have also affiliated with:

Website: http://itsecuritysolutions.org/

Creditees currently or formerly associated with IT Security Solutions (1):
(ordered by association date)

Known Since	Name	Vulns Through Affiliation
2011-02-08	Brendan Coles	55

Disclosed Vulnerabilities (55):

Discl. Date	OSVDB ID	CVE ID	Creditees	Title
2013-01-22	89529	2013-0232	Brendan Coles	ZoneMinder includes/actions.php packageControl Function Multiple Parameter Remote Command Execution
2012-12-25	88751		Brendan Coles	eXtplorer users.php ext_find_user() Function Unspecified Authentication Bypass
2012-09-21	85654		Brendan Coles	Zen Load Balancer content2-2.cgi Multiple Parameter Remote Command Execution
2012-09-21	85690		Brendan Coles	Zen Load Balancer Multiple Directory Permissions Weakness Information Disclosure
2012-09-21	85692		Brendan Coles	Zen Load Balancer content3-2.cgi if Parameter Remote Command Execution
2012-09-21	85691		Brendan Coles	Zen Load Balancer upload.cgi Arbitrary File Upload
2012-08-30	85078		Brendan Coles	SugarCRM Logging Functionality Log File Rename Arbitrary Code Execution
2012-08-30	85111		Brendan Coles	SugarCRM cache/include/externalAPI.cache.js File Direct Request Path Disclosure
2012-08-30	85081		Brendan Coles	SugarCRM ical_server.php User Schedule Disclosure
2012-08-30	85080		Brendan Coles	SugarCRM index.php File Handling XSS
2012-08-30	85079		Brendan Coles	SugarCRM index.php JSON Query Parsing Password Hash Disclosure
2012-08-30	85112		Brendan Coles	SugarCRM vcal_server.php Username / Email Address Enumeration
2012-08-30	85068		Brendan Coles	SugarCRM index.php group Parameter SQL Injection
2012-08-13	84712	2012-2275	Brendan Coles	TestLink Admin User Creation CSRF
2012-08-13	84711		Brendan Coles	TestLink Audit Log Session Identifier Disclosure
2012-08-13	84713		Brendan Coles	TestLink sysinfo.php Direct Request Information Disclosure
2012-08-13	85446		Brendan Coles	TestLink /upload_area/nodes_hierarchy/ Arbitrary File Upload Weakness
2012-08-12	85346		Brendan Coles	WAN Emulator URI XSS
2012-08-12	85344		Brendan Coles	WAN Emulator dosu Setuid File Privilege Escalation
2012-08-12	85345		Brendan Coles	WAN Emulator result.php pc Parameter Arbitrary Command Execution
2012-07-30	84411		Brendan Coles	Zenoss zport/dmd/Events/Status/Snmp/eventClassStatus sortedSence Parameter XSS
2012-07-30	84417		Brendan Coles	Zenoss zport/acl_users/cookieAuthHelper/login came_from Parameter Arbitrary Site Redirect
2012-07-30	84415		Brendan Coles	Zenoss zport/About/viewDaemonLog daemon Parameter Traversal Arbitrary .log File Access
2012-07-30	84414		Brendan Coles	Zenoss zport/About/viewDaemonConfig daemon Parameter Traversal Arbitrary .conf File Access
2012-07-30	84413		Brendan Coles	Zenoss zport/About/editDaemonConfig daemon Parameter Traversal Arbitrary .conf File Manipulation
2012-07-30	84408		Brendan Coles	Zenoss zport/About/showDaemonXMLConfig daemon Parameter Popen() Call Remote Shell Command Execution
2012-07-30	84412		Brendan Coles	Zenoss zport/dmd/Events/Users/eventClassStatus sortedSence Parameter XSS
2012-07-30	84410		Brendan Coles	Zenoss zport/dmd/backupInfo sortedSence Parameter XSS
2012-07-30	84409		Brendan Coles	Zenoss zport/dmd/ZenEventManager/listEventCommands sortedSence Parameter XSS
2012-07-30	84416		Brendan Coles	Zenoss Multiple Function CSRF
2012-07-30	84407		Brendan Coles	Zenoss zport/RenderServer/plugin name Parameter Traversal Arbitrary .py File Upload
2012-07-01	84302		Brendan Coles	CuteFlow pages/editfield.php Multiple Parameter XSS
2012-07-01	84289		Brendan Coles	CuteFlow pages/restart_circulation_values_write.php File Upload PHP Code Execution
2012-07-01	84293		Brendan Coles	CuteFlow pages/editslot.php slotid Parameter SQL Injection
2012-07-01	84301		Brendan Coles	CuteFlow pages/edittemplate_step2.php templateid Parameter SQL Injection
2012-07-01	84300		Brendan Coles	CuteFlow pages/editmailinglist_step2.php templateid Parameter SQL Injection
2012-07-01	84299		Brendan Coles	CuteFlow pages/editcirculation.php Multiple Parameter XSS
2012-07-01	84298		Brendan Coles	CuteFlow pages/editmailinglist_default.php Multiple Parameter XSS
2012-07-01	84295		Brendan Coles	CuteFlow pages/edittemplate_step1.php Multiple Parameter XSS
2012-07-01	84292		Brendan Coles	CuteFlow pages/showmaillist.php Multiple Parameter XSS
2012-07-01	84291		Brendan Coles	CuteFlow pages/showtemplates.php Multiple Parameter XSS
2012-07-01	84290		Brendan Coles	CuteFlow pages/writeuser.php Direct Request Admin Addition
2012-07-01	84294		Brendan Coles	CuteFlow pages/showuser.php Multiple Parameter XSS
2012-07-01	84297		Brendan Coles	CuteFlow pages/editmailinglist_step1.php Multiple Parameter XSS
2012-07-01	84296		Brendan Coles	CuteFlow pages/editslot.php Multiple Parameter XSS
2011-06-24	73343		Brendan Coles	ActivDesk search.cgi Multiple Parameter XSS
2011-06-24	73344		Brendan Coles	ActivDesk kbcat.cgi cid Parameter SQL Injection
2011-06-24	73345		Brendan Coles	ActivDesk kb.cgi kid Parameter SQL Injection
2011-06-23	73262		Brendan Coles	BrewBlogger sections/reference.inc.php Multiple Parameter SQL Injection
2011-06-23	73261		Brendan Coles	BrewBlogger index.php style Parameter XSS
2011-06-23	73263		Brendan Coles	BrewBlogger Multiple Script Direct Request Path Disclosure
2011-03-24	73513		Brendan Coles	Cachelogic Expired Domains Script index.php Script Multiple Parameter Malformed Input Path Disclosure
2011-03-24	73514		Brendan Coles	Cachelogic Expired Domains Script stats.php Multiple Parameter XSS
2011-03-24	73515		Brendan Coles	Cachelogic Expired Domains Script index.php ncharacter Parameter SQL Injection
2011-02-08	70928	2011-0446	Brendan Coles Rick Olson	Ruby on Rails mail_to Helper Multiple Parameter XSS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Creditees currently or formerly associated with IT Security Solutions (1):(ordered by association date)

Disclosed Vulnerabilities (55):

Creditees currently or formerly associated with IT Security Solutions (1):
(ordered by association date)