OSVDB: Open Sourced Vulnerability Database

Creditee: muuratsalo

Known Contact Information:

(as of 2008-03-02)

Known Affiliations:

None at this time

Disclosed Vulnerabilities (35):

Disc. Date	OSVDB ID	CVEID	Title
2011-11-19	77476	2011-4672	Valid tiny-erp _partner_list.php SearchField Parameter SQL Injection
2011-11-19	77477	2011-4672	Valid tiny-erp proioncategory_list.php SearchField Parameter SQL Injection
2011-11-19	77478	2011-4672	Valid tiny-erp _rantevou_list.php SearchField Parameter SQL Injection
2011-11-19	77479	2011-4672	Valid tiny-erp syncategory_list.php SearchField Parameter SQL Injection
2011-11-19	77480	2011-4672	Valid tiny-erp synallasomenos_list.php SearchField Parameter SQL Injection
2011-11-19	77481	2011-4672	Valid tiny-erp ypelaton_list.php SearchField Parameter SQL Injection
2011-11-19	77482	2011-4672	Valid tiny-erp yproion_list.php SearchField Parameter SQL Injection
2011-11-18	77250	2011-5110	Blogs manager _authors_list.php SearchField Parameter SQL Injection
2011-11-18	77251	2011-5110	Blogs manager _blogs_list.php SearchField Parameter SQL Injection
2011-11-18	77252	2011-5110	Blogs manager _category_list.php SearchField Parameter SQL Injection
2011-11-18	77253	2011-5110	Blogs manager _comments_list.php SearchField Parameter SQL Injection
2011-11-18	77254	2011-5110	Blogs manager _policy_list.php SearchField Parameter SQL Injection
2011-11-18	77255	2011-5110	Blogs manager _rate_list.php SearchField Parameter SQL Injection
2011-11-18	77256	2011-5110	Blogs manager categoriesblogs_list.php SearchField Parameter SQL Injection
2011-11-18	77257	2011-5110	Blogs manager chosen_authors_list.php SearchField Parameter SQL Injection
2011-11-18	77258	2011-5110	Blogs manager chosen_blogs_list.php SearchField Parameter SQL Injection
2011-11-18	77259	2011-5110	Blogs manager chosen_comments_list.php SearchField Parameter SQL Injection
2011-11-18	77260	2011-5110	Blogs manager help_list.php SearchField Parameter SQL Injection
2011-11-18	77244	2011-5109	Freelancer calendar category_list.php SearchField Parameter SQL Injection
2011-11-18	77245	2011-5109	Freelancer calendar Copy_of_calendar_list.php SearchField Parameter SQL Injection
2011-11-18	77246	2011-5109	Freelancer calendar customer_statistics_list.php SearchField Parameter SQL Injection
2011-11-18	77247	2011-5109	Freelancer calendar customer_list.php SearchField Parameter SQL Injection
2011-11-18	77248	2011-5109	Freelancer calendar task_statistics_list.php SearchField Parameter SQL Injection
2011-11-07	83322		LabStoRe index_short.php where_clause Parameter SQL Injection
2011-11-06	83323		LabStoRe index.php where_clause Parameter SQL Injection
2011-11-06	83324		LabStoRe index_long.php where_clause Parameter SQL Injection
2011-11-06	83325	2011-5183	OrderSys index_short.php where_clause Parameter SQL Injection
2011-11-06	83326	2011-5183	OrderSys index.php where_clause Parameter SQL Injection
2011-11-06	83327	2011-5183	OrderSys index_long.php where_clause Parameter SQL Injection
2011-11-06	76956		PHP Labware Multiple Product Multiple stocks/interface_creator/index.php where_clause Parameter SQL Injection
2011-11-06	76957		PHP Labware Multiple Product Multiple stocks/interface_creator/index_short.php where_clause Parameter SQL Injection
2011-11-06	76958		PHP Labware Multiple Product Multiple stocks/interface_creator/index_long.php where_clause Parameter SQL Injection
2011-08-14	74563		awiki index.php Multiple Parameter Arbitrary File Disclosure
2008-03-02	42689	2008-1170	KCWiki minimal/wiki.php page Parameter Remote File Inclusion
2008-03-02	42690	2008-1170	KCWiki simplest/wiki.php page Parameter Remote File Inclusion

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.