OSVDB: Open Sourced Vulnerability Database

Creditee: Brendan Coles

Known Contact Information:

(as of 2011-03-24)

Known Affiliations:

IT Security Solutions (as of 2011-02-08)

Disclosed Vulnerabilities (92):

Disc. Date	OSVDB ID	CVEID	Title
2013-02-26	90645		Kordil EDMS users_add.php File Upload Arbitrary Code Execution
2013-01-22	89529	2013-0232	ZoneMinder includes/actions.php packageControl Function Multiple Parameter Remote Command Execution
2012-12-25	88751		eXtplorer users.php ext_find_user() Function Unspecified Authentication Bypass
2012-09-21	85654		Zen Load Balancer content2-2.cgi Multiple Parameter Remote Command Execution
2012-09-21	85690		Zen Load Balancer Multiple Directory Permissions Weakness Information Disclosure
2012-09-21	85692		Zen Load Balancer content3-2.cgi if Parameter Remote Command Execution
2012-09-21	85691		Zen Load Balancer upload.cgi Arbitrary File Upload
2012-08-30	85078		SugarCRM Logging Functionality Log File Rename Arbitrary Code Execution
2012-08-30	85111		SugarCRM cache/include/externalAPI.cache.js File Direct Request Path Disclosure
2012-08-30	85081		SugarCRM ical_server.php User Schedule Disclosure
2012-08-30	85080		SugarCRM index.php File Handling XSS
2012-08-30	85079		SugarCRM index.php JSON Query Parsing Password Hash Disclosure
2012-08-30	85112		SugarCRM vcal_server.php Username / Email Address Enumeration
2012-08-30	85068		SugarCRM index.php group Parameter SQL Injection
2012-08-13	84712	2012-2275	TestLink Admin User Creation CSRF
2012-08-13	84711		TestLink Audit Log Session Identifier Disclosure
2012-08-13	84713		TestLink sysinfo.php Direct Request Information Disclosure
2012-08-13	85446		TestLink /upload_area/nodes_hierarchy/ Arbitrary File Upload Weakness
2012-08-12	85346		WAN Emulator URI XSS
2012-08-12	85344		WAN Emulator dosu Setuid File Privilege Escalation
2012-08-12	85345		WAN Emulator result.php pc Parameter Arbitrary Command Execution
2012-07-30	84411		Zenoss zport/dmd/Events/Status/Snmp/eventClassStatus sortedSence Parameter XSS
2012-07-30	84417		Zenoss zport/acl_users/cookieAuthHelper/login came_from Parameter Arbitrary Site Redirect
2012-07-30	84415		Zenoss zport/About/viewDaemonLog daemon Parameter Traversal Arbitrary .log File Access
2012-07-30	84414		Zenoss zport/About/viewDaemonConfig daemon Parameter Traversal Arbitrary .conf File Access
2012-07-30	84413		Zenoss zport/About/editDaemonConfig daemon Parameter Traversal Arbitrary .conf File Manipulation
2012-07-30	84408		Zenoss zport/About/showDaemonXMLConfig daemon Parameter Popen() Call Remote Shell Command Execution
2012-07-30	84412		Zenoss zport/dmd/Events/Users/eventClassStatus sortedSence Parameter XSS
2012-07-30	84410		Zenoss zport/dmd/backupInfo sortedSence Parameter XSS
2012-07-30	84409		Zenoss zport/dmd/ZenEventManager/listEventCommands sortedSence Parameter XSS
2012-07-30	84416		Zenoss Multiple Function CSRF
2012-07-30	84407		Zenoss zport/RenderServer/plugin name Parameter Traversal Arbitrary .py File Upload
2012-07-01	84302		CuteFlow pages/editfield.php Multiple Parameter XSS
2012-07-01	84289		CuteFlow pages/restart_circulation_values_write.php File Upload PHP Code Execution
2012-07-01	84293		CuteFlow pages/editslot.php slotid Parameter SQL Injection
2012-07-01	84301		CuteFlow pages/edittemplate_step2.php templateid Parameter SQL Injection
2012-07-01	84300		CuteFlow pages/editmailinglist_step2.php templateid Parameter SQL Injection
2012-07-01	84299		CuteFlow pages/editcirculation.php Multiple Parameter XSS
2012-07-01	84298		CuteFlow pages/editmailinglist_default.php Multiple Parameter XSS
2012-07-01	84295		CuteFlow pages/edittemplate_step1.php Multiple Parameter XSS
2012-07-01	84292		CuteFlow pages/showmaillist.php Multiple Parameter XSS
2012-07-01	84291		CuteFlow pages/showtemplates.php Multiple Parameter XSS
2012-07-01	84290		CuteFlow pages/writeuser.php Direct Request Admin Addition
2012-07-01	84294		CuteFlow pages/showuser.php Multiple Parameter XSS
2012-07-01	84297		CuteFlow pages/editmailinglist_step1.php Multiple Parameter XSS
2012-07-01	84296		CuteFlow pages/editslot.php Multiple Parameter XSS
2012-02-29	79740		BrewBlogger index.php Arbitrary File Upload
2011-06-24	73343		ActivDesk search.cgi Multiple Parameter XSS
2011-06-24	73344		ActivDesk kbcat.cgi cid Parameter SQL Injection
2011-06-24	73345		ActivDesk kb.cgi kid Parameter SQL Injection
2011-06-23	73262		BrewBlogger sections/reference.inc.php Multiple Parameter SQL Injection
2011-06-23	73261		BrewBlogger index.php style Parameter XSS
2011-06-23	73263		BrewBlogger Multiple Script Direct Request Path Disclosure
2011-03-24	73513		Cachelogic Expired Domains Script index.php Script Multiple Parameter Malformed Input Path Disclosure
2011-03-24	73514		Cachelogic Expired Domains Script stats.php Multiple Parameter XSS
2011-03-24	73515		Cachelogic Expired Domains Script index.php ncharacter Parameter SQL Injection
2011-02-08	70928	2011-0446	Ruby on Rails mail_to Helper Multiple Parameter XSS
2010-12-03	69742		phpRechnung user/info.php Multiple Parameter XSS
2010-12-03	69722		phpRechnung user/edit.php Multiple Parameter XSS
2010-12-03	69723		phpRechnung user/delete.php Multiple Parameter XSS
2010-12-03	69724		phpRechnung user/new.php Multiple Parameter XSS
2010-12-03	69725		phpRechnung user/search.php Multiple Parameter XSS
2010-12-03	69708		phpRechnung user/help.php Multiple Parameter XSS
2010-12-03	69709		phpRechnung message/new.php Multiple Parameter XSS
2010-12-03	69710		phpRechnung message/search.php Multiple Parameter XSS
2010-12-03	69711		phpRechnung message/help.php Multiple Parameter XSS
2010-12-03	69712		phpRechnung user/list.php Multiple Parameter XSS
2010-12-03	69713		phpRechnung message/list.php Multiple Parameter XSS
2010-12-03	69714		phpRechnung config/list.php Multiple Parameter XSS
2010-12-03	69715		phpRechnung message/info.php Multiple Parameter XSS
2010-12-03	69716		phpRechnung message/edit.php Multiple Parameter XSS
2010-12-03	69717		phpRechnung message/delete.php Multiple Parameter XSS
2010-12-03	69718		phpRechnung config/info_company.php Multiple Parameter XSS
2010-12-03	69719		phpRechnung config/info_pdf.php Multiple Parameter XSS
2010-12-03	69720		phpRechnung config/info.php Multiple Parameter XSS
2010-12-03	69721		phpRechnung config/edit.php Multiple Parameter XSS
2010-12-03	69741		phpRechnung user/edit.php userID Parameter SQL Injection
2010-12-03	69740		phpRechnung user/info.php userID Parameter SQL Injection
2010-12-03	69739		phpRechnung message/edit.php messageID Parameter SQL Injection
2010-12-03	69738		phpRechnung message/info.php messageID Parameter SQL Injection
2010-12-03	69737		phpRechnung config/edit.php settingID Parameter SQL Injection
2010-12-03	69736		phpRechnung position/edit.php posID Parameter SQL Injection
2010-12-03	69735		phpRechnung position/info.php posID Parameter SQL Injection
2010-12-03	69734		phpRechnung invoice/posedit.php tmpPosID Parameter SQL Injection
2010-12-03	69733		phpRechnung invoice/info.php invoiceID Parameter SQL Injection
2010-12-03	69732		phpRechnung posgroup/info.php posgroupID Parameter SQL Injection
2010-12-03	69731		phpRechnung cashbook/info.php cashbookID Parameter SQL Injection
2010-12-03	69730		phpRechnung syslog/info.php syslogID Parameter SQL Injection
2010-12-03	69729		phpRechnung methodofpayment/info.php methodofpayID Parameter SQL Injection
2010-12-03	69728		phpRechnung cashbook/info.php cashbookID Parameter SQL Injection
2010-12-03	69727		phpRechnung offer/info.php offerID Parameter SQL Injection
2010-12-03	69726		phpRechnung offer/print_pdf.php offerID Parameter SQL Injection

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.