OSVDB: Open Sourced Vulnerability Database

Creditee: KedAns-Dz

Known Contact Information:

(as of 2011-04-22)
(as of 2011-04-23)
(as of 2011-04-24)
(as of 2012-02-12)

Known Affiliations:

Inj3ct0r 1337 Team (as of 2011-04-22)
Inj3ct0r 1337Team (as of 2011-04-24)

Disclosed Vulnerabilities (55):

Disc. Date	OSVDB ID	CVEID	Title
2013-04-18	92635		SWFUpload swfupload.swf buttonImageURL Parameter Image Content Spoofing
2013-04-06	92235		EasyPHP /home/codetester.php Remote Code Execution
2013-04-06	92234		EasyPHP /home/index.php to Parameter Admin Panel Authentication Bypass
2013-04-06	92233		EasyPHP /home/phpinfo.php Direct Request Information Disclosure
2013-03-11	91209		PHPBoost /phpboost/news/management.php File Upload Arbitrary Code Execution
2013-03-11	91208		PHPBoost /phpboost/user/ url Parameter Malformed Input Information Disclosure
2013-01-21	89603		Gary's Cookbook Component for Joomla! index.php File Upload Arbitrary Code Execution
2013-01-15	89434		phpLiteAdmin /phpliteadmin.php table Parameter SQL Injection
2013-01-15	89433		phpLiteAdmin Default Admin Password
2013-01-15	89432		phpLiteAdmin /phpliteadmin.php Crafted File Importing Path Disclosure
2013-01-14	89557		Nibbleblog /admin/ajax/uploader.php Direct Request Path Disclosure
2013-01-14	89412		Nibbleblog /admin.php File Upload Arbitrary Code Execution
2013-01-02	88952		Drupal getimagesize() Function Uploaded Image Handling Information Disclosure
2012-06-14	83030		Katalyst Timthumb Plugin for WordPress wp-content/plugins/katalyst-timthumb/timthumb.php File Upload PHP Code Execution
2012-06-12	82988		Zimplit zimplit.php File Upload PHP Code Execution
2012-06-11	82912		Bearleague (JoomSport) Component for Joomla! includes/func.php query Parameter SQL Injection
2012-06-11	82911		Bearleague (JoomSport) Component for Joomla! includes/imgres.php File Upload PHP Code Execution
2012-06-10	82909		fileManager Module for Xoops Cube xupload.php File Upload PHP Code Execution
2012-06-08	82828		SS-Downloads Plugin for WordPress wp-config.php Disclosure CSRF
2012-06-08	82829		ImageDrop Plugin for WordPress ImageDrop.php Multiple Parameter SQL Injection
2012-06-08	82837		WP Easy Gallery Plugin for WordPress admin/add-gallery.php File Upload PHP Code Execution
2012-06-04	82635		Zoph Multiple Function CSRF
2012-06-04	82625		Zoph photo.php photo_id Parameter SQL Injection
2012-06-04	82634		Zoph download.php _filename Parameter Arbitrary File Access
2012-06-03	82616		AdaptCMS TinyURL Plugin index.php id Parameter SQL Injection
2012-06-03	82615		TYPO3 File Upload CSRF
2012-06-03	82617		AdaptCMS TinyURL Plugin admin.php Multiple Parameter SQL Injection
2012-06-03	82638		TinyCMS admin/admin.php do Parameter Traversal Local File Inclusion
2012-06-03	82648		TinyCMS index.php page Parameter Traversal Local File Inclusion
2012-06-03	82649		TinyCMS File Upload CSRF
2012-05-29	82398		VamCart tinybrowser.php File Upload CSRF
2012-05-25	82518		DynPage Multiple File Upload CSRF
2012-05-25	82407		DornCMS add_page.php File Upload PHP Code Execution
2012-05-21	82440		concrete5 concrete/js/tiny_mce/plugins/spellchecker/rpc.php Remote DoS
2012-05-20	82442		concrete5 FlashUploader Arbitrary SWF File Upload
2012-05-20	82486		Ajaxmint Gallery Admin Password Manipulation CSRF
2012-04-19	81264		PG-MailingList cgi-bin/pg-mailinglist.pl optout Parameter Script Code Insertion CSRF
2012-03-30	80768	2012-5893	Havalite CMS hava_upload.php Arbitrary File Upload
2012-03-30	80769	2012-5894	Havalite CMS hava_post.php postId Parameter SQL Injection
2012-03-30	80770	2012-5892	Havalite CMS data/havalite.db3 CONFIG Database Information Disclosure
2012-03-30	80772		GetSimple CMS backups/pages/ Backup Information Disclosure
2012-03-30	80771		GetSimple CMS admin/filebrowser.php Arbitrary File Upload
2012-02-29	79741		BrewBlogger includes/upload_image.inc.php Arbitrary File Upload
2012-02-29	79742		BrewBlogger index.php Admin Password Manipulation CSRF
2012-02-12	79218	2012-1216	PBBoard admin.php Admin Password Manipulation CSRF
2012-01-15	91171		KindEditor kindeditor/examples/uploadbutton.html File Upload Arbitrary Code Execution
2011-05-23	73265		MidiCMS Website Builder Page Deletion CSRF
2011-05-23	73266		MidiCMS Website Builder admin/jscripts/tiny_mce/plugins/ezfilemanager/index.php Arbitrary File Upload
2011-05-22	73276		chillyCMS Database Backup Insecure Permissions Information Disclosure
2011-05-11	72367		GuppY Admin Email Address Manipulation CSRF
2011-05-09	72237		ZAPms zap/index.php nick Parameter SQL Injection
2011-05-08	72224		FestOS admin/includes/tiny_mce/plugins/tinybrowser/upload.php File Upload Arbitrary PHP Code Execution
2011-04-24	72015		EasyPHP DLL File Permissions Weakness Local Privilege Escalation
2011-04-23	71995		Ariadne CMS Admin Password Manipulation CSRF
2011-04-22	71982		Pulse CMS data/backups Directory Direct Request Information Disclosure

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.