OSVDB: Open Sourced Vulnerability Database

Creditee: EgiX

Known Contact Information:

(as of 2007-07-29)

Known Affiliations:

Karma(In)Security (as of 2013-01-28)

Disclosed Vulnerabilities (96):

Disc. Date	OSVDB ID	CVEID	Title
2013-04-26	92755	2013-3242	Joomla! /plugins/system/remember/remember.php plgSystemRemember::onAfterInitialise() Method Object Unserialization
2013-02-27	89852	2013-1453	Joomla! Search Term Encoding highlight.php PlgSystemHighlight::onAfterDispatch() Method Unserialization Issue
2013-02-06	89923	2013-1465	CubeCart cubecart.class.php Cubecart::_basket() Method shipping Parameter unserialize() Call Remote PHP Object Manipulation
2013-01-28	89662	2013-1412	DataLife Engine preview.php catlist Parameter Remote Code Execution
2012-12-23	88671	2012-0911	Tiki Wiki CMS unserialize() Function Remote Code Execution
2012-10-26	86702	2012-5692	IP.Board admin/sources/base/core.php IPSCookie::get() Method Arbitrary PHP Code Execution
2012-10-25	86618	2012-0911	Tiki Wiki CMS Serialized Object Handling __destruct() Method Arbitrary Code Execution
2012-07-04	83534	2012-0911	Tiki Wiki CMS Multiple Script unserialize() Function Remote Code Execution
2012-07-04	83533	2012-3996	Tiki Wiki CMS Multiple Script Direct Request Path Disclosure
2012-06-23	83361	2012-0694	SugarCRM Multiple Script unserialize() Function Arbitrary PHP Code Execution
2012-04-23	81329	2012-1495	WebCalendar install/index.php Access Restriction Weakness Remote Code Execution
2012-04-23	81330	2012-1496	WebCalendar pref.php pref_THEME Parameter Local File Inclusion
2012-04-14	82108		phpMyFAQ Bundled ImageManager Unspecified Remote Code Execution
2012-03-23	80534	2012-1300	phpFox module.class.php Phpfox_Module::getComponent() Method Remote Code Execution
2012-02-03	78996	2012-1002	OpenConf author/edit.php pid Parameter SQL Injection
2012-01-23	78479	2012-1125 2012-5318	Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution
2012-01-21	78473	2012-1153	appRain CMF uploadify.php File Upload Remote PHP Code Execution
2011-12-22	78013	2011-4558	Tiki Wiki CMS/Groupware snarf_ajax.php PHP Code Execution CSRF
2011-12-07	77556		Traq admincp/common.php authenticate() Function Authentication Bypass Remote Code Execution
2011-11-30	77391	2011-4449	WikkaWiki /actions/files/files.php File Upload Remote PHP Code Execution
2011-11-30	77390	2011-4448	WikkaWiki /actions/usersettings/usersettings.php update Action default_comment_display Parameter SQL Injection
2011-11-30	77392	2011-4450	WikkaWiki /handlers/files.xml/files.xml.php Traversal Arbitrary File Deletion
2011-11-30	77393	2011-4451	WikkaWiki /libs/Wakka.class.php logSpam() Function Remote Code Execution
2011-11-30	77394	2011-4452	WikkaWiki User Deletion CSRF
2011-11-23	77261	2011-4453	PmWiki pagelist Directive order Parameter create_function() Remote PHP Code Execution
2011-11-19	77215	2011-4337	Support Incident Tracker (SiT!) translate.php Remote Code Execution
2011-11-19	79170	2011-5075	Support Incident Tracker (SiT!) translate.php Direct Request Path Disclosure
2011-11-16	77162	2011-5147	FreeWebshop.org ajax_save_name.php Remote Code Execution
2011-11-13	77091		Zingiri Web Shop Plugin for WordPress /tiny_mce/plugins/ajaxfilemanager/ajax_file_cut.php selectedDoc[] Parameter Remote PHP Code Execution
2011-11-04	76928	2011-4825	Ajax File and Image Manager /ajaxfilemanager/ajax_create_folder.php Unspecified Multiple Parameter Remote PHP Code Execution
2011-10-26	76752		eFront www/editor/tiny_mce/plugins/save_template/save_template.php templateName Parameter Traversal Arbitrary File Creation
2011-10-26	76753		eFront libraries/filesystem.class.php Capitalized Extension File Upload Arbitrary PHP Code Execution
2011-10-26	76754		eFront www/periodic_updater.php HTTP_REFERER Parameter SQL Injection
2011-10-26	76755		eFront www/js/LMSFunctions.php view_unit Parameter SQL Injection
2011-10-26	76756		eFront www/send_notifications.php sent_notification_id Parameter SQL Injection
2011-10-26	76757		eFront www/index.php cookie_login Cookie EfrontUserFactory::factory() Method Remote Admin Authentication Bypass
2011-10-26	76758		eFront www/student.php Multiple Parameter EfrontCourse::checkRules() Method Arbitrary PHP Code Execution
2011-10-25	76642	2011-4825	phpMyFAQ admin/editor/plugins/ajaxfilemanager/ajax_create_folder.php POST Request Parsing Remote PHP Code Execution
2011-10-23	76594	2011-4075	phpLDAPadmin cmd.php orderby Parameter Arbitrary PHP Code Execution
2011-10-18	76662		Dolphin member_menu_queries.php bubbles Parameter eval() Call Remote PHP Code Execution
2011-09-30	79404		Feed on Feeds feed_order Parameter create_function() Remote PHP Code Execution
2011-09-16	75723		JAKCMS js/editor/plugins/jakadminexplorer/index.php Authentication Bypass
2011-09-16	75724		JAKCMS js/editor/plugins/jakadminexplorer/php/action.php File Upload Arbitrary PHP Code Execution
2011-07-06	73609		WeBid converter.php Multiple Parameter Remote PHP Code Injection
2011-07-06	73608		WeBid Multiple Script WEBID_ONLINE Cookie SQL Injection
2011-07-05	73606		WeBid feedback.php auction_id Parameter SQL Injection
2011-07-05	73607		WeBid logout.php WEBID_RM_ID Cookie SQL Injection
2011-07-05	73610		WeBid index.php lan Parameter Traversal Local File Inclusion
2011-07-05	73732		WeBid USERLANGUAGE Cookie Traversal Local File Inclusion
2010-10-28	79403		RoSPORA index.php create_function() Remote PHP Code Execution
2009-05-08	54368	2009-1911	QuiXplorer admin/index.php lang Parameter Traversal Local File Inclusion
2009-05-08	54436	2009-1911	TinyWebGallery /admin/_include/init.php lang Parameter Traversal Local File Inclusion
2009-04-27	79402		LightBlog register.php Multiple Parameter Remote PHP Code Injection
2009-04-21	53888		Dokeos whoisonline.php tablename_column Parameter Arbitrary PHP Code Execution
2009-04-07	53460		Lanius CMS includes/upload.php File Upload Arbitrary PHP Code Execution
2009-03-25	53491		PHPizabi index.php File Upload Arbitrary PHP Code Execution
2008-10-20	49431	2008-6178	Nuke Et FCKEditor connectors/php/commands.php Unrestricted File Upload
2008-10-16	49157	2008-4687	Mantis manage_proj_page.php sort Parameter Arbitrary PHP Code Execution
2008-10-14	49161		PhpWebGallery comments.php sort_by Parameter SQL Injection
2008-10-14	49162	2008-4645	PhpWebGallery plugins/event_tracer/event_list.php create_function Function Arbitrary PHP Code Execution
2008-10-01	48797	2008-6132	phpScheduleIt PHP reserve.php start_date Parameter eval() Arbitrary Code Injection
2008-10-01	52292	2009-0820	phpScheduleIt PHP check.php Multiple Parameter eval() Arbitrary Code Injection
2008-09-30	48656	2008-4453	GdPicture Pro Imaging SDK GdPicturePro5S.Imaging ActiveX (gdpicturepro5s.ocx) SaveAsPDF Method Arbitrary File Overwrite
2008-09-30	48657	2008-4453	GdPicture Light Imaging Toolkit GdPicture4S.Imaging ActiveX (gdpicture4s.ocx) SaveAsPDF Method Arbitrary File Overwrite
2008-09-21	48654	2008-5967	PHP iCalendar admin/index.php Arbitrary File Upload
2008-07-31	47250	2008-3486	Coppermine Photo Gallery include/functions.inc.php _data Cookie lang Parameter Traversal Local File Inclusion
2008-07-31	47353	2008-3481	Coppermine Photo Gallery themes/sample/theme.php Direct Request Error Message Path Disclosure
2008-06-25	47053	2008-3118	PHPmotion play.php vid Parameter SQL Injection
2008-06-25	47848	2008-3117	PHPmotion update_profile.php Unrestricted File Upload Arbitrary Code Execution
2008-06-12	46146	2008-2742	Achievo mcpuk File Editor connectors/php/config.php Multiple File Extension Upload Arbitrary Code Execution
2008-06-09	46644	2008-2686	Flux CMS webinc/bxe/scripts/loadsave.php Request Body PHP File Overwrite Arbitrary Code Execution
2008-05-29	54039		CMS from Scratch FCKEditor connectors/php/upload.php Arbitrary File Upload
2008-05-19	53398	2008-6632	MercuryBoard func/login.php User-Agent HTTP Header SQL Injection
2008-05-12	45327	2008-2267	CMS Made Simple FileManager Module Postlet javaUpload.php Multiple File Extension Blacklist Bypass
2008-05-05	44797	2008-2194	DeluxeBB forums.php sort Parameter SQL Injection
2008-05-05	44798	2008-2195	DeluxeBB admincp.php Arbitrary PHP Code Execution
2008-04-08	52806	2008-6490	FLABER function/update_xml.php target_file Parameter Arbitrary File Overwrite
2008-04-07	52758	2008-6475	Drake CMS Guestbook Component index.php Via HTTP Header SQL Injection
2008-01-09	40138	2008-7153	Docebo lib.regset.php Accept-Language HTTP Header SQL Injection
2008-01-09	57703	2008-7154	Docebo class/class.conf_fw.php Direct Request Path Disclosure
2008-01-09	57704	2008-7154	Docebo class.module/class.event_manager.php Direct Request Path Disclosure
2008-01-09	57705	2008-7154	Docebo lib/lib.domxml5.php Direct Request Path Disclosure
2008-01-09	57706	2008-7154	Docebo menu/menu_over.php Direct Request Path Disclosure
2008-01-09	57707	2008-7154	Docebo class/class.conf_cms.php Direct Request Path Disclosure
2008-01-09	57708	2008-7154	Docebo lib/lib.compose.php Direct Request Path Disclosure
2008-01-09	57709	2008-7154	Docebo modules/chat/teleskill.php Direct Request Path Disclosure
2008-01-09	57710	2008-7154	Docebo class/class.admin_menu_cms.php Direct Request Path Disclosure
2008-01-03	40197	2008-0129	Site@School slideshow_full.php album_name Parameter SQL Injection
2007-12-30	39788	2007-6656	CMS Made Simple modules/TinyMCE/content_css.php templateid Parameter SQL Injection
2007-12-27	39759	2007-6622	ZeusCMS security.php Referer HTTP Header SQL Injection
2007-12-27	39760	2007-6623	ZeusCMS image_viewer.php dir Variable Arbitrary Directory Information Disclosure
2007-12-25	42662	2007-6550	PMOS Help Desk form.php options Array Variable Arbitrary PHP Code Execution
2007-12-25	39795	2007-6543	eSyndiCat Link Exchange Script suggest-link.php id Parameter SQL Injection
2007-10-10	40608	2007-5452	Php-Stats php-stats.recjs.php Multiple Parameter SQL Injection
2007-10-10	43480	2007-5453	Php-Stats _options Table php-stats-options Record Multiple Script Arbitrary Code Execution
2007-07-29	36286	2007-4053	LinPHA new_images.php order Parameter SQL Injection

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.