OSVDB: Open Sourced Vulnerability Database

Creditee: Akastep

Known Contact Information:

None at this time

Known Affiliations:

Inj3ct0r 1337Team (as of 2013-01-02)

Disclosed Vulnerabilities (118):

Disc. Date	OSVDB ID	CVEID	Title
2013-05-12	93464		Avira AntiVir Personal Unquoted Search Path Local Privilege Escalation Weakness
2013-04-09	92200		MiniWeb HTTP Server Non-existent Directory Arbitrary File Upload
2013-04-09	92198		MiniWeb HTTP Server filename Parameter Traversal Arbitrary File Upload
2013-04-05	92078		Easy FTP Server Crafted Request Handling Resource Consumption Remote DoS
2013-04-01	91978		TinyWeb Malformed HTTP Request Remote DoS
2013-03-14	91289		ClipShare /siteadmin/login.php Plaintext Password Disclosure
2013-03-14	91288		ClipShare /ugroup_videos.php urlkey Parameter SQL Injection
2013-02-19	90373		CKEditor /admin/ckeditor/samples/sample_posteddata.php Malformed Input Path Disclosure
2013-02-19	90372		CKEditor /admin/ckeditor/samples/sample_posteddata.php Script Insertion CSRF
2013-02-05	89960		Glossword gw_admin.php Avatar Settings File Upload Arbitrary Code Execution
2013-02-05	89884		Glossword /glosslatest/glossword/1.8/gw_admin.php a Parameter XSS
2013-02-05	89883		Glossword Predictable User Database Backup Remote Disclosure
2013-02-05	89882		Glossword gw_admin/login.php arPost[user_name] Parameter SQL Injection
2013-02-05	89881		Glossword gw_admin.php User Database Remote Disclosure CSRF
2013-01-25	89629		PHP Weby Directory Software contact.php subject Parameter SQL Injection
2013-01-25	89609		PHP Weby Directory Software Admin Account Manipulation CSRF
2013-01-16	89334		php-Charts wizard/url.php eval() Call Remote PHP Code Execution
2013-01-08	89056		MotoCMS admin/data/users.xml Access Restriction Weakness Information Disclosure
2013-01-08	89411		XML Sitemap Generator Plugin for WordPress XML File Overwrite Arbitrary Code Execution
2013-01-06	88955		Spam Free Plugin for WordPress IP Blocklist Restriction Bypass
2013-01-06	88954		Spam Free Plugin for WordPress Multiple Script Direct Request Path Disclosure
2013-01-02	88905		osTicket Admin User Creation CSRF
2013-01-02	88951		osTicket l.php url Parameter Arbitrary Site Redirect
2013-01-02	88950		osTicket tickets.php status Parameter XSS
2013-01-02	88949		osTicket Multiple Script Path Disclosure
2013-01-02	88948		osTicket scp/departments.php ids Parameter SQL Injection
2013-01-02	88947		osTicket scp/templates.php ids Parameter SQL Injection
2013-01-02	88946		osTicket scp/teams.php ids Parameter SQL Injection
2013-01-02	88945		osTicket scp/syslogs.php ids Parameter SQL Injection
2013-01-02	88944		osTicket scp/helptopics.php ids Parameter SQL Injection
2013-01-02	88943		osTicket scp/groups.php ids Parameter SQL Injection
2013-01-02	88942		osTicket scp/filters.php ids Parameter SQL Injection
2013-01-02	88941		osTicket include/class.faq.php ids Parameter SQL Injection
2013-01-02	88940		osTicket scp/emails.php ids Parameter SQL Injection
2013-01-02	88939		osTicket scp/categories.php ids Parameter SQL Injection
2013-01-02	88938		osTicket scp/canned.php ids Parameter SQL Injection
2013-01-02	88937		osTicket scp/banlist.php ids Parameter SQL Injection
2013-01-02	88936		osTicket scp/apikeys.php ids Parameter SQL Injection
2013-01-02	88906		osTicket scp/kb.php canned[] Parameter SQL Injection
2013-01-02	88935		osTicket l.php url Parameter XSS
2013-01-02	88934		osTicket directory.php q Parameter XSS
2013-01-02	88933		osTicket scp/slas.php ids Parameter SQL Injection
2013-01-02	88932		osTicket scp/staff.php ids Parameter SQL Injection
2013-01-01	88927		Sahifa Theme for WordPress Site Setting Reset CSRF
2013-01-01	88926		Sahifa Theme for WordPress Multiple Script Path Disclosure Direct Request Path Disclosure
2012-12-03	88123		Newscoop /admin/password_recovery.php f_email Parameter SQL Injection
2012-12-03	88122		Newscoop /admin/login.php request Parameter Malformed Input Path Disclosure
2012-11-26	88259		Incomedia WebSite X5 Evolution /imsearch.php search Parameter XSS
2012-11-26	88258		Incomedia WebSite X5 Evolution /admin/checkaccess.php Authentication Bypass
2012-11-23	87845		Greenstone cgi-bin/library.cgi Log File Content Injection Weakness
2012-11-23	87844		Greenstone Multiple Password File Direct Request Credentials Disclosure
2012-11-23	87843		Greenstone cgi-bin/library.cgi Multiple Parameter XSS
2012-11-23	87842		Greenstone Password Static Salt Weakness
2012-10-16	86407		Videosmate Organizer admin/admin.php Client Side JavaScript Authentication Bypass
2012-09-22	85731	2012-4448	WordPress Incoming Link Feed URL Manipulation CSRF
2012-09-02	85170		Sciretech Multimedia Manager index.php Multiple Parameter SQL Injection
2012-09-02	85169		Sciretech Multimedia Manager Uninstall Application CSRF
2012-06-21	83088		Traq admincp/plugins.php plugin Parameter XSS
2012-06-21	83090		Traq SQL Query Manipulation CSRF
2012-06-17	83282		Annexwaretexolution administrator/loginshed.php Login Field SQL Injection Authentication Bypass
2012-05-27	82283		AzDGDatingMedium include/config.inc.php Plaintext Admin Password Disclosure
2012-05-27	82504		Santilga CMS AdminLogin.php Login Field SQL Injection Authentication Bypass
2012-05-27	82284		AzDGDatingMedium /admin/index.php Arbitrary PHP Code Execution CSRF
2012-05-27	82282		AzDGDatingMedium admin/index.php Multiple Parameter XSS
2012-05-27	82281		AzDGDatingMedium admin/index.php fromid Parameter SQL Injection
2012-05-27	82519		Santilga CMS /admin/news/edit/ Arbitrary News Article Manipulation CSRF
2012-05-23	82095		RuubikCMS ruubikcms/tiny_mce/plugins/tinybrowser/edit.php feid Parameter XSS
2012-05-23	82096		RuubikCMS ruubikcms/tiny_mce/plugins/tinybrowser/upload.php feid Parameter XSS
2012-05-23	82097		RuubikCMS ruubikcms/tiny_mce/plugins/tinybrowser/edit.php Multiple Parameter XSS
2012-05-23	82572		Ajaxmint Gallery admin/index.php c Parameter Traversal Arbitrary Gallery Image Disclosure
2012-05-23	82094		RuubikCMS ruubikcms/tiny_mce/plugins/tinybrowser/folders.php feid Parameter XSS
2012-05-23	82573		Ajaxmint Gallery Appended Extension Arbitrary PHP File Upload
2012-05-19	82417		concrete5 index.php/tools/required/files/replace searchInstance Parameter XSS
2012-05-19	82419		concrete5 index.php/tools/required/files/edit searchInstance Parameter XSS
2012-05-19	82418		concrete5 index.php/tools/required/files/add_to searchInstance Parameter XSS
2012-05-19	82422		concrete5 index.php/tools/required/files/permissions searchInstance Parameter XSS
2012-05-19	82426		concrete5 index.php/tools/required/dashboard/sitemap_data.php Multiple Parameter XSS
2012-05-19	82425		concrete5 index.php/tools/required/files/search_dialog ocID Parameter XSS
2012-05-19	82549		concrete5 index.php/tools/required/files/customize_search_columns searchInstance Parameter XSS
2012-05-19	82427		concrete5 index.php/tools/required/files/delete_set searchInstance Parameter XSS
2012-05-19	82432		concrete5 Multiple Function CSRF
2012-05-19	82548		concrete5 Multiple Script Multiple Parameter Malformed Input Path Disclosure
2012-05-19	82420		concrete5 index.php/tools/required/files/search_results searchInstance Parameter XSS
2012-05-19	82438		concrete5 index.php/tools/required/sitemap_search_selector Multiple Parameter XSS
2012-05-19	82439		concrete5 index.php/tools/required/files/import Multiple Parameter XSS
2012-05-19	82424		concrete5 index.php/tools/required/files/bulk_properties searchInstance Parameter XSS
2012-05-19	82441		concrete5 files/tmp/ Direct Request Session File Information Disclosure
2012-05-10	82271	2012-2918	Chevereto Upload/engine.php v Parameter XSS
2012-05-10	82280	2012-2919	Chevereto Upload/engine.php v Parameter Traversal Arbitrary File Enumeration
2012-04-27	81612	2012-4251	MySQLDumper restore.php filename Parameter XSS
2012-04-27	81609	2012-4253	MySQLDumper install.php language Parameter Traversal Arbitrary File Access
2012-04-27	81610	2012-4251	MySQLDumper install.php Multiple Parameter XSS
2012-04-27	81611	2012-4251	MySQLDumper sql.php Multiple Parameter XSS
2012-04-27	81615	2012-4253	MySQLDumper filemanagement.php f Parameter Traversal Arbitrary File Access
2012-04-27	81616	2012-4254 2012-4255	MySQLDumper Multiple Script Direct Request Information Disclosure
2012-04-27	81613	2012-4252	MySQLDumper main.php Multiple Function CSRF
2012-04-27	81614		MySQLDumper File Upload PHP Code Execution
2012-04-27	84719	2012-4251	MySQLDumper index.php page Parameter XSS
2012-04-15	81124		Seditio system/common.php SQL Injection DoS
2012-04-12	81110		SF Quick Ban Plugin for Seditio User / Admin Banning CSRF
2012-04-12	81109		Seditio admin.php v Parameter SQL Injection
2012-04-12	81108		Seditio Plugin Uninstalling CSRF
2012-04-11	81107		Chat Plugin for Seditio Chat Deletion CSRF
2012-04-09	81083		Seditio Database Table Drop CSRF
2012-04-09	81084		Seditio Permissions Weakness Database Dump File Disclosure
2012-04-09	81082		Pm Okuma Sistemi (PmOS) Plugin for Seditio CMS plugins/pmoku/pmoku.admin.php Multiple Parameter XSS
2012-04-09	81092		PHP html_error file_get_contents Error Output XSS
2012-03-29	80688	2012-5914	Seditio forums.php Multiple Parameter XSS
2012-03-29	87737	2012-5916	Seditio system/install/install.parser.sql Direct Request Information Disclosure
2012-03-29	88143	2012-5915	Seditio Multiple Script Direct Request Remote Path Disclosure
2012-03-29	87736	2012-5916	Seditio docs/new/seditio-createnew-160.sql Direct Request Information Disclosure
2012-03-29	87735	2012-5916	Seditio docs/upgrade/sedito_convert_to_utf8.optional.sql Direct Request Information Disclosure
2012-03-12	80058		osFileManager Admin User Creation CSRF
2012-03-12	80057		osFileManager index.php d Parameter XSS
2012-03-08	80215		ToendaCMS setup/index.php site Parameter Traversal Local File Inclusion
2012-03-08	80214		ToendaCMS setup/index.php lang Parameter XSS
2012-03-05	80025		ZB BLOCK zbblock.php Multiple Header XSS
2011-10-16	82093		RuubikCMS extra/image.php f Parameter Traversal Arbitrary File Access

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.