Vendor Dictionary: Carsten Schmitz

Carsten Schmitz

Short Name:	[None Entered]
Previous Names:	[None Entered]
URL:	[None Entered]
Email:	[None Entered]
Security URL:	[None Entered]
Security Email:	[None Entered]
Knowledge Base:	[None Entered]
Notes:	[No Notes]

Vulnerabilities by Vendor Product

Carsten Schmitz

Carsten Schmitz

LimeSurvey: 1.49RC2; OSVDB ID: 45792 LimeSurvey Root.php homedir Parameter Remote File Inclusion; OSVDB ID: 45793 LimeSurvey Writer.php homedir Parameter Remote File Inclusion; OSVDB ID: 45794 LimeSurvey PPS.php homedir Parameter Remote File Inclusion; OSVDB ID: 45795 LimeSurvey Worksheet.php homedir Parameter Remote File Inclusion; OSVDB ID: 45797 LimeSurvey Workbook.php homedir Parameter Remote File Inclusion; OSVDB ID: 45798 LimeSurvey Format.php homedir Parameter Remote File Inclusion; OSVDB ID: 45799 LimeSurvey BIFFwriter.php homedir Parameter Remote File Inclusion; OSVDB ID: 45796 LimeSurvey Parser.php homedir Parameter Remote File Inclusion; OSVDB ID: 45791 LimeSurvey File.php homedir Parameter Remote File Inclusion; 1.52+ 20071016; OSVDB ID: 37913 LimeSurvey classes/core/language.php rootdir Parameter Remote File Inclusion; 1.91+ build 11804; OSVDB ID: 80812 LimeSurvey save.php Multiple Parameter SQL Injection; 1.92+ Build 120815; OSVDB ID: 84838 LimeSurvey Unspecified XSS; 1.92+ Build 120822; OSVDB ID: 85239 LimeSurvey index.php redirect Parameter Arbitrary Site Redirect; 1.92+ Build 120822; OSVDB ID: 85240 LimeSurvey admin/admin.php Multiple Parameter SQL Injection; 1.92+ Build 120822; OSVDB ID: 85241 LimeSurvey index.php Multiple Parameter XSS; 1.91+ Build 12416; OSVDB ID: 79687 LimeSurvey admin/admin.php full_name Parameter XSS; OSVDB ID: 79688 LimeSurvey admin/admin.php id Parameter SQL Injection

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.