OSVDB: Open Sourced Vulnerability Database

Creditee: Aliaksandr Hartsuyeu

Known Contact Information:

(as of 2006-01-05)
(as of 2010-11-17)

Known Affiliations:

eVuln (as of 2006-01-05)

Disclosed Vulnerabilities (42):

Disc. Date	OSVDB ID	CVEID	Title
2011-02-03	71046	2011-1061	WSN Guest memberlist.php field Parameter SQL Injection
2011-02-02	71045	2011-1060	WSN Guest classes/member.php member() Function wsnuser Cookie SQL Injection
2011-01-14	72012		Alguest elimina.php elimina Parameter SQL Injection
2011-01-10	72058		WikLink editCategory.php fold Parameter SQL Injection
2011-01-10	72059		WikLink editSite.php site Parameter SQL Injection
2011-01-05	72013		WikLink getURL.php id Parameter SQL Injection
2011-01-03	72014		WikLink search.php q Parameter SQL Injection
2010-12-23	71812		Social Share search.php search Parameter XSS
2010-12-21	71820		Social Share functions.php Username Field SQL Injection Authentication Bypass
2010-12-20	71821		Social Share postview.php postid Parameter SQL Injection
2010-12-17	71819		Social Share save.php Multiple Parameter XSS
2010-12-17	71817		Social Share processPost.php Multiple Parameter XSS
2010-12-16	71823		slickMsg error.php error Parameter XSS
2010-12-10	71590		slickMsg views/Thread/display/top.php title Parameter XSS
2010-12-09	71588		WWWThreads showflat.pl view Parameter XSS
2010-12-02	71793		slickMsg views/Post/edit/form.php post Parameter XSS
2010-12-01	69637	2010-4407	AlGuest index.php Multiple Parameter XSS
2010-11-29	69786		BizDir bizdir.cgi f_srch Parameter XSS
2010-11-29	71679		Wernhart Guestbook insert.phtml Multiple Unspecified Parameter SQL Injection
2010-11-29	71680		Wernhart Guestbook select.phtml Multiple Unspecified Parameter SQL Injection
2010-11-26	69674		WWWThreads play.php act Parameter XSS
2010-11-25	69488	2010-4363 2010-4500	FreeTicket contact.php Multiple Parameter SQL Injection
2010-11-24	69461		SimpLISTic Mailing List Manager email.cgi email Parameter XSS
2010-11-24	69462	2010-4358	MCG GuestBook gb.cgi Multiple Parameter XSS
2010-11-22	71482		Hot Links Lite process.cgi Multiple Parameter XSS
2010-11-17	71483	2010-4848	AxsLinks addlink.php Multiple Parameter XSS
2010-11-16	69510	2010-4783	Easy Banner index.php Multiple Parameter XSS
2010-11-15	69511	2010-4784	Easy Banner member.php Multiple Parameter SQL Injection Authentication Bypass
2006-08-26	28838	2006-4503	NX5Linx link.php logo Parameter Traversal Arbitrary File Access
2006-02-04	23027	2006-0609	phphd add.php XSS
2006-02-04	23006	2006-0602	phphg Guestbook check.php username Variable POST Method SQL Injection
2006-02-04	23007	2006-0604	phphg Guestbook check.php Cookie Authentication Bypass
2006-02-04	23008	2006-0603	phphg Guestbook signed.php Multiple Parameter XSS
2006-02-04	23009	2006-0602	phphg Guestbook admin/edit_smilie.php id Parameter SQL Injection
2006-02-04	23010	2006-0602	phphg Guestbook admin/add_theme.php id Parameter SQL Injection
2006-02-04	23011	2006-0602	phphg Guestbook admin/ban_ip.php id Parameter SQL Injection
2006-02-04	23012	2006-0602	phphg Guestbook admin/add_lang id Parameter SQL Injection
2006-02-04	23013	2006-0602	phphg Guestbook admin/edit_filter id Parameter SQL Injection
2006-01-09	22296	2006-0156	foxrum url BBcode XSS
2006-01-05	22256	2006-0102	TinyPHPForum action.php txt Parameter XSS
2006-01-05	22257	2006-0103	TinyPHPForum /users/ Directory User Information Disclosure
2006-01-05	22258	2006-0104	TinyPHPForum profile.php uname Variable Traversal Arbitrary File Manipulation

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.