Creditee: Russ McRee

Known Contact Information:

  • (as of 2008-01-14)

Known Affiliations:

Disclosed Vulnerabilities (237):

Disc. DateOSVDB IDCVEIDTitle
2012-03-02 79729 Redaxscript Arbitrary User Deletion CSRF
2012-01-09 78446 2012-0790 Smokeping smokeping_cgi displaymode Parameter XSS
2011-08-22 74805 2011-3392 Phorum control.php real_name Parameter XSS
2011-02-28 71229 Avactis Shopping Cart Admin User Creation CSRF
2011-02-19 71791 BoltWire index.php p Parameter XSS
2011-01-31 70940 Newscoop admin/login.php request Parameter XSS
2011-01-31 70942 Newscoop do_logon.php request Parameter XSS
2010-12-12 70220 Streber index.php from Parameter XSS
2010-11-27 70017 TheHostingTool admin/index.php Arbitrary Parameter SQL Injection
2010-11-27 70748 LightNEasy Mini LightNEasy.php Multiple Parameter XSS
2010-11-23 69472 TinyWebGallery admin/index.php Multiple Parameter XSS
2010-11-23 69473 TinyWebGallery index.php Multiple Parameter XSS
2010-11-23 69474 TinyWebGallery i_frames/i_tags.php Multiple Parameter XSS
2010-11-23 69475 TinyWebGallery i_frames/i_kommentar.php twg_name Parameter XSS
2010-11-23 69476 TinyWebGallery i_frames/i_info.php Multiple Parameter XSS
2010-11-23 69477 TinyWebGallery i_frames/i_login.php Multiple Parameter XSS
2010-11-23 69478 TinyWebGallery i_frames/i_optionen.php Multiple Parameter XSS
2010-11-23 69479 TinyWebGallery i_frames/i_privatelogin.php Multiple Parameter XSS
2010-11-23 69480 TinyWebGallery i_frames/i_rate.php Multiple Parameter XSS
2010-11-23 69481 TinyWebGallery i_frames/i_search.php Multiple Parameter XSS
2010-11-23 69482 TinyWebGallery i_frames/i_slideshowjquery.php Multiple Parameter XSS
2010-11-23 69483 TinyWebGallery i_frames/i_titel.php Multiple Parameter XSS
2010-11-23 69484 TinyWebGallery i_frames/i_top_tags.php Multiple Parameter XSS
2010-11-22 69406 Phire CMS phire/login.php Multiple Parameter XSS
2010-11-22 69407 Phire CMS phire/forgot.php email Parameter XSS
2010-11-22 69408 Phire CMS phire/content/pages.php Multiple Parameter SQL Injection
2010-11-22 69409 Phire CMS phire/core/process/add.page.php Multiple Parameter SQL Injection
2010-11-22 69410 Phire CMS phire/core/process/add.section.php Multiple Parameter SQL Injection
2010-11-22 69411 Phire CMS phire/core/process/add.template.php Multiple Parameter SQL Injection
2010-11-22 69412 Phire CMS phire/core/process/edit.section.php Multiple Parameter SQL Injection
2010-11-22 69413 Phire CMS phire/core/process/edit.template.php template_name Parameter SQL Injection
2010-11-22 69414 Phire CMS phire/core/process/remove.sections.php rm_sects[] Parameter SQL Injection
2010-11-22 69415 Phire CMS phire/core/process/remove.users.php rm_users[] Parameter SQL Injection
2010-11-22 69416 Phire CMS phire/core/process/edit.page.php page_url Parameter SQL Injection
2010-11-14 69366 WonderCMS index.php page Parameter XSS
2010-11-14 69367 WonderCMS index.php page Parameter Traversal Arbitrary File Access
2010-11-10 69113 2010-5088 SilverStripe Multiple Admin Function CSRF
2010-11-09 69892 Seo Panel includes/sp-common.php Multiple Parameter Direct Request Administrative Actions Access
2010-11-02 70760 SmarterTrack Multiple Unspecified Scripts SMSkin Cookie Parameter XSS
2010-11-01 69422 NibbleBlog Post Addition / Comment Deletion CSRF
2010-10-25 69369 The Bug Genie index.php scope Parameter XSS
2010-10-25 69372 The Bug Genie Admin Password Manipulation CSRF
2010-10-25 69370 The Bug Genie modules/search/search.php scope Parameter XSS
2010-10-25 69371 The Bug Genie modules/search/search_stripped.php scope Parameter XSS
2010-10-21 69345 KaiBB staff/index.php user Parameter XSS
2010-10-21 69346 KaiBB Admin Privilege Escalation CSRF
2010-10-21 69347 KaiBB staff/index.php a Parameter SQL Injection
2010-10-11 68646 2010-4147 Avactis Shopping Cart index.php HTTP User-Agent Header SQL Injection
2010-10-11 68647 2010-4147 Avactis Shopping Cart product-list.php HTTP User-Agent Header SQL Injection
2010-09-23 68940 4images Multiple Unspecified Function CSRF
2010-09-21 68184 SkyBlueCanvas Admin Interface User Password Manipulation CSRF
2010-09-20 68152 2010-3484
2010-3485
2010-4751
2010-4752		 LightNEasy LightNEasy.php Multiple Parameter SQL Injection
2010-09-19 68287 Pluck Arbitrary User Creation CSRF
2010-08-18 67234 InterPhoto Gallery mydesk.upload.php Arbitrary File Upload
2010-07-17 69900 Seo Panel directories.php Multiple Parameter XSS
2010-07-17 69901 Seo Panel users.php Multiple Parameter XSS
2010-07-12 66229 InterPhoto Gallery mydesk.edit.php User Password Change CSRF
2010-06-30 65829 2010-2594 Snare for Linux Agent Multiple Unspecified CSRF
2010-06-28 66194 OneCMS admin/admin.php [database_prefix]_username Cookie SQL Injection
2010-06-28 66195 OneCMS admin/files.php [database_prefix]_username Cookie SQL Injection
2010-06-28 66196 OneCMS admin/settings.php [database_prefix]_username Cookie SQL Injection
2010-06-28 66197 OneCMS admin/admin.php cat Parameter SQL Injection
2010-06-28 66198 OneCMS admin/admin.php cat Parameter XSS
2010-06-28 66199 OneCMS admin/admin.php URI XSS
2010-06-28 66200 OneCMS admin/ads.php URI XSS
2010-06-28 66201 OneCMS admin/affiliates.php URI XSS
2010-06-28 66202 OneCMS admin/comments.php URI XSS
2010-06-03 65089 2010-3694 Horde Groupware / Horde Groupware Webmail Edition Unspecified CSRF
2010-06-03 65091 2010-2281
2010-1515		 TomatoCMS index.php/admin/ad/banner/list Multiple Parameter XSS
2010-06-03 65092 2010-2281
2010-1515		 TomatoCMS index.php/admin/poll/add Multiple Parameter XSS
2010-06-03 65093 2010-2281
2010-1515		 TomatoCMS index.php/admin/category/add name Parameter XSS
2010-06-03 65094 2010-2282 TomatoCMS Admin Password Manipulation CSRF
2010-06-01 65633 eBox Platform Arbitrary User Creation CSRF
2010-05-23 65258 2010-2344 odCMS _main/index.php Page Parameter XSS
2010-05-23 65259 2010-2344 odCMS _members/index.php Page Parameter XSS
2010-05-23 65260 2010-2344 odCMS _forum/index.php Page Parameter XSS
2010-05-23 65261 2010-2344 odCMS _docs/index.php Page Parameter XSS
2010-05-23 65262 2010-2344 odCMS _announcements/index.php Page Parameter XSS
2010-05-19 64730 dradis XML File Upload XSS
2010-05-12 64554 2010-1996 TomatoCMS index.php/admin/poll/add content Parameter XSS
2010-05-12 64553 2010-1996 TomatoCMS index.php/admin/category/add meta Parameter XSS
2010-05-12 64552 2010-1996 TomatoCMS index.php/admin/tag/add keyword Parameter XSS
2010-03-03 62671 2010-1541 DFD Cart your.order.php category Parameter XSS
2010-03-03 62672 2010-1541 DFD Cart index.php Multiple Parameter XSS
2010-03-03 62973 Web Wiz Forums pm_add_buddy.asp CSRF
2010-03-03 62974 Web Wiz Forums pm_buddy_list.asp CSRF
2010-03-03 62975 Web Wiz Forums pm_delete_buddy.asp CSRF
2010-03-03 62976 Web Wiz Forums pm_message.asp CSRF
2010-03-03 62977 Web Wiz Forums pm_delete_message.asp CSRF
2010-03-03 62978 Web Wiz Forums pm_inbox.asp CSRF
2010-03-03 62979 Web Wiz Forums includes/message_form_inc.asp CSRF
2010-03-03 62980 Web Wiz Forums pm_new_message.asp CSRF
2010-03-03 62981 Web Wiz Forums pm_new_message_form.asp CSRF
2010-03-03 62982 Web Wiz Forums file_manager.asp CSRF
2010-03-03 62983 Web Wiz Forums file_delete.asp CSRF
2010-03-03 62984 Web Wiz Forums file_upload.asp CSRF
2010-03-03 62985 Web Wiz Forums email_notify_subscriptions.asp CSRF
2010-03-03 62986 Web Wiz Forums email_notify_remove.asp CSRF
2010-03-03 62987 Web Wiz Forums email_notify.asp CSRF
2010-03-03 62988 Web Wiz Forums ajax_email_notify.asp CSRF
2010-03-03 62989 Web Wiz Forums new_post.asp CSRF
2010-03-03 62990 Web Wiz Forums edit_post.asp CSRF
2010-03-03 62991 Web Wiz Forums new_reply_form.asp CSRF
2010-03-03 62992 Web Wiz Forums new_poll_form.asp CSRF
2010-03-03 62993 Web Wiz Forums new_reply_form.asp CSRF
2010-03-03 62994 Web Wiz Forums new_topic_form.asp CSRF
2010-03-03 62995 Web Wiz Forums edit_post_form.asp CSRF
2010-03-03 62996 Web Wiz Forums forum_posts.asp CSRF
2010-02-03 62099 2010-0637 WebCalendar Event Deletion CSRF
2010-02-03 62095 2010-0636 WebCalendar users.php tab Parameter XSS
2010-02-03 62096 2010-0636 WebCalendar day.php URI XSS
2010-02-03 62097 2010-0636 WebCalendar month.php URI XSS
2010-02-03 62098 2010-0636 WebCalendar week.php URI XSS
2009-12-14 61288 2009-1798
2009-4406		 APC NMC Multiple Products Forms/login1 Multiple Parameter XSS
2009-12-14 61289 2009-1797 APC NMC Multiple Products Admin User Creation CSRF
2009-12-02 60597 2009-4786 Pligg admin/admin_config.php HTTP Referer Header XSS
2009-12-02 60598 2009-4786 Pligg admin/admin_modules.php HTTP Referer Header XSS
2009-12-02 60599 2009-4786 Pligg delete.php HTTP Referer Header XSS
2009-12-02 60600 2009-4786 Pligg editlink.php HTTP Referer Header XSS
2009-12-02 60601 2009-4786 Pligg submit.php HTTP Referer Header XSS
2009-12-02 60602 2009-4786 Pligg submit_groups.php HTTP Referer Header XSS
2009-12-02 60603 2009-4786 Pligg user_add_remove_links.php HTTP Referer Header XSS
2009-12-02 60604 2009-4786 Pligg user_settings.php HTTP Referer Header XSS
2009-12-02 60605 2009-4787 Pligg Admin User Creation CSRF
2009-12-02 60606 2009-4788 Pligg pligg/login.php Arbitrary Site Redirect
2009-12-02 60607 2009-4788 Pligg pligg/user_settings.php Arbitrary Site Redirect
2009-11-23 60500 PHPizabi index.php Multiple Parameter XSS
2009-11-23 60501 PHPizabi Event Deletion CSRF
2009-09-30 58417 BIGACE Web CMS Admin Account Creation CSRF
2009-09-19 59078 2009-4555 AgoraCart protected/manager.cgi Setting Manipulation CSRF
2009-08-31 57574 2009-3120 BIGACE Web CMS public/index.php id Parameter XSS
2009-08-05 56791 2009-4994 SmarterTrack frmKBSearch.aspx search Parameter XSS
2009-08-05 56792 2009-4995 SmarterTrack frmTickets.aspx email address Parameter XSS
2009-07-20 56802 signkorn Guestbook admin/admin.php qc Parameter XSS
2009-07-20 56803 signkorn Guestbook Unspecified CSRF
2009-07-19 56804 2009-4979 Photokorn Gallery search.php Multiple Parameter SQL Injection
2009-07-19 56805 2009-4980 Photokorn Gallery admin/admin.php qc Parameter XSS
2009-07-19 56806 2009-4981 Photokorn Gallery Unspecified CSRF
2009-07-19 67706 2009-4980 Photokorn Gallery search.php where[] Parameter XSS
2009-06-30 56831 Application for Incident Response Teams (AIRT) incident.php status Parameter XSS
2009-06-30 56832 Application for Incident Response Teams (AIRT) users.php User Addition CSRF
2009-06-18 56346 concrete5 index.php/dashboard/users/search Multiple Parameter XSS
2009-06-18 56347 concrete5 index.php/dashboard/users/groups gKeywords Parameter XSS
2009-06-18 56348 concrete5 Search Block search_paths[] Parameter XSS
2009-06-18 56349 concrete5 Arbitrary User Account Deactivation CSRF
2009-06-04 54885 NETGEAR RP614 Multiple Unspecified Admin Function CSRF
2009-05-28 55728 ATutor Documentation Frameset documentation/index.php p Parameter Cross-site Framing
2009-05-20 54600 2009-1732 IPplan admin/usermanager grp Parameter XSS
2009-05-20 54601 2009-1733 IPplan Multiple Unspecified CSRF
2009-05-19 54798 2009-4941 ACollab sign_in.php f Parameter XSS
2009-05-19 54799 2009-4944 ACollab profile.php address Parameter XSS
2009-05-19 54800 2009-4944 ACollab events/add_event.php description Parameter XSS
2009-05-19 54801 2009-4942 ACollab Personal Agenda Item Addition CSRF
2009-04-16 54530 2009-2006 Dokeos main/auth/courses.php search_term Parameter XSS
2009-04-16 54531 2009-2006 Dokeos Personal Agenda Item Multiple Parameter XSS
2009-04-16 54532 2009-2005 Dokeos Personal Agenda Item Unspecified CSRF
2009-04-16 54533 2009-2006 Dokeos New Course Addition Multiple Parameter XSS
2009-04-16 54534 2009-2004 Dokeos main/mySpace/myStudents.php Multiple Parameter SQL Injection
2009-04-16 54535 2009-2006 Dokeos main/mySpace/myStudents.php Multiple Parameter XSS
2009-04-08 53418 OpenGoo index.php search_for Parameter XSS
2009-04-08 53419 OpenGoo Web Link Addition webpage[url] Parameter Arbitrary Code Injection
2009-04-08 55264 Interspire Website Publisher Arbitrary User Creation CSRF
2009-04-05 53414 2009-2073 Cisco Linksys WRT160N Admin Interface CSRF
2009-04-01 53780 2009-1454 WebCollab tasks.php selection Parameter XSS
2009-04-01 53781 2009-1455 WebCollab User Credential Manipulation CSRF
2009-03-15 53705 WikkaWiki wikka.php Multiple Parameter XSS
2009-03-15 53706 WikkaWiki wikka.php Multiple Parameter SQL Injection
2009-03-15 53707 WikkaWiki wikka.php Site Setting Manipulation CSRF
2009-03-08 52919 dotProject User Account Creation CSRF
2009-03-05 52853 e107 e107_admin/*.php Account Modification CSRF
2009-03-05 52854 e107 e107_admin/userclass2.php Multiple Parameter XSS
2009-03-05 52855 e107 e107_admin/meta.php meta_copyright Parameter XSS
2009-03-05 52856 e107 e107_admin/notify.php Multiple Parameter XSS
2009-03-05 52857 e107 e107_admin/language.php multilanguage_subdomain Parameter XSS
2009-02-28 53415 LinPHA actions/image_resized_view.php imgid Parameter XSS
2009-02-28 53416 LinPHA admin.php friend_full_name Parameter XSS
2009-02-28 53417 LinPHA admin.php Account Manipulation CSRF
2009-02-21 53683 2009-1320 Zazzle Store Builder include/zstore.php Multiple Parameter XSS
2009-01-28 51605 2009-0408 osCommerce Admin Account Creation CSRF
2008-12-30 51026 2008-6238 OpenEdit DAM archive/savedqueries/savequeryfinish.html name Parameter XSS
2008-12-30 51028 2008-6240 OpenEdit data/views/index.html catalogid Parameter XSS
2008-12-30 51027 2008-6239 OpenEdit DAM Unspecified CSRF
2008-11-11 49825 2008-5055 ActiveCampaign TrioLive index.php department_id Parameter SQL Injection
2008-11-10 49858 2008-5056 ActiveCampaign TrioLive index.php department_id Parameter XSS
2008-10-27 49659 2008-5786 Silva CMS SilvaFind Component fulltext Parameter XSS
2008-10-22 49490 2008-4898 RateMe Submit Rate Action Rate Parameter XSS
2008-10-22 49504 2008-4892 MyGallery gallery.inc.php mghash Parameter XSS
2008-10-22 49489 2008-4891 SignMe signme.inc.php hash Parameter XSS
2008-10-22 49491 2008-4899 RateMe Unspecified CSRF
2008-10-05 49463 CompactCMS admin/index.php Multiple Parameter XSS
2008-10-05 49464 2008-4909 CompactCMS Unspecified Arbitrary Page Deletion CSRF
2008-09-03 47946 2008-6969 Avactis Shopping Cart checkout.php Multiple Parameter XSS
2008-08-28 47842 2008-3886 dotProject index.php Multiple Parameter XSS
2008-08-10 47554 2008-3724 Papoo CMS index.php suchanzahl Parameter SQL Injection
2008-07-30 47202 2008-3393 BookMine events.cfm events_id Parameter SQL Injection
2008-07-30 47203 2008-3394 BookMine search.cfm Multiple Parameter XSS
2008-07-21 47083 2008-3340 Jobbex JobSite search_result.cfm searchFor Parameter XSS
2008-07-21 47084 2008-3341 Jobbex JobSite search_result.cfm Multiple Parameter SQL Injection
2008-06-19 46513 2008-2951 Trac quickjump Search Script q Parameter Arbitrary Site Redirect
2008-06-16 46150 2008-2923 Lyris ListManager read/search/results words Parameter XSS
2008-06-10 46050 2008-2675 PHP Image Gallery index.php action Parameter XSS
2008-05-28 45652 2008-2776 DT Centrepiece search.asp searchFor Parameter XSS
2008-05-28 45653 2008-2775 DT Centrepiece search.asp searchFor Parameter SQL Injection
2008-05-23 45616 2008-6434 Sava CMS index.cfm LinkServID Parameter SQL Injection
2008-05-23 45615 2008-6433 Sava CMS index.cfm keywords Parameter XSS
2008-05-20 45371 2008-2397 dotCMS search-results.dot search_query Parameter XSS
2008-05-15 45171 2008-2335 phpVID search_results.php query Parameter XSS
2008-05-13 45045 2008-2531 Build A Niche Store (BANS) search Script q Parameter XSS
2008-05-09 44876 2008-6654 InfoBiz Server search_results.php keywords Parameter XSS
2008-05-02 44946 2008-2052 Bitrix Site Manager redirect.php goto Variable Arbitrary Site Redirect
2008-04-23 44567 2008-1953 Magnolia Sitedesigner Search Template query Parameter XSS
2008-04-22 44474 2008-1960 ContRay cgi-bin/contray/search.cgi search Parameter XSS
2008-04-15 44373 2008-1839 WORK system e-commerce module/main.php Multiple Parameter XSS
2008-04-04 44014 e-Classifieds hsx/classifieds.hsx db Parameter XSS
2008-04-03 43984 2008-1698 Simple Gallery index.php album Parameter XSS
2008-04-03 44000 2008-1793 Smart Classified ADS view.cgi Multiple Parameter XSS
2008-04-03 44001 2008-1793 Smart Photo ADS view.cgi Multiple Parameter XSS
2008-03-31 43894 2008-1634 JV2 Folder Gallery index.php image Parameter XSS
2008-03-31 43909 2008-1636 JV2 Quick Gallery index.php f Parameter XSS
2008-03-24 43688 2008-1536 Photo Cart index.php amessage Parameter XSS
2008-03-13 43110 2008-1342 Polymita Multiple Products Search Multiple Parameter XSS
2008-03-11 42705 2008-1306 Savvy Content Manager searchresults.cfm searchterms Parameter XSS
2008-03-11 42706 2008-1306 Savvy Content Manager search_results.cfm searchterms Parameter XSS
2008-03-11 42707 2008-1306 Savvy Content Manager search_results/index.cfm searchterms Parameter XSS
2008-03-07 42642 2008-1224 BosClassifieds Classified Ads System account.php returnTo Parameter XSS
2008-03-06 42604 2008-1211 BosDates calendar.php type Parameter XSS
2008-03-06 42605 2008-1211 BosDates calendar_search.php category Parameter XSS
2008-02-28 42292 2008-1076 Interspire Shopping Cart search.php search_query Parameter XSS
2008-02-28 42301 2008-1075 Maian Cart index.php keywords Parameter XSS
2008-02-20 41859 2008-0908 Schoolwires Academic Portal browse.asp c Parameter SQL Injection
2008-02-20 41860 2008-0909 Schoolwires Academic Portal browse.asp c Parameter XSS
2008-02-12 41521 2008-0793 Tendenci CMS search.asp Multiple Parameter XSS
2008-02-11 41421 2008-0774 Loris Hotel Reservation System search.cgi hotel_name Parameter XSS
2008-02-08 41229 2008-0669 Sift Unity search.cgi qt Parameter XSS
2008-01-30 40775 2008-0523 SoftCart SoftCart.exe Multiple Parameter XSS
2008-01-15 40258 2008-0292 Dansie Photo Album photo_album.pl search Parameter XSS
2008-01-14 40246 2008-0257 Dansie Search Engine search.pl keywords Parameter XSS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2013 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use