OSVDB: Open Sourced Vulnerability Database

Creditee: John Leitch

Known Contact Information:

(as of 2010-10-10)
(as of 2011-03-10)

Known Affiliations:

Unaffiliated (as of 2010-05-27)
johnleitch.net (as of 2010-09-24)
AutoSec Tools (as of 2011-02-20)
Microsoft Vulnerability Research (as of 2012-08-14)
Microsoft (as of 2012-08-21)

Disclosed Vulnerabilities (65):

Disc. Date	OSVDB ID	CVEID	Title
2012-12-24	92739	2013-2830	SumatraPDF Unspecified Use-after-free Remote Code Execution
2012-09-18	85569	2012-4896	SumatraPDF PDF File Handling Unspecified Memory Corruption (2012-4896)
2012-09-18	85568	2012-4895	SumatraPDF PDF File Handling Unspecified Memory Corruption (2012-4895)
2012-08-21	84808	2012-4337	Foxit Reader Unspecified PDF File Handling Memory Corruption
2012-08-14	84619	2012-4148	Adobe Reader / Acrobat Unspecified Memory Corruption (2012-4148)
2011-05-25	80989	2011-4948	eGroupware admin/remote.php uid Parameter Traversal Local File Inclusion
2011-05-25	80991	2011-4951	eGroupware phpgwapi/ntlm/index.php forward Parameter Arbitrary Site Redirect
2011-04-25	71999		phpMyChat Plus avatar.php pmc_password Parameter XSS
2011-04-25	71998		phpMyChat Plus lurking.php Multiple Cookie SQL Injection
2011-04-25	72048		webERP AccountGroups.php CompanyNameField Parameter XSS
2011-04-21	71962		Todoyu lib/js/jscalendar/php/test.php lang Parameter XSS
2011-04-21	71968		web2Project calendar.php token Parameter SQL Injection
2011-04-21	72128		Dolibarr ERP/CRM htdocs/document.php lang Parameter XSS
2011-04-21	72129		Dolibarr ERP/CRM htdocs/user/passwordforgotten.php theme Parameter Traversal Arbitrary File Access
2011-04-07	80990	2011-4949	eGroupware phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php id Parameter SQL Injection
2011-04-05	71703		e107 Admin Functions CSRF
2011-04-03	71462		AdWizz Plugin for WordPress wp-content/plugins/ad-wizz/template.php link Parameter XSS
2011-04-03	71461		Placester Plugin for WordPress wp-content/plugins/placester/admin/support_ajax.php ajax_action Parameter XSS
2011-04-03	71460		LiveStreet CMS css_optimiser.php url Parameter XSS
2011-04-03	71718	2011-1714	eyeOS framework/source/resource/qx/test/jsonp_primitive.php callback Parameter XSS
2011-04-03	71719	2011-1715	eyeOS framework/source/resource/qx/test/part/delay.php file Parameter Traversal Arbitrary File Access
2011-04-03	71720	2011-1714	qooxdoo framework/source/resource/qx/test/jsonp_primitive.php callback Parameter XSS
2011-04-03	71721	2011-1715	qooxdoo framework/source/resource/qx/test/part/delay.php file Parameter Traversal Arbitrary File Access
2011-04-02	71459	2011-5160	OpenEMR setup.php site Parameter XSS
2011-04-02	71457		OpenEMR gacl/admin/object_search.php Multiple Parameter XSS
2011-04-02	71458		OpenEMR index.php site Parameter Traversal Local File Inclusion
2011-03-14	71172		Nucleus CMS index.php user Parameter XSS
2011-03-11	71474		Feng Office Community Edition public/assets/javascript/slimey/save.php Multiple Parameter XSS
2011-03-11	71473		Feng Office Community Edition public/assets/javascript/ckeditor/ck_upload_handler.php Arbitrary File Upload
2011-03-10	71723		openC index.php FORM[profilbild] Parameter XSS
2011-03-10	71722		openC index.php Multiple Parameter XSS
2011-03-10	72164		ClanSphere mods/ckeditor/filemanager/connectors/php/upload.php CKEditorFuncNum Parameter XSS
2011-03-10	72163		ClanSphere mods/ckeditor/filemanager/connectors/php/upload.php Arbitrary File Upload
2011-02-20	71419		ProQuiz functions.php Arbitrary File Upload
2011-01-10	70439		Solar FTP Server PASV Command Handling Memory Corruption
2010-12-30	70414		Wing FTP Server Admin User Creation CSRF
2010-12-29	70205		QuickShare File Server HTTP Server URI Traversal Arbitrary File Access
2010-12-27	70176		httpdASM URI Traversal Arbitrary File Access
2010-12-07	69762	2010-4518	Safe Search Plugin for WordPress wp-content/plugins/wp-safe-search/wp-safe-search-jx.php v1 Parameter XSS
2010-12-07	69760	2010-4825	Twitter Feed Plugin for WordPress wp-content/plugins/wp-twitter-feed/magpie/scripts/magpie_debug.php url Parameter XSS
2010-12-07	69764	2010-4747	Processing Embed Plugin for Wordpress wp-content/plugins/wordpress-processing-embed/data/popup.php pluginurl Parameter XSS
2010-12-07	69697		RealNetworks Helix Server Realm Admin User Creation CSRF
2010-12-07	69680	2010-4505	Injader login.php Multiple Parameter SQL Injection
2010-11-09	69084	2010-4875	Vodpod Video Gallery Plugin for WordPress wp-content/plugins/vodpod-video-gallery/vodpod_gallery_thumbs.php gid Parameter XSS
2010-11-08	69100		SEO Tools Plugin for WordPress wp-content/plugins/seo-automatic-seo-tools/feedcommander/get_download.php file Parameter Traversal Arbitrary File Access
2010-11-08	69103	2010-4873	WeBid confirm.php id Parameter XSS
2010-11-08	69073		jRSS Widget Plugin for WordPress proxy.php url Parameter Traversal Arbitrary File Access
2010-11-08	69074	2010-4630	WP Survey And Quiz Tool Plugin for WordPress create.php action Parameter XSS
2010-11-08	69102		WeBid includes/messages.inc.php lan Parameter Traversal Arbitrary File Access
2010-11-05	69071	2010-4637	FeedList Plugin for WordPress wp-content/plugins/feedlist/handler_image.php i Parameter XSS
2010-11-05	69076		DB Toolkit Plugin for WordPress wp-content/plugins/db-toolkit/data_form/fieldtypes/file/scripts/uploadify.php Arbitrary File Upload
2010-11-01	68963		Home File Share Server URI Traversal Arbitrary File Access
2010-10-31	68960		Project Jug URI Traversal Arbitrary File Access
2010-10-24	68881		MinaliC Large Packet Remote DoS
2010-10-24	68880		MinaliC Multiple Character URI Traversal Arbitrary File Access
2010-10-10	68599	2010-4800	BaconMap doadd.php type Parameter SQL Injection
2010-10-10	68598	2010-4801	BaconMap updatelist.php filepath Parameter Traversal Local File Inclusion
2010-09-28	68264	2010-4883	MODx manager/index.php modahsh Parameter XSS
2010-09-28	68265	2010-5278	MODx manager/controllers/default/resource/tvs.php class_key Parameter Traversal Local File Inclusion
2010-09-24	82383	2010-4239	TikiWiki tiki-jsplugin.php language Parameter Traversal Arbitrary File Access
2010-09-24	82384	2010-4240	TikiWiki tiki-edit_wiki_section.php type Parameter XSS
2010-09-24	82385	2010-4241	TikiWiki tiki-adminusers.php Admin Password Manipulation CSRF
2010-07-12	66229		InterPhoto Gallery mydesk.edit.php User Password Change CSRF
2010-07-05	66026		Lanius CMS Admin User Creation CSRF
2010-05-27	64985		Core FTP Server / SFTP Server FTP Command Traversal Arbitrary Directory Access

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.