OSVDB: Open Sourced Vulnerability Database

Creditee: the_storm

Known Contact Information:

(as of 2012-03-29)
(as of 2012-04-01)
(as of 2012-05-03)

Known Affiliations:

vulnerability-lab.com (as of 2012-03-29)
Vulnerability Research Laboratory (as of 2012-04-01)

Disclosed Vulnerabilities (49):

Disc. Date	OSVDB ID	CVEID	Title
2012-05-11	81880		NetBill accounts/index2.php comment Parameter XSS
2012-05-11	81881		NetBill User Addition CSRF
2012-05-10	81884	2012-4281	Travelon Express holiday_book.php hid Parameter SQL Injection
2012-05-10	81885	2012-4281	Travelon Express admin/airline-edit.php fid Parameter SQL Injection
2012-05-10	81886	2012-4281	Travelon Express admin/customer-edit.php cid Parameter SQL Injection
2012-05-10	81887	2012-2938	Travelon Express admin/holiday-add.php holiday name Field XSS
2012-05-10	81888	2012-2938	Travelon Express admin/holiday-view.php holiday name Field XSS
2012-05-10	81889	2012-2939	Travelon Express Multiple Script Arbitrary File Upload
2012-05-10	81882	2012-4281	Travelon Express holiday.php hid Parameter SQL Injection
2012-05-10	81883	2012-4281	Travelon Express pages.php id Parameter SQL Injection
2012-05-09	81877	2012-4266	Proman Xpress client_details.php cl_comments Parameter XSS
2012-05-09	81896	2012-4265	Proman Xpress category_edit.php cid Parameter SQL Injection
2012-05-07	81875	2012-4278	FreeRealty agentadmin.php Multiple Parameter XSS
2012-05-07	81876	2012-4280	FreeRealty Admin User Creation CSRF
2012-05-07	84721	2012-4278	FreeRealty admin/agenteditor.php notes Parameter XSS
2012-05-07	84723	2012-4279	FreeRealty admin/admin.php edit Parameter SQL Injection
2012-05-07	81874	2012-4279	FreeRealty agentdisplay.php view Parameter SQL Injection
2012-05-07	81898		FreeRealty admin/admin.php edit Parameter SQL Injection
2012-05-07	84722	2012-4278	FreeRealty admin/adminfeatures.php Add New Feature XSS
2012-05-03	81685	2012-4260	myCare2x modules/importer/mycare2x_importer.php Multiple Parameter SQL Injection
2012-05-03	84720	2012-4260	myCare2x modules/drg/mycare2x_proc_search.php Multiple Parameter SQL Injection
2012-05-03	81686	2012-4260	myCare2x modules/patient/mycare_pid.php Multiple Parameter SQL Injection
2012-05-03	81684	2012-4260 2012-4261	myCare2x modules/patient/mycare2x_pat_info.php Multiple Parameter SQL Injection
2012-05-03	81687	2012-4262	myCare2x modules/patient/mycare_pid.php Multiple Parameter XSS
2012-05-03	81688	2012-4262	myCare2x modules/nursing/mycare_ward_print.php Multiple Parameter XSS
2012-05-03	81689	2012-4262	myCare2x modules/patient/mycare2x_pat_info.php Multiple Parameter XSS
2012-05-03	81690	2012-4262	myCare2x modules/drg/mycare2x_proc_search.php ln Parameter XSS
2012-04-27	81642		Opial searchresult.php searchkeayword Parameter XSS
2012-04-24	81566	2012-6508	Car Portal CMS Multiple Function CSRF
2012-04-24	81563	2012-6510	Car Portal CMS News Creation Unspecified Field XSS
2012-04-24	81567	2012-6509	Car Portal CMS File Upload PHP Code Execution
2012-04-24	81564	2012-6510	Car Portal CMS Sub User Creation Unspecified Field XSS
2012-04-24	81565	2012-6510	Car Portal CMS Group Creation Unspecified Field XSS
2012-04-13	81171		ACC PHP eMail index.php id Parameter XSS
2012-04-13	81172		ACC PHP eMail index.php id Parameter SQL Injection
2012-04-08	81063		idev-GameSite index.php id Parameter SQL Injection
2012-04-08	86725		idev-GameSite Image Creation Title Field XSS
2012-04-03	80936		SmartJoBboard Created Object Function XSS
2012-04-03	80937		SmartJoBboard Multiple Admin Function CSRF
2012-04-02	80878	2012-4877	FlatnuX CMS Admin User Creation CSRF
2012-04-01	80877	2012-4892 2012-4890	FlatnuX CMS index.php Multiple Parameter XSS
2012-04-01	85310	2012-4878	FlatnuX CMS controlcenter.php contents/Files Action dir Parameter Traversal Arbitrary File Access
2012-03-30	80796	2012-5900	Landshop landshop/admin/action/objects.php OB_ID Parameter SQL Injection
2012-03-30	80799	2012-5899	Landshop Create Object Function XSS
2012-03-30	80800	2012-5898	Landshop User Form Manipulation CSRF
2012-03-30	80797	2012-5900	Landshop landshop/admin/action/pdf.php start Parameter SQL Injection
2012-03-30	80798	2012-5900	Landshop landshop/admin/action/areas.php AREA_ID Parameter SQL Injection
2012-03-30	80671	2012-5910	b2evolution blogs/htsrv/viewfile.php root Parameter SQL Injection
2012-03-29	80672	2012-5911	b2evolution blogs/blog1.php Message Body XSS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.