diff --git a/files.csv b/files.csv index 589652650..f45fee53c 100755 --- a/files.csv +++ b/files.csv @@ -33100,3 +33100,41 @@ id,file,description,date,author,platform,type,port 36690,platforms/linux/remote/36690.rb,"Barracuda Firmware <= 5.0.0.012 reporting Post Auth Remote Root",2015-04-09,xort,linux,remote,8000 36692,platforms/osx/local/36692.py,"Mac OS X rootpipe Local Privilege Escalation",2015-04-09,"Emil Kvarnhammar",osx,local,0 36693,platforms/php/webapps/36693.txt,"RabbitWiki 'title' Parameter Cross Site Scripting Vulnerability",2012-02-10,sonyy,php,webapps,0 +36694,platforms/php/webapps/36694.txt,"eFront Community++ 3.6.10 SQL Injection and Multiple HTML Injection Vulnerabilities",2012-02-12,"Benjamin Kunz Mejri",php,webapps,0 +36695,platforms/php/webapps/36695.txt,"Zimbra 'view' Parameter Cross Site Scripting Vulnerability",2012-02-13,sonyy,php,webapps,0 +36696,platforms/php/webapps/36696.txt,"Nova CMS administrator/modules/moduleslist.php id Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36697,platforms/php/webapps/36697.txt,"Nova CMS optimizer/index.php fileType Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36698,platforms/php/webapps/36698.txt,"Nova CMS includes/function/gets.php filename Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36699,platforms/php/webapps/36699.txt,"Nova CMS includes/function/usertpl.php conf[blockfile] Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36700,platforms/windows/local/36700.txt,"Elipse SCADA 2.29 b141 - DLL Hijacking",2015-04-10,"PETER CHENG",windows,local,0 +36702,platforms/php/webapps/36702.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_db_setup.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36703,platforms/php/webapps/36703.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_common.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36704,platforms/php/webapps/36704.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_display.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36705,platforms/php/webapps/36705.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_form.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36706,platforms/php/webapps/36706.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_main.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36707,platforms/php/webapps/36707.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_local_rules.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36708,platforms/php/webapps/36708.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_logout.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36709,platforms/php/webapps/36709.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_main.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36710,platforms/php/webapps/36710.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_maintenance.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36711,platforms/php/webapps/36711.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_payload.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36712,platforms/php/webapps/36712.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 help/base_setup_help.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36713,platforms/php/webapps/36713.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_action.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36714,platforms/php/webapps/36714.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_cache.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36715,platforms/php/webapps/36715.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_db.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36716,platforms/php/webapps/36716.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_include.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36717,platforms/php/webapps/36717.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_output_html.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36718,platforms/php/webapps/36718.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_output_query.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36719,platforms/php/webapps/36719.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_criteria.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36720,platforms/php/webapps/36720.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_query.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36721,platforms/php/webapps/36721.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 setup/base_conf_contents.php Multiple Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36722,platforms/php/webapps/36722.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_common.inc.php GLOBALS[user_session_path] Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36723,platforms/php/webapps/36723.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 setup/setup2.php ado_inc_php Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36724,platforms/php/webapps/36724.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_ag_main.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36725,platforms/php/webapps/36725.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_qry_alert.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36726,platforms/php/webapps/36726.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_qry_common.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36727,platforms/php/webapps/36727.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_alerts.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36728,platforms/php/webapps/36728.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_class.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36729,platforms/php/webapps/36729.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_common.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36730,platforms/php/webapps/36730.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_ipaddr.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36731,platforms/php/webapps/36731.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_iplink.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36732,platforms/php/webapps/36732.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_ports.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 diff --git a/platforms/php/webapps/36694.txt b/platforms/php/webapps/36694.txt new file mode 100755 index 000000000..2e7801739 --- /dev/null +++ b/platforms/php/webapps/36694.txt @@ -0,0 +1,95 @@ +source: http://www.securityfocus.com/bid/51973/info + +eFront Community++ is prone to an SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. + +Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. + +eFront Community++ 3.6.10 is vulnerable; other versions may also be affected. + +SQL Injection: + +http://www.example.com/communityplusplus/www/administrator.php?ctg=course&edit_course=-1'[SQL INJECTION!] + +HTML Injection: + +The vulnerabilities can be exploited by remote attacker with low or high required user inter action. +For demonstration or reproduce ... + + +
+
+">
+
+ |
+0 Subforums, 0 Topics, 0 Messages + | +Never + + | +
+
+
+...or
+
+
+">
+
+ |
+
+...or
+
No data found | |||