DB: 2015-05-17
6 new exploits
This commit is contained in:
parent
f8d109fa3c
commit
57c0ae8e73
7 changed files with 61 additions and 0 deletions
|
@ -33405,3 +33405,9 @@ id,file,description,date,author,platform,type,port
|
|||
37019,platforms/php/webapps/37019.txt,"MyBB 1.6.6 index.php conditions[usergroup][] Parameter XSS",2013-03-27,"Aditya Modha",php,webapps,0
|
||||
37020,platforms/windows/remote/37020.html,"Apple Safari 5.1.5 For Windows 'window.open()' URI Spoofing Vulnerability",2012-03-28,Lostmon,windows,remote,0
|
||||
37021,platforms/php/webapps/37021.txt,"TomatoCart 1.2.0 Alpha 2 'json.php' Local File Include Vulnerability",2012-03-28,"Canberk BOLAT",php,webapps,0
|
||||
37022,platforms/php/webapps/37022.txt,"ocPortal 7.1.5 code_editor.php Multiple Parameter XSS",2012-03-28,"High-Tech Bridge",php,webapps,0
|
||||
37023,platforms/php/webapps/37023.txt,"EasyPHP 'main.php' SQL Injection Vulnerability",2012-03-29,"Skote Vahshat",php,webapps,0
|
||||
37024,platforms/php/webapps/37024.txt,"eZ Publish 4.x 'ezjscore' Module Cross Site Scripting Vulnerability",2012-03-29,"Yann MICHARD",php,webapps,0
|
||||
37025,platforms/php/webapps/37025.txt,"PHP Designer 2007 - Personal Multiple SQL Injection Vulnerabilities",2012-03-30,MR.XpR,php,webapps,0
|
||||
37026,platforms/php/webapps/37026.txt,"e107 1.0 'view' Parameter SQL Injection Vulnerability",2012-03-30,Am!r,php,webapps,0
|
||||
37027,platforms/php/webapps/37027.txt,"Simple Machines Forum (SMF) 2.0.2 index.php scheduled Parameter XSS",2012-03-29,Am!r,php,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
13
platforms/php/webapps/37022.txt
Executable file
13
platforms/php/webapps/37022.txt
Executable file
|
@ -0,0 +1,13 @@
|
|||
source: http://www.securityfocus.com/bid/52768/info
|
||||
|
||||
ocPortal is prone to multiple cross-site scripting vulnerabilities and an arbitrary file-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.
|
||||
|
||||
ocPortal versions prior to 7.1.6 are vulnerable.
|
||||
|
||||
http://www.example.com/code_editor.php?path=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
|
||||
|
||||
http://www.example.com/code_editor.php?path&line=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
|
||||
|
||||
http://www.example.com/site/catalogue_file.php?original_filename=1.txt&file=%252e%252e%252f%252e%252e%252finfo.php
|
7
platforms/php/webapps/37023.txt
Executable file
7
platforms/php/webapps/37023.txt
Executable file
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/52781/info
|
||||
|
||||
EasyPHP is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
|
||||
|
||||
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/home/sqlite/main.php?dbsel=1&table=t1'
|
9
platforms/php/webapps/37024.txt
Executable file
9
platforms/php/webapps/37024.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/52807/info
|
||||
|
||||
eZ Publish is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
eZ Publish 4.6 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/ezjscore/call<img%20src%3Dlien%20onerror%3Dalert(document.cookie)>/ezjsc:time
|
8
platforms/php/webapps/37025.txt
Executable file
8
platforms/php/webapps/37025.txt
Executable file
|
@ -0,0 +1,8 @@
|
|||
source: http://www.securityfocus.com/bid/52819/info
|
||||
|
||||
PHP Designer 2007 - Personal is prone multiple SQL-injection vulnerabilities.
|
||||
|
||||
A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/read_news.php?news_id=[Sqli]
|
||||
http://www.example.com/announce.php?id=[Sqli]
|
9
platforms/php/webapps/37026.txt
Executable file
9
platforms/php/webapps/37026.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/52821/info
|
||||
|
||||
e107 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
e107 1.0.0 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/index.php?option=com_flexicontent&view=[Sql]
|
9
platforms/php/webapps/37027.txt
Executable file
9
platforms/php/webapps/37027.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/52822/info
|
||||
|
||||
Simple Machines Forum is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
Simple Machines Forum 2.0.2 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/index.php?scheduled=[Xss]
|
Loading…
Add table
Reference in a new issue