DB: 2015-05-17

6 new exploits
This commit is contained in:
Offensive Security 2015-05-17 05:02:09 +00:00
parent f8d109fa3c
commit 57c0ae8e73
7 changed files with 61 additions and 0 deletions

View file

@ -33405,3 +33405,9 @@ id,file,description,date,author,platform,type,port
37019,platforms/php/webapps/37019.txt,"MyBB 1.6.6 index.php conditions[usergroup][] Parameter XSS",2013-03-27,"Aditya Modha",php,webapps,0
37020,platforms/windows/remote/37020.html,"Apple Safari 5.1.5 For Windows 'window.open()' URI Spoofing Vulnerability",2012-03-28,Lostmon,windows,remote,0
37021,platforms/php/webapps/37021.txt,"TomatoCart 1.2.0 Alpha 2 'json.php' Local File Include Vulnerability",2012-03-28,"Canberk BOLAT",php,webapps,0
37022,platforms/php/webapps/37022.txt,"ocPortal 7.1.5 code_editor.php Multiple Parameter XSS",2012-03-28,"High-Tech Bridge",php,webapps,0
37023,platforms/php/webapps/37023.txt,"EasyPHP 'main.php' SQL Injection Vulnerability",2012-03-29,"Skote Vahshat",php,webapps,0
37024,platforms/php/webapps/37024.txt,"eZ Publish 4.x 'ezjscore' Module Cross Site Scripting Vulnerability",2012-03-29,"Yann MICHARD",php,webapps,0
37025,platforms/php/webapps/37025.txt,"PHP Designer 2007 - Personal Multiple SQL Injection Vulnerabilities",2012-03-30,MR.XpR,php,webapps,0
37026,platforms/php/webapps/37026.txt,"e107 1.0 'view' Parameter SQL Injection Vulnerability",2012-03-30,Am!r,php,webapps,0
37027,platforms/php/webapps/37027.txt,"Simple Machines Forum (SMF) 2.0.2 index.php scheduled Parameter XSS",2012-03-29,Am!r,php,webapps,0

Can't render this file because it is too large.

13
platforms/php/webapps/37022.txt Executable file
View file

@ -0,0 +1,13 @@
source: http://www.securityfocus.com/bid/52768/info
ocPortal is prone to multiple cross-site scripting vulnerabilities and an arbitrary file-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.
ocPortal versions prior to 7.1.6 are vulnerable.
http://www.example.com/code_editor.php?path=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://www.example.com/code_editor.php?path&line=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://www.example.com/site/catalogue_file.php?original_filename=1.txt&file=%252e%252e%252f%252e%252e%252finfo.php

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/52781/info
EasyPHP is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
http://www.example.com/home/sqlite/main.php?dbsel=1&table=t1'

View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/52807/info
eZ Publish is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
eZ Publish 4.6 is vulnerable; other versions may also be affected.
http://www.example.com/ezjscore/call<img%20src%3Dlien%20onerror%3Dalert(document.cookie)>/ezjsc:time

View file

@ -0,0 +1,8 @@
source: http://www.securityfocus.com/bid/52819/info
PHP Designer 2007 - Personal is prone multiple SQL-injection vulnerabilities.
A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/read_news.php?news_id=[Sqli]
http://www.example.com/announce.php?id=[Sqli]

View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/52821/info
e107 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
e107 1.0.0 is vulnerable; other versions may also be affected.
http://www.example.com/index.php?option=com_flexicontent&view=[Sql]

View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/52822/info
Simple Machines Forum is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Simple Machines Forum 2.0.2 is vulnerable; other versions may also be affected.
http://www.example.com/index.php?scheduled=[Xss]