diff --git a/files.csv b/files.csv index f11e391fa..6c41ecc7e 100755 --- a/files.csv +++ b/files.csv @@ -30579,3 +30579,9 @@ id,file,description,date,author,platform,type,port 33951,platforms/windows/dos/33951.txt,"Baidu Spark Browser v26.5.9999.3511 - Remote Stack Overflow Vulnerability (DoS)",2014-07-02,LiquidWorm,windows,dos,0 33953,platforms/php/webapps/33953.txt,"Zurmo CRM - Persistent XSS Vulnerability",2014-07-02,Provensec,php,webapps,80 33954,platforms/php/webapps/33954.txt,"Kerio Control 8.3.1 - Blind SQL Injection",2014-07-02,"Khashayar Fereidani",php,webapps,4081 +33957,platforms/php/webapps/33957.txt,"kloNews 2.0 'cat.php' Cross Site Scripting Vulnerability",2010-01-20,"cr4wl3r ",php,webapps,0 +33958,platforms/cgi/webapps/33958.txt,"Digital Factory Publique! 2.3 'sid' Parameter SQL Injection Vulnerability",2010-05-06,"Christophe de la Fuente",cgi,webapps,0 +33959,platforms/asp/webapps/33959.txt,"Multiple Consona Products 'n6plugindestructor.asp' Cross Site Scripting Vulnerability",2010-05-07,"Ruben Santamarta ",asp,webapps,0 +33960,platforms/php/webapps/33960.txt,"ECShop 2.7.2 'category.php' SQL Injection Vulnerability",2010-05-07,Liscker,php,webapps,0 +33962,platforms/hardware/remote/33962.txt,"Cisco Application Control Engine (ACE) HTTP Parsing Security Weakness",2010-05-07,"Alexis Tremblay",hardware,remote,0 +33963,platforms/linux/local/33963.txt,"gdomap Multiple Local Information Disclosure Vulnerabilities",2010-05-07,"Dan Rosenberg",linux,local,0 diff --git a/platforms/asp/webapps/33959.txt b/platforms/asp/webapps/33959.txt new file mode 100755 index 000000000..d9a56a499 --- /dev/null +++ b/platforms/asp/webapps/33959.txt @@ -0,0 +1,13 @@ +source: http://www.securityfocus.com/bid/39999/info + +Multiple Consona (formerly SupportSoft) products are prone to a cross-site scripting vulnerability. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials; other attacks are possible. + +The following are vulnerable: +Consona Live Assistance +Consona Dynamic Agent +Consona Subscriber Assistance + +http://www.example.com/sdccommon/verify/asp/n6plugindestructor.asp?backurl=";}