diff --git a/files.csv b/files.csv index ba2021ec3..9c86d7f23 100755 --- a/files.csv +++ b/files.csv @@ -34271,3 +34271,16 @@ id,file,description,date,author,platform,type,port 37956,platforms/php/webapps/37956.txt,"WordPress GeoPlaces3 Theme - Arbitrary File Upload Vulnerbility",2015-08-24,Mdn_Newbie,php,webapps,80 37957,platforms/windows/dos/37957.txt,"GOM Audio 2.0.8 - (.gas) Crash POC",2015-08-24,"_ Un_N0n _",windows,dos,0 37958,platforms/multiple/remote/37958.rb,"Firefox PDF.js Privileged Javascript Injection",2015-08-24,metasploit,multiple,remote,0 +37959,platforms/php/webapps/37959.txt,"BSW Gallery 'uploadpic.php' Arbitrary File Upload Vulnerability",2012-10-18,"cr4wl3r ",php,webapps,0 +37960,platforms/php/webapps/37960.txt,"Amateur Photographer's Image Gallery force-download.php file Parameter Information Disclosure",2012-10-18,"cr4wl3r ",php,webapps,0 +37961,platforms/php/webapps/37961.txt,"Amateur Photographer's Image Gallery plist.php albumid Parameter SQL Injection",2012-10-18,"cr4wl3r ",php,webapps,0 +37962,platforms/php/webapps/37962.txt,"Amateur Photographer's Image Gallery plist.php albumid Parameter XSS",2012-10-18,"cr4wl3r ",php,webapps,0 +37963,platforms/php/webapps/37963.txt,"Amateur Photographer's Image Gallery fullscreen.php albumid Parameter SQL Injection",2012-10-18,"cr4wl3r ",php,webapps,0 +37964,platforms/windows/local/37964.c,"Broadcom WIDCOMM Bluetooth 'btkrnl.sys' Driver Local Privilege Escalation Vulnerability",2012-10-18,"Nikita Tarakanov",windows,local,0 +37965,platforms/hardware/webapps/37965.txt,"Keeper IP Camera 3.2.2.10 - Authentication Bypass",2015-08-25,"RAT - ThiefKing",hardware,webapps,0 +37966,platforms/windows/dos/37966.txt,"Microsoft Office 2007 OneTableDocumentStream Invalid Object",2015-08-25,"Google Security Research",windows,dos,0 +37967,platforms/windows/dos/37967.txt,"Microsoft Office 2007 Malformed Document Stack-Based Buffer Overflow",2015-08-25,"Google Security Research",windows,dos,0 +37968,platforms/php/webapps/37968.txt,"CMS Mini 0.2.2 'index.php' Script Cross Site Scripting Vulnerability",2012-10-19,Netsparker,php,webapps,0 +37969,platforms/hardware/remote/37969.txt,"FirePass <= 7.0 SSL VPN 'refreshURL' Parameter URI Redirection Vulnerability",2012-10-21,"Aung Khant",hardware,remote,0 +37970,platforms/php/webapps/37970.html,"WordPress Wordfence Security Plugin Cross Site Scripting Vulnerability",2012-10-18,MustLive,php,webapps,0 +37971,platforms/php/webapps/37971.html,"WHMCS 4.5.2 'googlecheckout.php' SQL Injection Vulnerability",2012-10-22,"Starware Security Team",php,webapps,0 diff --git a/platforms/hardware/remote/37969.txt b/platforms/hardware/remote/37969.txt new file mode 100755 index 000000000..7e419fb67 --- /dev/null +++ b/platforms/hardware/remote/37969.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/56156/info + +FirePass SSL VPN is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. + +A successful exploit may aid in phishing attacks; other attacks are possible. + +Versions prior to FirePass 7.0.0 HF-70-7 and 6.1.0 HF-610-9 are vulnerable. + +http://www.example.com/my.activation.cns.php3?langchar=&ui_translation=&refreshURL==http://attacker \ No newline at end of file diff --git a/platforms/hardware/webapps/37965.txt b/platforms/hardware/webapps/37965.txt new file mode 100755 index 000000000..8281071dc --- /dev/null +++ b/platforms/hardware/webapps/37965.txt @@ -0,0 +1,21 @@ +# Exploit Title: Keeper IP Camera - Authentication Bypass +# Date: 25/08/2015 +# Exploit Author: RAT - ThiefKing +# Vendor Homepage: http://www.keeper.cn/en/Camera-ip.asp +# Version: 3.2.2.10 +# WEB Version: 6.1.17.192 +# Tested on: QB200W, QB130W, QA130W,... + +Exploit: +1 - First, open your browser +2 - Enter the IP address or domain to see the login screen of the camera +3 - Now go to page umanage.asp (http://ipaddress:port/umanage.asp) + +You can change or view passwords + +TEST: http://server:88/login.asp +-- +RAT - ThiefKing +http://tromcap.com + + diff --git a/platforms/php/webapps/37959.txt b/platforms/php/webapps/37959.txt new file mode 100755 index 000000000..446ff2ea2 --- /dev/null +++ b/platforms/php/webapps/37959.txt @@ -0,0 +1,56 @@ +source: http://www.securityfocus.com/bid/56109/info + +BSW Gallery is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. + +An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. + +Code in uploadpic.php + +print "
"; +print ""; +print ""; +print "
File Upload:
"; +print""; +print"
Image Title
"; +print""; +print"
Image Description