Updated 05_12_2014

files.csv

@@ -30004,3 +30004,20 @@ id,file,description,date,author,platform,type,port
 33286,platforms/java/webapps/33286.txt,"Eclipse BIRT 2.2.1 'run?__report' Parameter Cross Site Scripting Vulnerability",2009-10-14,"Michele Orru",java,webapps,0
 33287,platforms/php/webapps/33287.txt,"bloofoxCMS 0.3.5 'search' Parameter Cross Site Scripting Vulnerability",2009-10-15,"drunken danish rednecks",php,webapps,0
 33288,platforms/php/webapps/33288.txt,"Zainu 1.0 'searchSongKeyword' Parameter Cross Site Scripting Vulnerability",2009-10-14,"drunken danish rednecks",php,webapps,0
+33289,platforms/linux/dos/33289.txt,"Linux Kernel 2.6.x '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability",2009-08-28,"Alistair Strachan",linux,dos,0
+33290,platforms/php/webapps/33290.txt,"Snitz Forums 2000 3.4.7 pop_send_to_friend.asp url Parameter XSS",2009-10-15,"Andrea Fabrizi",php,webapps,0
+33291,platforms/php/webapps/33291.txt,"Snitz Forums 2000 3.4.7 Sound Tag Onload Attribute XSS",2009-10-15,"Andrea Fabrizi",php,webapps,0
+33292,platforms/jsp/webapps/33292.txt,"IBM Rational RequisitePro 7.10 ReqWeb Help Feature ReqWebHelp/advanced/workingSet.jsp operation Parameter XSS",2009-10-15,IBM,jsp,webapps,0
+33293,platforms/jsp/webapps/33293.txt,"IBM Rational RequisitePro 7.10 ReqWeb Help Feature ReqWebHelp/basic/searchView.jsp Multiple Parameter XSS",2009-10-15,IBM,jsp,webapps,0
+33294,platforms/php/webapps/33294.txt,"TBmnetCMS 1.0 'content' Parameter Cross Site Scripting Vulnerability",2009-10-19,"drunken danish rednecks",php,webapps,0
+33295,platforms/php/webapps/33295.txt,"OpenDocMan 1.2.5 add.php last_message Parameter XSS",2009-10-21,"Amol Naik",php,webapps,0
+33296,platforms/php/webapps/33296.txt,"OpenDocMan 1.2.5 toBePublished.php Multiple Parameter XSS",2009-10-21,"Amol Naik",php,webapps,0
+33297,platforms/php/webapps/33297.txt,"OpenDocMan 1.2.5 index.php last_message Parameter XSS",2009-10-21,"Amol Naik",php,webapps,0
+33298,platforms/php/webapps/33298.txt,"OpenDocMan 1.2.5 admin.php last_message Parameter XSS",2009-10-21,"Amol Naik",php,webapps,0
+33299,platforms/php/webapps/33299.txt,"OpenDocMan 1.2.5 category.php XSS",2009-10-21,"Amol Naik",php,webapps,0
+33300,platforms/php/webapps/33300.txt,"OpenDocMan 1.2.5 department.php XSS",2009-10-21,"Amol Naik",php,webapps,0
+33301,platforms/php/webapps/33301.txt,"OpenDocMan 1.2.5 profile.php XSS",2009-10-21,"Amol Naik",php,webapps,0
+33302,platforms/php/webapps/33302.txt,"OpenDocMan 1.2.5 rejects.php XSS",2009-10-21,"Amol Naik",php,webapps,0
+33303,platforms/php/webapps/33303.txt,"OpenDocMan 1.2.5 search.php XSS",2009-10-21,"Amol Naik",php,webapps,0
+33304,platforms/php/webapps/33304.txt,"OpenDocMan 1.2.5 user.php XSS",2009-10-21,"Amol Naik",php,webapps,0
+33305,platforms/php/webapps/33305.txt,"OpenDocMan 1.2.5 view_file.php XSS",2009-10-21,"Amol Naik",php,webapps,0

platforms/jsp/webapps/33292.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36721/info
+
+IBM Rational RequisitePro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+These issues affect IBM Rational RequisitePro 7.10; other versions may also be affected. 
+
+http://www.example.com/ReqWebHelp/advanced/workingSet.jsp?operation=add*/--></script><script>alert(289325)</script>&workingSet=

platforms/jsp/webapps/33293.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36721/info
+ 
+IBM Rational RequisitePro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+ 
+These issues affect IBM Rational RequisitePro 7.10; other versions may also be affected. 
+
+http://www.example.com/ReqWebHelp/basic/searchView.jsp?searchWord=>''><script>alert(306531)</script>&maxHits=>''><script>alert(306531)</script>&scopedSearch=>''><script>alert(306531)</script>&scope=>''><script>alert(306531)</script> 

platforms/linux/dos/33289.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36706/info
+
+The Linux kernel is prone to a local denial-of-service vulnerability that attackers can exploit to cause an affected computer to panic.
+
+Versions prior to the Linux kernel 2.6.26.4 are affected.
+
+The following example is available:
+
+ping -f -s 3000 <IP> 

platforms/php/webapps/33290.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/36710/info
+
+Snitz Forums 2000 is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
+
+Snitz Forums 2000 3.4.07 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/forum/pop_send_to_friend.asp?url=&lt;/textarea&gt;<img
+src="http://www.google.it/intl/it_it/images/logo.gif" onLoad
+="alert(document.cookie)">

platforms/php/webapps/33291.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/36710/info
+ 
+Snitz Forums 2000 is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
+ 
+Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
+ 
+Snitz Forums 2000 3.4.07 is vulnerable; other versions may also be affected. 
+
+[sound]http://www.example.com"
+onLoad="alert(document.cookie)[/sound]

platforms/php/webapps/33294.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36733/info
+
+TBmnetCMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+This issue affects TBmnetCMS 1.0; other versions may be vulnerable as well.
+
+http://www.example.com/tbmnet.php?content=redneck%22%27%3E%3Cscript%3Ealert(/redneck/)%3C/script%3E 

platforms/php/webapps/33295.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36777/info
+
+OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/opendocman/add.php?last_message=<script>alert(1)</script>

platforms/php/webapps/33296.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/36777/info
+ 
+OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+ 
+OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/opendocman/toBePublished.php/"><script>alert(1)</script>
+http://www.example.com/opendocman/toBePublished.php?last_message=<script>alert(1)</script>

platforms/php/webapps/33297.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36777/info
+  
+OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+  
+OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/opendocman/index.php?last_message=<script>alert(1)</script>

platforms/php/webapps/33298.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36777/info
+   
+OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+   
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+   
+OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/opendocman/admin.php?last_message=<script>alert(1)</script>

platforms/php/webapps/33299.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36777/info
+    
+OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+    
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+    
+OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/opendocman/category.php/"><script>alert(1)</script><"?aku=c3VibWl0PWFkZCZzdGF0ZT0y

platforms/php/webapps/33300.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36777/info
+     
+OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+     
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+     
+OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/opendocman/department.php/"><script>alert(1)</script><"?aku=c3VibWl0PXNob3dwaWNrJnN0YXRlPTI=

platforms/php/webapps/33301.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36777/info
+      
+OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+      
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+      
+OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/opendocman/profile.php/"><script>alert(1)</script>

platforms/php/webapps/33302.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36777/info
+       
+OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+       
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+       
+OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/opendocman/rejects.php/"><script>alert(1)</script>

platforms/php/webapps/33303.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36777/info
+        
+OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+        
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+        
+OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/opendocman/search.php/"><script>alert(1)</script>

platforms/php/webapps/33304.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/36777/info
+         
+OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+         
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+         
+OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/opendocman/user.php/"><script>alert(1)</script><"?aku=c3VibWl0PXNob3dwaWNrJnN0YXRlPTI=
+http://www.example.com/opendocman/user.php?submit=Modify+User&item=2&caller=/opendocman/"><script>alert(123)</script><"

platforms/php/webapps/33305.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36777/info
+          
+OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+          
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+          
+OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/opendocman/view_file.php/"><script>alert(1)</script><"?aku=aWQ9NiZzdGF0ZT0z