From 8aedf0ad9caa902099e7bce24ba9e1dc329acd75 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Mon, 12 May 2014 04:36:22 +0000 Subject: [PATCH] Updated 05_12_2014 --- files.csv | 17 +++++++++++++++++ platforms/jsp/webapps/33292.txt | 9 +++++++++ platforms/jsp/webapps/33293.txt | 9 +++++++++ platforms/linux/dos/33289.txt | 9 +++++++++ platforms/php/webapps/33290.txt | 11 +++++++++++ platforms/php/webapps/33291.txt | 10 ++++++++++ platforms/php/webapps/33294.txt | 9 +++++++++ platforms/php/webapps/33295.txt | 9 +++++++++ platforms/php/webapps/33296.txt | 10 ++++++++++ platforms/php/webapps/33297.txt | 9 +++++++++ platforms/php/webapps/33298.txt | 9 +++++++++ platforms/php/webapps/33299.txt | 9 +++++++++ platforms/php/webapps/33300.txt | 9 +++++++++ platforms/php/webapps/33301.txt | 9 +++++++++ platforms/php/webapps/33302.txt | 9 +++++++++ platforms/php/webapps/33303.txt | 9 +++++++++ platforms/php/webapps/33304.txt | 10 ++++++++++ platforms/php/webapps/33305.txt | 9 +++++++++ 18 files changed, 175 insertions(+) create mode 100755 platforms/jsp/webapps/33292.txt create mode 100755 platforms/jsp/webapps/33293.txt create mode 100755 platforms/linux/dos/33289.txt create mode 100755 platforms/php/webapps/33290.txt create mode 100755 platforms/php/webapps/33291.txt create mode 100755 platforms/php/webapps/33294.txt create mode 100755 platforms/php/webapps/33295.txt create mode 100755 platforms/php/webapps/33296.txt create mode 100755 platforms/php/webapps/33297.txt create mode 100755 platforms/php/webapps/33298.txt create mode 100755 platforms/php/webapps/33299.txt create mode 100755 platforms/php/webapps/33300.txt create mode 100755 platforms/php/webapps/33301.txt create mode 100755 platforms/php/webapps/33302.txt create mode 100755 platforms/php/webapps/33303.txt create mode 100755 platforms/php/webapps/33304.txt create mode 100755 platforms/php/webapps/33305.txt diff --git a/files.csv b/files.csv index 267e5f4a5..9b0c32dfe 100755 --- a/files.csv +++ b/files.csv @@ -30004,3 +30004,20 @@ id,file,description,date,author,platform,type,port 33286,platforms/java/webapps/33286.txt,"Eclipse BIRT 2.2.1 'run?__report' Parameter Cross Site Scripting Vulnerability",2009-10-14,"Michele Orru",java,webapps,0 33287,platforms/php/webapps/33287.txt,"bloofoxCMS 0.3.5 'search' Parameter Cross Site Scripting Vulnerability",2009-10-15,"drunken danish rednecks",php,webapps,0 33288,platforms/php/webapps/33288.txt,"Zainu 1.0 'searchSongKeyword' Parameter Cross Site Scripting Vulnerability",2009-10-14,"drunken danish rednecks",php,webapps,0 +33289,platforms/linux/dos/33289.txt,"Linux Kernel 2.6.x '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability",2009-08-28,"Alistair Strachan",linux,dos,0 +33290,platforms/php/webapps/33290.txt,"Snitz Forums 2000 3.4.7 pop_send_to_friend.asp url Parameter XSS",2009-10-15,"Andrea Fabrizi",php,webapps,0 +33291,platforms/php/webapps/33291.txt,"Snitz Forums 2000 3.4.7 Sound Tag Onload Attribute XSS",2009-10-15,"Andrea Fabrizi",php,webapps,0 +33292,platforms/jsp/webapps/33292.txt,"IBM Rational RequisitePro 7.10 ReqWeb Help Feature ReqWebHelp/advanced/workingSet.jsp operation Parameter XSS",2009-10-15,IBM,jsp,webapps,0 +33293,platforms/jsp/webapps/33293.txt,"IBM Rational RequisitePro 7.10 ReqWeb Help Feature ReqWebHelp/basic/searchView.jsp Multiple Parameter XSS",2009-10-15,IBM,jsp,webapps,0 +33294,platforms/php/webapps/33294.txt,"TBmnetCMS 1.0 'content' Parameter Cross Site Scripting Vulnerability",2009-10-19,"drunken danish rednecks",php,webapps,0 +33295,platforms/php/webapps/33295.txt,"OpenDocMan 1.2.5 add.php last_message Parameter XSS",2009-10-21,"Amol Naik",php,webapps,0 +33296,platforms/php/webapps/33296.txt,"OpenDocMan 1.2.5 toBePublished.php Multiple Parameter XSS",2009-10-21,"Amol Naik",php,webapps,0 +33297,platforms/php/webapps/33297.txt,"OpenDocMan 1.2.5 index.php last_message Parameter XSS",2009-10-21,"Amol Naik",php,webapps,0 +33298,platforms/php/webapps/33298.txt,"OpenDocMan 1.2.5 admin.php last_message Parameter XSS",2009-10-21,"Amol Naik",php,webapps,0 +33299,platforms/php/webapps/33299.txt,"OpenDocMan 1.2.5 category.php XSS",2009-10-21,"Amol Naik",php,webapps,0 +33300,platforms/php/webapps/33300.txt,"OpenDocMan 1.2.5 department.php XSS",2009-10-21,"Amol Naik",php,webapps,0 +33301,platforms/php/webapps/33301.txt,"OpenDocMan 1.2.5 profile.php XSS",2009-10-21,"Amol Naik",php,webapps,0 +33302,platforms/php/webapps/33302.txt,"OpenDocMan 1.2.5 rejects.php XSS",2009-10-21,"Amol Naik",php,webapps,0 +33303,platforms/php/webapps/33303.txt,"OpenDocMan 1.2.5 search.php XSS",2009-10-21,"Amol Naik",php,webapps,0 +33304,platforms/php/webapps/33304.txt,"OpenDocMan 1.2.5 user.php XSS",2009-10-21,"Amol Naik",php,webapps,0 +33305,platforms/php/webapps/33305.txt,"OpenDocMan 1.2.5 view_file.php XSS",2009-10-21,"Amol Naik",php,webapps,0 diff --git a/platforms/jsp/webapps/33292.txt b/platforms/jsp/webapps/33292.txt new file mode 100755 index 000000000..8dd4351fd --- /dev/null +++ b/platforms/jsp/webapps/33292.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36721/info + +IBM Rational RequisitePro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +These issues affect IBM Rational RequisitePro 7.10; other versions may also be affected. + +http://www.example.com/ReqWebHelp/advanced/workingSet.jsp?operation=add*/-->&workingSet= \ No newline at end of file diff --git a/platforms/jsp/webapps/33293.txt b/platforms/jsp/webapps/33293.txt new file mode 100755 index 000000000..e716a8d10 --- /dev/null +++ b/platforms/jsp/webapps/33293.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36721/info + +IBM Rational RequisitePro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +These issues affect IBM Rational RequisitePro 7.10; other versions may also be affected. + +http://www.example.com/ReqWebHelp/basic/searchView.jsp?searchWord=>''>&maxHits=>''>&scopedSearch=>''>&scope=>''> \ No newline at end of file diff --git a/platforms/linux/dos/33289.txt b/platforms/linux/dos/33289.txt new file mode 100755 index 000000000..e8ef35f71 --- /dev/null +++ b/platforms/linux/dos/33289.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36706/info + +The Linux kernel is prone to a local denial-of-service vulnerability that attackers can exploit to cause an affected computer to panic. + +Versions prior to the Linux kernel 2.6.26.4 are affected. + +The following example is available: + +ping -f -s 3000 \ No newline at end of file diff --git a/platforms/php/webapps/33290.txt b/platforms/php/webapps/33290.txt new file mode 100755 index 000000000..4767f1bed --- /dev/null +++ b/platforms/php/webapps/33290.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/36710/info + +Snitz Forums 2000 is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. + +Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. + +Snitz Forums 2000 3.4.07 is vulnerable; other versions may also be affected. + +http://www.example.com/forum/pop_send_to_friend.asp?url=</textarea> \ No newline at end of file diff --git a/platforms/php/webapps/33291.txt b/platforms/php/webapps/33291.txt new file mode 100755 index 000000000..b2c3c73ff --- /dev/null +++ b/platforms/php/webapps/33291.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/36710/info + +Snitz Forums 2000 is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. + +Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. + +Snitz Forums 2000 3.4.07 is vulnerable; other versions may also be affected. + +[sound]http://www.example.com" +onLoad="alert(document.cookie)[/sound] \ No newline at end of file diff --git a/platforms/php/webapps/33294.txt b/platforms/php/webapps/33294.txt new file mode 100755 index 000000000..df44fbd27 --- /dev/null +++ b/platforms/php/webapps/33294.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36733/info + +TBmnetCMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +This issue affects TBmnetCMS 1.0; other versions may be vulnerable as well. + +http://www.example.com/tbmnet.php?content=redneck%22%27%3E%3Cscript%3Ealert(/redneck/)%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/33295.txt b/platforms/php/webapps/33295.txt new file mode 100755 index 000000000..7e2e27fac --- /dev/null +++ b/platforms/php/webapps/33295.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36777/info + +OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. + +http://www.example.com/opendocman/add.php?last_message= \ No newline at end of file diff --git a/platforms/php/webapps/33296.txt b/platforms/php/webapps/33296.txt new file mode 100755 index 000000000..0da7c3ae4 --- /dev/null +++ b/platforms/php/webapps/33296.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/36777/info + +OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. + +http://www.example.com/opendocman/toBePublished.php/"> +http://www.example.com/opendocman/toBePublished.php?last_message= \ No newline at end of file diff --git a/platforms/php/webapps/33297.txt b/platforms/php/webapps/33297.txt new file mode 100755 index 000000000..4e260f60c --- /dev/null +++ b/platforms/php/webapps/33297.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36777/info + +OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. + +http://www.example.com/opendocman/index.php?last_message= \ No newline at end of file diff --git a/platforms/php/webapps/33298.txt b/platforms/php/webapps/33298.txt new file mode 100755 index 000000000..efda1b67b --- /dev/null +++ b/platforms/php/webapps/33298.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36777/info + +OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. + +http://www.example.com/opendocman/admin.php?last_message= \ No newline at end of file diff --git a/platforms/php/webapps/33299.txt b/platforms/php/webapps/33299.txt new file mode 100755 index 000000000..645cb8859 --- /dev/null +++ b/platforms/php/webapps/33299.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36777/info + +OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. + +http://www.example.com/opendocman/category.php/"><"?aku=c3VibWl0PWFkZCZzdGF0ZT0y \ No newline at end of file diff --git a/platforms/php/webapps/33300.txt b/platforms/php/webapps/33300.txt new file mode 100755 index 000000000..c66a92c9f --- /dev/null +++ b/platforms/php/webapps/33300.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36777/info + +OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. + +http://www.example.com/opendocman/department.php/"><"?aku=c3VibWl0PXNob3dwaWNrJnN0YXRlPTI= \ No newline at end of file diff --git a/platforms/php/webapps/33301.txt b/platforms/php/webapps/33301.txt new file mode 100755 index 000000000..fe5ff6423 --- /dev/null +++ b/platforms/php/webapps/33301.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36777/info + +OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. + +http://www.example.com/opendocman/profile.php/"> \ No newline at end of file diff --git a/platforms/php/webapps/33302.txt b/platforms/php/webapps/33302.txt new file mode 100755 index 000000000..88698cda3 --- /dev/null +++ b/platforms/php/webapps/33302.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36777/info + +OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. + +http://www.example.com/opendocman/rejects.php/"> \ No newline at end of file diff --git a/platforms/php/webapps/33303.txt b/platforms/php/webapps/33303.txt new file mode 100755 index 000000000..20fb87c2d --- /dev/null +++ b/platforms/php/webapps/33303.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36777/info + +OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. + +http://www.example.com/opendocman/search.php/"> \ No newline at end of file diff --git a/platforms/php/webapps/33304.txt b/platforms/php/webapps/33304.txt new file mode 100755 index 000000000..79ad90c7d --- /dev/null +++ b/platforms/php/webapps/33304.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/36777/info + +OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. + +http://www.example.com/opendocman/user.php/"><"?aku=c3VibWl0PXNob3dwaWNrJnN0YXRlPTI= +http://www.example.com/opendocman/user.php?submit=Modify+User&item=2&caller=/opendocman/"><" \ No newline at end of file diff --git a/platforms/php/webapps/33305.txt b/platforms/php/webapps/33305.txt new file mode 100755 index 000000000..68203c9b0 --- /dev/null +++ b/platforms/php/webapps/33305.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36777/info + +OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +OpenDocMan 1.2.5 is vulnerable; other versions may also be affected. + +http://www.example.com/opendocman/view_file.php/"><"?aku=aWQ9NiZzdGF0ZT0z \ No newline at end of file