diff --git a/files.csv b/files.csv index bb9375817..2e2b32022 100755 --- a/files.csv +++ b/files.csv @@ -24493,7 +24493,7 @@ id,file,description,date,author,platform,type,port 27422,platforms/php/webapps/27422.txt,"CyBoards PHP Lite 1.21/1.25 Post.PHP SQL Injection Vulnerability",2006-03-14,"Aliaksandr Hartsuyeu",php,webapps,0 27423,platforms/php/webapps/27423.txt,"DSCounter 1.2 Index.PHP SQL Injection Vulnerability",2006-03-14,"Aliaksandr Hartsuyeu",php,webapps,0 27424,platforms/php/webapps/27424.txt,"DSDownload 1.0 - Multiple SQL-Injection Vulnerabilities",2006-03-15,"Aliaksandr Hartsuyeu",php,webapps,0 -27425,platforms/linux/local/27425.txt,"Zoo 2.10 - Parse.c Local Buffer Overflow Vulnerability",2006-03-16,"Josh Bressers",linux,local,0 +27425,platforms/linux/dos/27425.txt,"Zoo 2.10 - Parse.c Local Buffer Overflow Vulnerability",2006-03-16,"Josh Bressers",linux,dos,0 27426,platforms/linux/local/27426.txt,"Zoo 2.10 Parse.c Local Buffer Overflow Vulnerability",2006-03-16,"Josh Bressers",linux,local,0 27427,platforms/php/webapps/27427.txt,"Contrexx CMS 1.0.x Index.PHP Cross-Site Scripting Vulnerability",2006-03-16,Soot,php,webapps,0 27428,platforms/hardware/remote/27428.rb,"D-Link Devices Unauthenticated Remote Command Execution",2013-08-08,metasploit,hardware,remote,0 @@ -28989,8 +28989,10 @@ id,file,description,date,author,platform,type,port 32208,platforms/multiple/dos/32208.txt,"Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities",2014-03-12,"Core Security",multiple,dos,0 32209,platforms/windows/remote/32209.rb,"Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow",2014-03-12,metasploit,windows,remote,20171 32210,platforms/windows/remote/32210.rb,"Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow",2014-03-12,metasploit,windows,remote,20111 +32211,platforms/php/webapps/32211.txt,"LuxCal 3.2.2 - Multiple Vulnerabilities (CSRF/Blind SQL Injection)",2014-03-12,"TUNISIAN CYBER",php,webapps,80 32212,platforms/asp/webapps/32212.txt,"Procentia IntelliPen 1.1.12.1520 (Data.aspx, value param) - Blind SQL Injection",2014-03-12,Portcullis,asp,webapps,80 32213,platforms/php/webapps/32213.txt,"Vtiger CRM 5.4.0, 6.0 RC, 6.0.0 GA (browse.php, file param) - Local File Inclusion",2014-03-12,Portcullis,php,webapps,80 +32214,platforms/php/webapps/32214.pl,"FreePBX 2.11.0 - Remote Command Execution",2014-03-12,@0x00string,php,webapps,80 32215,platforms/php/webapps/32215.txt,"RMSOFT Downloads Plus (rmdp) 1.5/1.7 Module for XOOPS search.php key Parameter XSS",2008-08-09,Lostmon,php,webapps,0 32216,platforms/php/webapps/32216.txt,"RMSOFT Downloads Plus (rmdp) 1.5/1.7 Module for XOOPS down.php id Parameter XSS",2008-08-09,Lostmon,php,webapps,0 32217,platforms/php/webapps/32217.txt,"Linkspider 1.08 Multiple Remote File Include Vulnerabilities",2008-08-08,"Rohit Bansal",php,webapps,0 @@ -29001,6 +29003,7 @@ id,file,description,date,author,platform,type,port 32222,platforms/multiple/dos/32222.rb,"Ruby <= 1.9 WEBrick::HTTP::DefaultFileHandler Crafted HTTP Request DoS",2008-08-11,"Keita Yamaguchi",multiple,dos,0 32223,platforms/multiple/remote/32223.rb,"Ruby <= 1.9 dl Module DL.dlopen Arbitrary Library Access",2008-08-11,"Keita Yamaguchi",multiple,remote,0 32224,platforms/multiple/remote/32224.rb,"Ruby <= 1.9 Safe Level Multiple Function Restriction Bypass",2008-08-11,"Keita Yamaguchi",multiple,remote,0 +32225,platforms/linux/remote/32225.txt,"Vim 'mch_expand_wildcards()' - Heap Based Buffer Overflow Vulnerability",2005-01-29,"Brian Hirt",linux,remote,0 32226,platforms/php/webapps/32226.txt,"Datafeed Studio 'patch.php' Remote File Include Vulnerability",2008-08-12,"Bug Researchers Group",php,webapps,0 32227,platforms/php/webapps/32227.txt,"Datafeed Studio 1.6.2 'search.php' Cross-Site Scripting Vulnerability",2008-08-12,"Bug Researchers Group",php,webapps,0 32228,platforms/linux/remote/32228.xml,"Bugzilla <= 3.1.4 '--attach_path' Directory Traversal Vulnerability",2008-08-12,"ilja van sprundel",linux,remote,0 @@ -29012,3 +29015,34 @@ id,file,description,date,author,platform,type,port 32234,platforms/php/webapps/32234.txt,"Meet#Web 0.8 RegForm.class.php root_path Parameter Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 32235,platforms/php/webapps/32235.txt,"Meet#Web 0.8 RegResource.class.php root_path Parameter Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 32236,platforms/php/webapps/32236.txt,"Meet#Web 0.8 RegRightsResource.class.php root_path Parameter Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 +32237,platforms/hardware/webapps/32237.txt,"Ubee EVW3200 - Multiple Persistent Cross Site Scripting",2014-03-13,"Jeroen - IT Nerdbox",hardware,webapps,0 +32238,platforms/hardware/webapps/32238.txt,"Ubee EVW3200 - Cross Site Request Forgery",2014-03-13,"Jeroen - IT Nerdbox",hardware,webapps,0 +32240,platforms/php/webapps/32240.txt,"Freeway 1.4.1 Multiple Input Validation Vulnerabilities",2008-08-13,"Digital Security Research Group",php,webapps,0 +32241,platforms/php/webapps/32241.txt,"PHP Realty 'dpage.php' SQL Injection Vulnerability",2008-08-13,CraCkEr,php,webapps,0 +32242,platforms/php/webapps/32242.txt,"PHP-Fusion 4.01 'readmore.php' SQL Injection Vulnerability",2008-08-13,Rake,php,webapps,0 +32243,platforms/php/webapps/32243.txt,"Nukeviet 2.0 'admin/login.php' Cookie Authentication Bypass Vulnerability",2008-08-13,Ciph3r,php,webapps,0 +32244,platforms/php/webapps/32244.txt,"YapBB 1.2 'class_yapbbcooker.php' Remote File Include Vulnerability",2008-08-13,CraCkEr,php,webapps,0 +32245,platforms/php/webapps/32245.txt,"Nortel Networks SRG V16 modules.php module Parameter XSS",2008-08-13,CraCkEr,php,webapps,0 +32246,platforms/php/webapps/32246.txt,"Nortel Networks SRG V16 admin_modules.php module Parameter Traversal Local File Inclusion",2008-08-13,CraCkEr,php,webapps,0 +32247,platforms/php/webapps/32247.txt,"Nortel Networks SRG V16 modules.php module Parameter Traversal Local File Inclusion",2008-08-13,CraCkEr,php,webapps,0 +32248,platforms/linux/dos/32248.txt,"Yelp 2.23.1 Invalid URI Format String Vulnerability",2008-08-13,"Aaron Grattafiori",linux,dos,0 +32249,platforms/jsp/webapps/32249.txt,"Openfire <= 3.5.2 'login.jsp' Cross-Site Scripting Vulnerability",2008-08-14,"Daniel Henninger",jsp,webapps,0 +32250,platforms/php/webapps/32250.py,"mUnky 0.01'index.php' Remote Code Execution Vulnerability",2008-08-15,IRCRASH,php,webapps,0 +32251,platforms/php/webapps/32251.txt,"PHPizabi 0.848b C1 HP3 'id' Parameter Local File Include Vulnerability",2008-08-15,Lostmon,php,webapps,0 +32252,platforms/php/webapps/32252.txt,"Mambo Open Source 4.6.2 administrator/popups/index3pop.php mosConfig_sitename Parameter XSS",2008-08-15,"Khashayar Fereidani",php,webapps,0 +32253,platforms/php/webapps/32253.txt,"Mambo Open Source 4.6.2 mambots/editors/mostlyce/ .. /php/connector.php Query String XSS",2008-08-15,"Khashayar Fereidani",php,webapps,0 +32254,platforms/php/webapps/32254.txt,"FlexCMS 2.5 'inc-core-admin-editor-previouscolorsjs.php' Cross-Site Scripting Vulnerability",2008-08-15,Dr.Crash,php,webapps,0 +32255,platforms/asp/webapps/32255.txt,"FipsCMS 2.1 'forum/neu.asp' SQL Injection Vulnerability",2008-08-15,U238,asp,webapps,0 +32256,platforms/windows/dos/32256.py,"Ipswitch <= 8.0 WS_FTP Client Format String Vulnerability",2008-08-17,securfrog,windows,dos,0 +32257,platforms/php/webapps/32257.txt,"PromoProducts 'view_product.php' Multiple SQL Injection Vulnerabilities",2008-08-15,baltazar,php,webapps,0 +32258,platforms/cgi/webapps/32258.txt,"AWStats 6.8 'awstats.pl' Cross-Site Scripting Vulnerability",2008-08-18,"Morgan Todd",cgi,webapps,0 +32259,platforms/php/webapps/32259.txt,"Freeway 1.4.1.171 english/account.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32260,platforms/php/webapps/32260.txt,"Freeway 1.4.1.171 french/account.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32261,platforms/windows/local/32261.rb,"MicroP 0.1.1.1600 - (.mppl) Local Stack Based Buffer Overflow",2014-03-14,"Necmettin COSKUN",windows,local,0 +32264,platforms/php/webapps/32264.txt,"Freeway 1.4.1.171 french/account_newsletters.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32265,platforms/php/webapps/32265.txt,"Freeway 1.4.1.171 includes/modules/faqdesk/faqdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32266,platforms/php/webapps/32266.txt,"Freeway 1.4.1.171 includes/modules/newsdesk/newsdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32267,platforms/php/webapps/32267.txt,"Freeway 1.4.1.171 templates/Freeway/boxes/card1.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32268,platforms/php/webapps/32268.txt,"Freeway 1.4.1.171 templates/Freeway/boxes/loginbox.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32269,platforms/php/webapps/32269.txt,"Freeway 1.4.1.171 templates/Freeway/boxes/whos_online.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32270,platforms/php/webapps/32270.txt,"Freeway 1.4.1.171 templates/Freeway/mainpage_modules/mainpage.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 diff --git a/platforms/asp/webapps/32255.txt b/platforms/asp/webapps/32255.txt new file mode 100755 index 000000000..132a56098 --- /dev/null +++ b/platforms/asp/webapps/32255.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/30712/info + +fipsCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +fipsCMS 2.1 is vulnerable; other versions may also be affected. + +http://www.example.com/fipsCMS/forum/neu.asp?kat=1+union+select+0,pw_admin+from+config \ No newline at end of file diff --git a/platforms/cgi/webapps/32258.txt b/platforms/cgi/webapps/32258.txt new file mode 100755 index 000000000..57b84711f --- /dev/null +++ b/platforms/cgi/webapps/32258.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/30730/info + +AWStats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. + +AWStats 6.8 is vulnerable; other versions may also be affected. + +http://www.example.com/awstats/awstats.pl?config=www.example.com&%22onload=%22alert(document.domain)// \ No newline at end of file diff --git a/platforms/hardware/webapps/32237.txt b/platforms/hardware/webapps/32237.txt new file mode 100755 index 000000000..2326f2adc --- /dev/null +++ b/platforms/hardware/webapps/32237.txt @@ -0,0 +1,55 @@ +# Exploit Title: Ubee EVW3200 - Multiple Persistent Cross Site Scripting + +# Google Dork: N/A + +# Date: 02-03-2014 + +# Exploit Author: Jeroen - IT Nerdbox + +# Vendor Homepage: http://www.ubeeinteractive.com/ + +# Software Link: +http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20 + +# Version: All + +# Tested on: N/A + +# CVE : N/A + +# + +## Description: + +# + +# The SSID and Device name settings in the wireless configuration do not +sanitize their input. + +# + +# The VPN Tunnel name is also vulnerable for persistent XSS + +# + +## PoC: + +# + +# Entering the following payload in one of these fields will execute +javascript: + +# + +# "> or "> + +# + +# + +# More information can be found at: +http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/ + + + diff --git a/platforms/hardware/webapps/32238.txt b/platforms/hardware/webapps/32238.txt new file mode 100755 index 000000000..cbb04ca93 --- /dev/null +++ b/platforms/hardware/webapps/32238.txt @@ -0,0 +1,64 @@ +# Exploit Title: Ubee EVW3200 - Multiple Cross Site Request Forgery + +# Google Dork: N/A + +# Date: 02-03-2014 + +# Exploit Author: Jeroen - IT Nerdbox + +# Vendor Homepage: http://www.ubeeinteractive.com/ + +# Software Link: +http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20 + +# Version: All + +# Tested on: N/A + +# CVE : N/A + +# + +## Description: + +# + +# The Ubee ECV3200 does not use Anti CSRF tokens in any of its forms. + +# + +## PoC: + +# + +#
+ +# + +# + +# + +# + +#