Update: 2015-02-01

7 new exploits

files.csv

@@ -32388,3 +32388,10 @@ id,file,description,date,author,platform,type,port
 35946,platforms/php/webapps/35946.txt,"Chyrp 2.x includes/lib/gz.php file Parameter Traversal Arbitrary File Access",2011-07-29,Wireghoul,php,webapps,0
 35947,platforms/php/webapps/35947.txt,"Chyrp 2.x swfupload Extension upload_handler.php File Upload Arbitrary PHP Code Execution",2011-07-29,Wireghoul,php,webapps,0
 35953,platforms/windows/local/35953.c,"McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation",2015-01-30,ParvezGHH,windows,local,0
+35954,platforms/php/webapps/35954.txt,"Auto Web Toolbox 'id' Parameter SQL Injection Vulnerability",2011-07-15,Lazmania61,php,webapps,0
+35955,platforms/php/webapps/35955.txt,"Easy Estate Rental 's_location' Parameter SQL Injection Vulnerability",2011-07-15,Lazmania61,php,webapps,0
+35956,platforms/php/webapps/35956.txt,"Joomla Foto Component 'id_categoria' Parameter SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0
+35957,platforms/linux/local/35957.txt,"Linux Kernel 2.6.26 Auerswald USB Device Driver Buffer Overflow Vulnerability",2009-10-19,"R. Dominguez Veg",linux,local,0
+35958,platforms/php/webapps/35958.txt,"Joomla Juicy Gallery Component 'picId' Parameter SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0
+35959,platforms/php/webapps/35959.txt,"Joomla! 'com_hospital' Component SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0
+35960,platforms/php/webapps/35960.txt,"Joomla Controller Component 'Itemid' Parameter SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0

platforms/linux/local/35957.txt

@@ -0,0 +1,18 @@
+source: http://www.securityfocus.com/bid/48687/info
+
+The Auerswald USB Device Driver for the Linux kernel is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
+
+Attackers can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will likely crash the kernel, denying service to legitimate users.
+
+Linux kernel 2.6.26 is vulnerable; prior versions may also be affected. 
+
+0xbf, 0x09, /*  u16 idVendor; */ 
+0xc0, 0x00, /*  u16 idProduct; */ 
+0x10, 0x42, /*  u16 bcdDevice */ 
+
+case 1: 
+      /* serial number */ 
+      ret = set_usb_string(data, ??); 
+          break; 
+      case 2: 
+          ret = set_usb_string(data,?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA?);

platforms/php/webapps/35954.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/48683/info
+
+Auto Web Toolbox is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. 
+
+http://www.example.com/inventory/details.php?id=496 

platforms/php/webapps/35955.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/48684/info
+
+Easy Estate Rental is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. 
+
+http://www.example.com/demo/uk/site_location.php?s_location=46â??a 

platforms/php/webapps/35956.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/48685/info
+
+The 'Foto' component for Joomla! is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_foto&task=categoria&id_categoria=-4+union+select+1,password,username,4,5,6,7+from+jos_users-- 

platforms/php/webapps/35958.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/48688/info
+
+The Juicy Gallery component for Joomla! is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
+
+http://www.example.com/index.php?option=com_juicy&task=showComments&picId=[EXPLOIT] 

platforms/php/webapps/35959.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/48689/info
+
+The 'com_hospital' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_hospital&view=departments&Itemid=21&did=[SQL INJECTION] 

platforms/php/webapps/35960.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/48690/info
+
+The Controller component for Joomla! is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_controller&id=53&Itemid=[SQLi]