bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update: 2015-02-27

Browse source 
9 new exploits
This commit is contained in:
Offensive Security 2015-02-27 08:37:57 +00:00
parent cb77af20aa
commit f525eea5a1
10 changed files with 91 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
files.csv
View file

@ -22081,7 +22081,7 @@ id,file,description,date,author,platform,type,port
24974,platforms/hardware/remote/24974.rb,"Netgear DGN2200B pppoe.cgi Remote Command Execution",2013-04-22,metasploit,hardware,remote,0
24975,platforms/hardware/webapps/24975.txt,"D'Link DIR-615 Hardware rev D3 / DIR-300 - Hardware rev A - Multiple Vulnerabilities",2013-04-23,m-1-k-3,hardware,webapps,0
24976,platforms/multiple/remote/24976.rb,"Java Applet Reflection Type Confusion Remote Code Execution",2013-04-23,metasploit,multiple,remote,0
24977,platforms/linux/remote/24977.txt,"CUPS 1.1.x HPGL File Processor Buffer Overflow Vulnerability",2004-12-15,"Ariel Berkman",linux,remote,0
24977,platforms/linux/remote/24977.txt,"CUPS 1.1.x - HPGL File Processor Buffer Overflow Vulnerability",2004-12-15,"Ariel Berkman",linux,remote,0
24978,platforms/linux/remote/24978.txt,"Xine-Lib 0.9/1 - Remote Client-Side Buffer Overflow Vulnerability",2004-12-16,"Ariel Berkman",linux,remote,0
24979,platforms/multiple/remote/24979.txt,"XLReader 0.9 - Remote Client-Side Buffer Overflow Vulnerability",2004-12-16,"Kris Kubicki",multiple,remote,0
24980,platforms/multiple/remote/24980.txt,"Yanf 0.4 HTTP Response Buffer Overflow Vulnerability",2004-12-15,"Ariel Berkman",multiple,remote,0
@ -32609,3 +32609,12 @@ id,file,description,date,author,platform,type,port
36176,platforms/php/webapps/36176.txt,"Joomla! 1.7.0 and Prior Multiple Cross Site Scripting Vulnerabilities",2011-09-29,"Aung Khant",php,webapps,0
36177,platforms/php/webapps/36177.txt,"Bitweaver 2.8.1 Multiple Cross-Site Scripting Vulnerabilities",2011-09-29,"Stefan Schurtz",php,webapps,0
36178,platforms/php/webapps/36178.txt,"WordPress Atahualpa Theme 3.6.7 's' Parameter Cross Site Scripting Vulnerability",2011-09-29,SiteWatch,php,webapps,0
36179,platforms/php/webapps/36179.txt,"WordPress Hybrid Theme 0.9 'cpage' Parameter Cross Site Scripting Vulnerability",2011-09-24,SiteWatch,php,webapps,0
36180,platforms/php/webapps/36180.txt,"WordPress F8 Lite Theme 4.2.1 's' Parameter Cross Site Scripting Vulnerability",2011-09-24,SiteWatch,php,webapps,0
36181,platforms/php/webapps/36181.txt,"WordPress Elegant Grunge Theme 1.0.3 's' Parameter Cross Site Scripting Vulnerability",2011-09-29,SiteWatch,php,webapps,0
36182,platforms/php/webapps/36182.txt,"WordPress EvoLve Theme 1.2.5 's' Parameter Cross Site Scripting Vulnerability",2011-09-29,SiteWatch,php,webapps,0
36183,platforms/php/webapps/36183.txt,"WordPress Cover WP Theme 1.6.5 's' Parameter Cross Site Scripting Vulnerability",2011-09-24,jabdah,php,webapps,0
36184,platforms/php/webapps/36184.txt,"WordPress Web Minimalist Theme 1.1 'index.php' Cross Site Scripting Vulnerability",2011-09-24,SiteWatch,php,webapps,0
36185,platforms/php/webapps/36185.txt,"WordPress Pixiv Custom Theme 2.1.5 'cpage' Parameter Cross Site Scripting Vulnerability",2011-09-29,SiteWatch,php,webapps,0
36186,platforms/php/webapps/36186.txt,"WordPress Morning Coffee Theme 3.5 'index.php' Cross Site Scripting Vulnerability",2011-09-30,SiteWatch,php,webapps,0
36187,platforms/php/webapps/36187.txt,"WordPress Black-LetterHead Theme 1.5 'index.php' Cross Site Scripting Vulnerability",2011-09-30,SiteWatch,php,webapps,0

Can't render this file because it is too large.

9
platforms/php/webapps/36179.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/49866/info
The Hybrid theme for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to Hybrid theme 0.10 are vulnerable.
http://www.example.com/?p=8&cpage=[XSS]

9
platforms/php/webapps/36180.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/49867/info
The F8 Lite theme for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to F8 Lite theme 4.2.2 are vulnerable.
http://www.example.com/?p=8&s=[XSS]

9
platforms/php/webapps/36181.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/49869/info
The Elegant Grunge theme for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Elegant Grunge theme 1.0.3 is vulnerable; prior versions may also be affected.
http://www.example.com/?s="%20%3e%3c/input%3e%3cScRiPt%3ealert(123)%3c/ScRiPt%3e

9
platforms/php/webapps/36182.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/49872/info
The EvoLve theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to EvoLve theme 1.2.6 is vulnerable.
http://www.example.com?s=[xss]

9
platforms/php/webapps/36183.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/49873/info
The Cover WP theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to Cover WP theme 1.6.6 are vulnerable.
http://www.example.com/?s=[XSS]

9
platforms/php/webapps/36184.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/49874/info
The Web Minimalist theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to Web Minimalist theme 1.4 are vulnerable.
http://www.example.com/wp/index.php/[XSS]

9
platforms/php/webapps/36185.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/49875/info
The Pixiv Custom theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Pixiv Custom theme 2.1.5 is vulnerable; prior versions may also be affected.
http://www.example.com/?cpage=[xss]

9
platforms/php/webapps/36186.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/49878/info
The Morning Coffee theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Morning Coffee theme prior to 3.6 are vulnerable.
http://www.example.com/wp/index.php/%22+%3E%3C/form%3E%3CScRiPt%3Exss=53851965%3C/ScRiPt%3E/t

9
platforms/php/webapps/36187.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/49879/info
The Black-LetterHead theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Black-LetterHead theme 1.5 is vulnerable; prior versions may also be affected.
http://www.example.com/index.php/%22+%3E%3C/form%3E%3CScRiPt%3Exss=69566599%3C/ScRiPt%3E/t Post Request:s=1&