NovaBoard <= 1.0.1 (message) Persistent XSS Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NovaBoard = 1.0.1 / XSS Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: NovaBoard $ Version: = 1.0.1 $ File affected: index.php $ Download: http://www.novaboard.net/ Found by Pepelux pepeluxatenye-sec.org...

FOSS Gallery Public <= 1.0 - Arbitrary File Upload Vulnerabilities

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= FOSS Gallery Public Version = 1.0 / Arbitrary file upload Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Program: FOSS Gallery Public Version...

The Gemini Portal <= 4.7 Insecure Cookie Handling Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The Gemini Portal = 4.7 / Insecure Cookie Handling Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Program: The Gemini Portal Version: = 4.7 File affected: admin/...

eNYe Sec Monitor v1.0 DLL Hijacking Exploit (airpcap.dll)

Exploit for windows platform in category local exploits ========================================================= eNYe Sec Monitor v1.0 DLL Hijacking Exploit airpcap.dll ========================================================= / eNYe Sec Monitor v1.0 DLL Hijacking Exploit airpcap.dll Author :...

NetStumbler 0.4 - &#039;mfc71esn.dll&#039; DLL Loading Arbitrary Code Execution

// source: https://www.securityfocus.com/bid/43913/info NetStumbler is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains...

Microsoft Visio 2007 - &#039;mfc80esn.dll&#039; DLL Loading Arbitrary Code Execution

// source: https://www.securityfocus.com/bid/43914/info Microsoft Visio is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that...

sFileManager 24a - Local File Inclusion

sFileManager 24a - Local File Inclusion -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= sFileManager eNYe-Sec - www.enye-sec.org - www.pepelux.org ----- by the author ----- Simple File Manager SFM is a web based file management utility. It is designed to be used by those that don't wan...

txtshop - beta 1.0 / Local File Inclusion Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- txtshop - beta 1.0 / Local File Inclusion Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $ Program: txtshop $ Version: = 1.0 $ File affected: ADMIN/header.php $ Download: http://sourceforge.net/projects/txtshop/ Found ...

vshop - Axcoto cart &lt;= 0.1alpha / Local File Inclusion Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= vshop - Axcoto cart = 0.1alpha / Local File Inclusion Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: vshop - Axcoto cart $ Version: = 0.1alpha $ File affected: ADMIN/header.php $...

txtshop-lfi.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- txtshop - beta 1.0 / Local File Inclusion Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $ Program: txtshop $ Version: eNYe-Sec - www.enye-sec.org --Bug -- 4. if !$language$language="ch"; 5...

phpcrs 2.06 - importFunction Local File Inclusion

phpcrs 2.06 - importFunction Local File Inclusion -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- phpcrs eNYe-Sec - www.enye-sec.org --Bug -- 151. elseif isset $btnStartImport 152. require"../inc/frmDoImport.inc.php"; 153. require"../inc/". $importFunction .".inc.php"; 154...

FOSS Gallery Public Version &lt;= 1.0 / Arbitrary file upload Vulnerabilities

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= FOSS Gallery Public Version = 1.0 / Arbitrary file upload Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Program: FOSS Gallery Public Version Version: = 1.0 File affected:...

FOSS Gallery Public &lt;= 1.0 Arbitrary File Upload Vulnerabilities

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= FOSS Gallery Public Version = 1.0 / Arbitrary file upload Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Program: FOSS Gallery Public Version...

fossgp-upload.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= FOSS Gallery Public Version eNYe-Sec - www.enye-sec.org -- Bug -- Website doesn't check the images format and you can upload PHP files. -- Exploit -- http://localhost/shell.php...

foss10-upload.txt

! /usr/bin/perl -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- FOSS Gallery Admin Version eNYe-Sec - www.enye-sec.org Upload images is only allowed to the admin but the process to upload has 3 steps with 3 pages. only the first page check the user permissions. STEPS:...

PHPWebExplorer &lt;= 0.09b: Local File Inclusion Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- PHPWebExplorer = 0.09b: Local File Inclusion Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $ Program: PHPWebExplorer $ Files affected: main.php / edit.php $ Version: 0.99b $ Download:...

FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC)

FOSS Gallery Public 1.0 - Arbitrary File Upload PoC -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= FOSS Gallery Public Version eNYe-Sec - www.enye-sec.org -- Bug -- Website doesn't check the images format and you can upload PHP files. -- Exploit --...

printlog-disclose.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Printlog eNYe-Sec - www.enye-sec.org -- Description by the author's page -- PRITLOG is an extremely simple, small and powerful blog system. It does not use or need a MYSQL database and fully works based on flat files. The idea is derived from a...

Pritlog 0.4 - Filename Remote File Disclosure

Pritlog 0.4 - Filename Remote File Disclosure -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Printlog eNYe-Sec - www.enye-sec.org -- Description by the author's page -- PRITLOG is an extremely simple, small and powerful blog system. It does not use or need a MYSQL database and fully works bas...

The Gemini Portal 4.7 - Insecure Cookie Handling

The Gemini Portal 4.7 - Insecure Cookie Handling -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The Gemini Portal eNYe-Sec - www.enye-sec.org Program description by the author website Bug Exploit Note: POST is not checked and you can enter all by GET. Also you can create a simp...