EUVD-2010-4857

Malware in sbrugna...

festos-xenia.gr Cross Site Scripting vulnerability OBB-3518947

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

festos cms 2.3b Multiple Vulnerabilities

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 9 0day | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-9-festos-cms-2-3b-multiple-remote-vulnerabilities/ ''' Title : FestOS CMS 2.3b Multiple Remote...

FestOs <= 2.2.1 - Multiple RFI Exploit

No description provided by source. Exploit Title: FestOs = 2.2.1 Multiple RFI Exploit Date: 19-12-2009 Author: cr4wl3r Software Link: http://code.google.com/p/festos/downloads/list Version: N/A Tested on: GNU/LINUX Code : reportsplacement.php ?php $title = Jury Sheet Report;...

CVE-2010-4893

Cross-site scripting XSS vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action...

Cross site scripting

Cross-site scripting XSS vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action...

CVE-2010-4893

Cross-site scripting XSS vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action...

CVE-2010-4893

CVE-2010-4893 : XSS vulnerability in FestOS 2.3b, affecting foodvendors.php via the details action’s category parameter, allowing remote arbitrary web-script/HTML injection. The vulnerability is documented across multiple sources (NVD/NVD entry) with no publicly provided patch details in the conn...

FestOS <= 2.3c TinyBrowser File Upload Code Execution

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

FestOS <= 2.3c TinyBrowser File Upload Code Execution (meta)

Exploit for php platform in category remote exploits...

FestOS <= 2.3c Multiple CSRF Vulnerabilities

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

FestOS 2.3c XSRF / Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

FestOS 2.3c - upload.php Arbitrary File Upload

FestOS 2.3c - upload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/47751/info FestOS is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and r...

FestOS <= 2.3c (CSRF/FU) Multiple Vulnerabilities

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

FestOS 2.3c - &#039;upload.php&#039; Arbitrary File Upload

source: https://www.securityfocus.com/bid/47751/info FestOS is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and run it in the context of the webserver process...

Month Of Abysssec Undisclosed Bugs - FestOS CMS 2.3b

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | query$query; poc: in admin.php page: username: admin' or '1'='1 password: admin' or '1'='1 1.2- in festoszdologin.php: $query = "SELECT vendorID FROM ".$config'dbprefix'."vendors WHERE LCASEemail =...

festos CMS 2.3b - Multiple Vulnerabilities

festos CMS 2.3b - Multiple Vulnerabilities ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | query$query; poc: in admin.php page: username: admin' or '1'='1 password: admin' or '1'='1 1.2- in festoszdologin.php: $query = "SELECT vendorID FROM...

FestOS CMS 2.3b Multiple Remote Vulnerabilities

Exploit for php platform in category web applications =============================================== FestOS CMS 2.3b Multiple Remote Vulnerabilities =============================================== Title : FestOS CMS 2.3b Multiple Remote Vulnerabilities Affected Version : query$query; poc: in...

festos CMS 2.3b - Multiple Vulnerabilities

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | query$query; poc: in admin.php page: username: admin' or '1'='1 password: admin' or '1'='1 1.2- in festoszdologin.php: $query = "SELECT vendorID FROM ".$config'dbprefix'."vendors WHERE LCASEemail =...

FestOS 2.3b Cross Site Scripting

Vulnerability ID: HTB22473 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinfestos1.html Product: FestOS Vendor: Skypanther Studios, Inc http://festengine.org/ Vulnerable Version: 2.3b and Probably Prior Versions Vendor Notification: 01 July 2010 Vulnerability Type: Stored XSS Cross...