minzdravkk.ru XSS vulnerability

Open Bug Bounty ID: OBB-674166 Description| Value ---|--- Affected Website:| minzdravkk.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Bitrix Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

volen.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-665871 Description| Value ---|--- Affected Website:| volen.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

Sql injection

Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 order or 2 "by" parameter to admin/orion.extfeedbackformefbfforms.php...

CVE-2015-8355

Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 order or 2 "by" parameter to admin/orion.extfeedbackformefbfforms.php...

CVE-2015-8355

Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 order or 2 "by" parameter to admin/orion.extfeedbackformefbfforms.php...

CVE-2015-8355

The CVE-2015-8355 entry concerns the orion.extfeedbackform Bitrix module, specifically versions before 2.1.3. The vulnerability is SQL injection in the admin/orion.extfeedbackform_efbf_forms.php script, exploitable via the GET parameters order and by; an authenticated user could execute arbitrary...

Bitrix bitrix.mpbuilder Module < 1.0.12 bitrix.mpbuilder_step2.php 'work[]' Path Traversal File Inclusion

The version of the Bitrix bitrix.mpbuilder module running on the remote web server is prior to 1.0.12. It is, therefore, affected by a path traversal vulnerability due to a failure to properly sanitize user-supplied input to the 'work' parameter passed to the /bitrix/admin/bitrix.mpbuilderstep2.p...

Bitrix Product and Modules Detection

Binary data bitrixdetect.nbin...

Bitrix bitrix.xscan Module < 1.0.4 bitrix.xscan_worker.php 'file' Parameter Path Traversal File Disclosure

The version of the Bitrix bitrix.xscan module running on the remote web server is prior to 1.0.4. It is, therefore, affected by a path traversal vulnerability due to a failure to properly sanitize user-supplied input to the 'file' parameter passed to the /bitrix/admin/bitrix.xscanworker.php scrip...

Sql injection

Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 xlsprofile parameter to admin/mcartxlsimport.php or the 2 xlsiblockid, 3 xlsiblocksectionid, 4 firstRow, 5 titleRow, 6...

CVE-2015-8356

Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 xlsprofile parameter to admin/mcartxlsimport.php or the 2 xlsiblockid, 3 xlsiblocksectionid, 4 firstRow, 5 titleRow, 6...

CVE-2015-8356

CVE-2015-8356 affects the mcart.xls Bitrix module (versions 6.5.2 and earlier). Multiple SQL injection flaws allow an authenticated remote user to execute arbitrary SQL via parameters to admin/mcart_xls_import.php (xls_profile) or admin/mcart_xls_import_step_2.php (xls_iblock_id, xls_iblock_secti...

CVE-2015-8356

Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 xlsprofile parameter to admin/mcartxlsimport.php or the 2 xlsiblockid, 3 xlsiblocksectionid, 4 firstRow, 5 titleRow, 6...

Bitrix Site Manager Cross Site Scripting

Hello list! There is Cross-Site Scripting vulnerability in Bitrix Site Manager. ------------------------- Affected products: ------------------------- Vulnerable was the last version of Bitrix Site Manager at 12.06.2015, when I found this vulnerability on web site of Russian terrorists. At that...

partners.1c-bitrix.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-178905 Description| Value ---|--- Affected Website:| partners.1c-bitrix.ru Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...

1c-bitrix.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-175847 Description| Value ---|--- Affected Website:| 1c-bitrix.ru Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet Vulnerabl...

Vulnerability of the 1C-Bitrix web project management system: The website management feature allows a remote attacker to obtain a reset password for any user, as well as the user’s own password.

Vulnerability of the 1C-Bitrix web project management system: Website management related to errors in the code of the pseudo-random number generator mtrand. Exploiting this vulnerability allows an unauthorized attacker to obtain confirmation codes for resetting passwords of any user, as well as t...

Vulnerability of the 1C-Bitrix web project management system: Website management that allows malicious actors to bypass access restrictions

Vulnerability of the 1C-Bitrix web project management system: Website management related to errors in the integrity control mechanism of the control scripts. Exploiting this vulnerability allows a malicious actor to manipulate the integrity check mechanism and modify files within the system witho...

mikhailovsky.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-129038 Description| Value ---|--- Affected Website:| mikhailovsky.ru Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...

bank-hlynov.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-128955 Description| Value ---|--- Affected Website:| bank-hlynov.ru Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...