minzdravkk.ru XSS vulnerability

Open Bug Bounty ID: OBB-674166 Description| Value ---|--- Affected Website:| minzdravkk.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Bitrix Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

volen.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-665871 Description| Value ---|--- Affected Website:| volen.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

Sql injection

Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 order or 2 "by" parameter to admin/orion.extfeedbackformefbfforms.php...

CVE-2015-8355

Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 order or 2 "by" parameter to admin/orion.extfeedbackformefbfforms.php...

CVE-2015-8355

The CVE-2015-8355 entry concerns the orion.extfeedbackform Bitrix module, specifically versions before 2.1.3. The vulnerability is SQL injection in the admin/orion.extfeedbackform_efbf_forms.php script, exploitable via the GET parameters order and by; an authenticated user could execute arbitrary...

CVE-2015-8355

Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 order or 2 "by" parameter to admin/orion.extfeedbackformefbfforms.php...

Bitrix Product and Modules Detection

Binary data bitrixdetect.nbin...

Bitrix bitrix.mpbuilder Module < 1.0.12 bitrix.mpbuilder_step2.php 'work[]' Path Traversal File Inclusion

The version of the Bitrix bitrix.mpbuilder module running on the remote web server is prior to 1.0.12. It is, therefore, affected by a path traversal vulnerability due to a failure to properly sanitize user-supplied input to the 'work' parameter passed to the /bitrix/admin/bitrix.mpbuilderstep2.p...

Bitrix bitrix.xscan Module < 1.0.4 bitrix.xscan_worker.php 'file' Parameter Path Traversal File Disclosure

The version of the Bitrix bitrix.xscan module running on the remote web server is prior to 1.0.4. It is, therefore, affected by a path traversal vulnerability due to a failure to properly sanitize user-supplied input to the 'file' parameter passed to the /bitrix/admin/bitrix.xscanworker.php scrip...

Sql injection

Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 xlsprofile parameter to admin/mcartxlsimport.php or the 2 xlsiblockid, 3 xlsiblocksectionid, 4 firstRow, 5 titleRow, 6...

CVE-2015-8356

Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 xlsprofile parameter to admin/mcartxlsimport.php or the 2 xlsiblockid, 3 xlsiblocksectionid, 4 firstRow, 5 titleRow, 6...

CVE-2015-8356

CVE-2015-8356 affects the mcart.xls Bitrix module (versions 6.5.2 and earlier). Multiple SQL injection flaws allow an authenticated remote user to execute arbitrary SQL via parameters to admin/mcart_xls_import.php (xls_profile) or admin/mcart_xls_import_step_2.php (xls_iblock_id, xls_iblock_secti...

CVE-2015-8356

Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 xlsprofile parameter to admin/mcartxlsimport.php or the 2 xlsiblockid, 3 xlsiblocksectionid, 4 firstRow, 5 titleRow, 6...

Bitrix Site Manager Cross Site Scripting

Hello list! There is Cross-Site Scripting vulnerability in Bitrix Site Manager. ------------------------- Affected products: ------------------------- Vulnerable was the last version of Bitrix Site Manager at 12.06.2015, when I found this vulnerability on web site of Russian terrorists. At that...

partners.1c-bitrix.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-178905 Description| Value ---|--- Affected Website:| partners.1c-bitrix.ru Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...

1c-bitrix.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-175847 Description| Value ---|--- Affected Website:| 1c-bitrix.ru Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet Vulnerabl...

Vulnerability of the 1C-Bitrix web project management system: Website management that allows malicious actors to bypass access restrictions

Vulnerability of the 1C-Bitrix web project management system: Website management related to errors in the integrity control mechanism of the control scripts. Exploiting this vulnerability allows a malicious actor to manipulate the integrity check mechanism and modify files within the system witho...

Vulnerability of the 1C-Bitrix web project management system: The website management feature allows a remote attacker to obtain a reset password for any user, as well as the user’s own password.

Vulnerability of the 1C-Bitrix web project management system: Website management related to errors in the code of the pseudo-random number generator mtrand. Exploiting this vulnerability allows an unauthorized attacker to obtain confirmation codes for resetting passwords of any user, as well as t...

mikhailovsky.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-129038 Description| Value ---|--- Affected Website:| mikhailovsky.ru Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...

bank-hlynov.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-128955 Description| Value ---|--- Affected Website:| bank-hlynov.ru Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...