152 matches found
SocialEngine 4.8.9 - SQL Injection
Exploit for php platform in category web applications Product: SocialEngine Vendor: Webligo Vulnerable Versions: 4.8.9 and probably prior Tested Version: 4.8.9 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Public Disclosure: April 6, 2016...
Dating Pro Genie 2015.7 Cross Site Request Forgery
Advisory ID: HTB23294 Product: Dating Pro Vendor: DatingPro Vulnerable Versions: Genie 2015.7 and probably prior Tested Version: Genie 2015.7 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 2016 Vendor Patch: February 29, 2016 Public Disclosure:...
WeBid 1.1.2P2 SQL Injection
Advisory ID: HTB23292 Product: WeBid Vendor: WeBid Vulnerable Versions: 1.1.2P2 and probably prior Tested Version: 1.1.2P2 Advisory Publication: January 22, 2016 without technical details Vendor Notification: January 22, 2016 Vendor Patch: February 4, 2016 Public Disclosure: February 17, 2016...
mcart.xls Bitrix Module 6.5.2 - SQL Injection
mcart.xls Bitrix Module 6.5.2 - SQL Injection Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015...
Roundcube 1.1.3 - Directory Traversal
Exploit for php platform in category web applications Product: Roundcube Vendor: Roundcube.net Vulnerable Versions: 1.1.3 and probably prior Tested Version: 1.1.3 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Vendor Patch: December 26, 20...
Remote Code Execution in Exponent
High-Tech Bridge Security Research Lab discovered critical vulnerability in Exponent CMS, which can be exploited to inject and execute arbitrary PHP code on the vulnerable system with the privileges of the web server. The vulnerability resides within "/install/index.php" script, when handling...
Zen Cart 1.5.4 Local File Inclusion Vulnerability
Zen Cart version 1.5.4 suffers from a local file inclusion vulnerability. Product: Zen Cart Vendor: Zen Ventures, LLC Vulnerable Versions: 1.5.4 Tested Version: 1.5.4 Advisory Publication: November 25, 2015 without technical details Vendor Notification: November 25, 2015 Vendor Patch: November 26...
Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal
Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal Advisory ID: HTB23278 Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18,...
Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion
Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 25, 2015...
bitrix.scan Bitrix 1.0.3 Path Traversal Vulnerability
bitrix.scan Bitrix module version 1.0.3 suffers from a path traversal vulnerability. Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: Novemb...
bitrix.mpbuilder Bitrix 1.0.10 Local File Inclusion
Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 25, 2015...
WordPress Gwolle Guestbook 1.5.3 Remote File Inclusion
Advisory ID: HTB23275 Product: Gwolle Guestbook WordPress Plugin Vendor: Marcel Pol Vulnerable Versions: 1.5.3 and probably prior Tested Version: 1.5.3 Advisory Publication: October 14, 2015 without technical details Vendor Notification: October 14, 2015 Vendor Patch: October 16, 2015 Public...
Horde Groupware 5.2.10 Cross Site Request Forgery Vulnerability
Horde Groupware version 5.2.10 suffers from a cross site request forgery vulnerability. Product: Horde Groupware Vendor: http://www.horde.org Vulnerable Versions: 5.2.10 and probably prior Tested Version: 5.2.10 Advisory Publication: September 30, 2015 without technical details Vendor Notificatio...
Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin
High-Tech Bridge Security Research Lab discovered two Cross-Site Scripting XSS vulnerabilities in a popular WordPress plugin Calls to Action. A remote attacker might be able to steal user's and administrator’s cookies, credentials and browser history, modify web page content to perform phishing...
iTop 2.1.0-2127 Cross Site Scripting Vulnerability
iTop version 2.1.0-2127 suffers from a cross site scripting vulnerability. Product: iTop Vendor: Combodo SARL Vulnerable Versions: 2.1.0-2127 and probably prior Tested Version: 2.1.0-2127 Advisory Publication: July 29, 2015 without technical details Vendor Notification: July 29, 2015 Vendor Patch...
iTop 2.1.0-2127 Cross Site Scripting
Advisory ID: HTB23268 Product: iTop Vendor: Combodo SARL Vulnerable Versions: 2.1.0-2127 and probably prior Tested Version: 2.1.0-2127 Advisory Publication: July 29, 2015 without technical details Vendor Notification: July 29, 2015 Vendor Patch: July 30, 2015 Public Disclosure: September 23, 2015...
Cerb 7.0.3 Cross Site Request Forgery
Advisory ID: HTB23269 Product: Cerb Vendor: Webgroup Media LLC Vulnerable Versions: 7.0.3 and probably prior Tested Version: 7.0.3 Advisory Publication: August 12, 2015 without technical details Vendor Notification: August 12, 2015 Vendor Patch: August 14, 2015 Public Disclosure: September 2, 201...
Cerb 7.0.3 Cross Site Request Forgery Vulnerability
Cerb version 7.0.3 suffers from a cross site request forgery vulnerability. Product: Cerb Vendor: Webgroup Media LLC Vulnerable Versions: 7.0.3 and probably prior Tested Version: 7.0.3 Advisory Publication: August 12, 2015 without technical details Vendor Notification: August 12, 2015 Vendor Patc...
Cerb 7.0.3 - Cross-Site Request Forgery
Advisory ID: HTB23269 Product: Cerb Vendor: Webgroup Media LLC Vulnerable Versions: 7.0.3 and probably prior Tested Version: 7.0.3 Advisory Publication: August 12, 2015 without technical details Vendor Notification: August 12, 2015 Vendor Patch: August 14, 2015 Public Disclosure: September 2, 201...
Cross-Site Scripting (XSS) in qTranslate WordPress Plugin
Advisory ID: HTB23265 Product: qTranslate WordPress plugin Vendor: Qian Qin Vulnerable Versions: 2.5.39 and probably prior Tested Version: 2.5.39 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Public Disclosure: July 29, 2015 Vulnerability Type:...