52 matches found
threedify designer 5.0.2 - Multiple Vulnerabilities
No description provided by source. ========================================= Vulnerability ID: HTB23021 Reference: http://www.htbridge.ch/advisory/threedifydesigneractivexcontrolinsecuremethod.html Product: ThreeDify Designer Vendor: ThreeDify http://www.threedify.com Vulnerable Version: 5.0.2 an...
Sony VAIO Wireless Manager 4.0.0.0 Buffer Overflows
Exploit for hardware platform in category dos / poc Product: Wireless Manager Sony VAIO Vendor: Sony Computers Vulnerable Versions: 4.0.0.0 and probably prior Tested Version: 4.0.0.0 Vendor Notification: 7 December 2011 Vendor Patch: 20 January 2012 Public Disclosure: 30 May 2012 Vulnerability...
Pligg CMS 1.2.1 Cross Site Scripting / Local File Inclusion
Advisory ID: HTB23089 Product: Pligg CMS Vendor: Pligg, LLC. Vulnerable Versions: 1.2.1 and probably prior Tested Version: 1.2.1 Vendor Notification: 25 April 2012 Vendor Patch: 18 May 2012 Public Disclosure: 23 May 2012 Vulnerability Type: Local File Inclusion, Cross-Site Scripting XSS CVE...
pragmaMx 1.12.1 Cross Site Scripting
Advisory ID: HTB23090 Product: pragmaMx Vendor: pragmaMx Team Vulnerable Versions: 1.12.1 and probably prior Tested Version: 1.12.1 Vendor Notification: 2 May 2012 Vendor Patch: 4 May 2012 Public Disclosure: 23 May 2012 Vulnerability Type: Cross-Site Scripting XSS CVE Reference: CVE-2012-2452...
Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress
Advisory ID: HTB23082 Product: All-in-One Event Calendar Plugin for WordPress Vendor: The Seed Studio Vulnerable Versions: 1.4 and probably prior Tested Version: 1.4 Vendor Notification: 21 March 2012 Public Disclosure: 11 April 2012 Vulnerability Type: Cross-Site Scripting XSS CVE References:...
newscoop 3.5.3 - Multiple Vulnerabilities
Advisory ID: HTB23084 Product: Newscoop Vendor: Sourcefabric o.p.s. Vulnerable Versions: 3.5.3 and probably prior, partially 4.0 RC3 Tested Version: 3.5.3 Vendor Notification: 28 March 2012 Vendor Patch: 5 April 2012 Public Disclosure: 18 April 2012 Vulnerability Type: Remote File Inclusion, SQL...
XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities Advisory ID: HTB23062 Product: XOOPS Vendor: xoops.org Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Vendor Notification: 7 December 2011 Vendor Patch: 22 February 2012 Public Disclosure: 18 April 2012 Vulnerability...
XOOPS 2.5.4 Cross Site Scripting
Advisory ID: HTB23062 Product: XOOPS Vendor: xoops.org Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Vendor Notification: 7 December 2011 Vendor Patch: 22 February 2012 Public Disclosure: 18 April 2012 Vulnerability Type: XSS Cross Site Scripting CVE References: CVE-2012-098...
Multiple vulnerabilities in Open Journal Systems (OJS)
Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...
Multiple XSS in Chyrp
Advisory ID: HTB23073 Product: Chyrp Vendor: Chyrp Vulnerable Versions: 2.5b1 and probably prior Tested Version: 2.5b1 Vendor Notification: 1 February 2012 Vendor Patch: 2 February 2012 Public Disclosure: 22 February 2012 Vulnerability Type: Cross Site Scripting XSS CVE References: CVE-2012-1001...
Multiple vulnerabilities in Elefant CMS
Advisory ID: HTB23076 Product: Elefant CMS Vendor: Elefant CMS Vulnerable Versions: 1.1.3 beta and probably prior Tested Version: 1.1.3 beta Vendor Notification: 22 February 2012 Vendor Patch: 22 February 2012 Public Disclosure: 14 March 2012 Vulnerability Type: SQL Injection, XSS Cross Site...
Multiple vulnerabilities in ZENphoto
Advisory ID: HTB23070 Product: ZENphoto Vendor: www.zenphoto.org Vulnerable Version: 1.4.2 and probably prior Tested Version: 1.4.2 Vendor Notification: 18 January 2012 Vendor Patch: 19 January 2012 Public Disclosure: 8 February 2012 Vulnerability Type: PHP Code Execution, SQL Injection, XSS...
ZENphoto 1.4.2 Code Execution / XSS / SQL Injection
Advisory ID: HTB23070 Product: ZENphoto Vendor: www.zenphoto.org Vulnerable Version: 1.4.2 and probably prior Tested Version: 1.4.2 Vendor Notification: 18 January 2012 Vendor Patch: 19 January 2012 Public Disclosure: 8 February 2012 Vulnerability Type: PHP Code Execution, SQL Injection, XSS...
OpenEMR 4.1.0 Local File Inclusion / Command Execution
Advisory ID: HTB23069 Product: OpenEMR Vendor: OEMR Vulnerable Version: 4.1.0 and probably prior Tested Version: 4.1.0 Vendor Notification: 11 January 2012 Vendor Patch: 29 January 2012 Public Disclosure: 01 February 2012 Vulnerability Type: Local File Inclusion, Arbitrary Command Execution...
OneOrZero AIMS 2.8.0 Trial Build 231211 Cross Site Scripting
Advisory ID: HTB23066 Reference: https://www.htbridge.ch/advisory/xssinoneorzeroaims.html Product: OneOrZero AIMS Vendor: www.oneorzero.com http://www.oneorzero.com/ Vulnerable Version: 2.8.0 Trial build231211 and probably prior Tested Version: 2.8.0 Trial build231211 Vendor Notification: 28...
KnowledgeTree 3.7.0.2 Cross Site Scripting
Advisory ID: HTB23065 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinknowledgetreecommunityedition.html Product: KnowledgeTree Commercial and Community Editions Vendor: KnowledgeTree Inc. http://knowledgetree.org Vulnerable Version: 3.7.0.2 and probably prior Tested Version:...
PHPShop CMS Free 3.4 Cross Site Scripting / SQL Injection
No description provided by source. Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinphpshopcmsfree.html Product: PHPShop CMS Free Vendor: PHPShop Software http://www.phpshopcms.ru/ Vulnerable Version: 3.4 and probably prior Tested Version: 3.4 Vendor Notification: 23 November...
PHPShop CMS Free 3.4 Cross Site Scripting / SQL Injection
Vulnerability ID: HTB23058 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinphpshopcmsfree.html Product: PHPShop CMS Free Vendor: PHPShop Software http://www.phpshopcms.ru/ Vulnerable Version: 3.4 and probably prior Tested Version: 3.4 Vendor Notification: 23 November 2011...
Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store
No description provided by source. Vulnerable Version: Prior to v.6.1.0.1 Tested Version: 5.0.0.5 Vendor Notification: 26 August 2011 Vulnerability Type: Heap Memory Corruption Status: Fixed by Vendor Risk level: Medium Credit: High-Tech Bridge SA Security Research Lab...
Cross-site Scripting (XSS) Vulnerabilities in epesi BIM
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in epesi BIM which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in epesi BIM 1.1 The vulnerability exists due to input sanitation error in the "diratual"...