559 matches found
SQL Injection in SocialEngine
High-Tech Bridge Security Research Lab discovered SQL-Injection vulnerability in a popular social networking software SocialEngine. The vulnerability can be exploited to gain access to potentially sensitive information in database and compromise the entire website. The vulnerability exists due to...
SQL Injection in webSPELL
High-Tech Bridge Security Research Lab discovered two vulnerabilities in a popular CMS webSPELL developed for the needs of esport related communities. The vulnerability allows a remote authenticated attacker with cashbox access privileges to execute arbitrary SQL commands in application’s databas...
SQL Injection in WeBid
High-Tech Bridge Security Research Lab discovered SQL Injection vulnerability in a poplar web auction software WeBid. The vulnerability can be exploited by remote non-authenticated attacker to alter present SQL query and execute arbitrary SQL commands in application's database. Successful...
RCE via CSRF in osCmax
High-Tech Bridge Security Research Lab discovered 2 PHP Local File Inclusion vulnerabilities in osCmax, a popular web-based e-commerce application and shopping cart. The vulnerabilities can be exploited to execute arbitrary PHP code on the target system. Successful exploitation of these...
Remote Code Execution in GLPI
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in GLPI, which can be exploited to bypass security restrictions and execute arbitrary PHP code with privileges of web server. 1 Improper Access Control in GLPI The vulnerability exists due to insufficient access restrictio...
SQL Injection in SugarCRM
High-Tech Bridge SA Security Research Lab has discovered vulnerability in SugarCRM, which can be exploited to perform SQL injection attacks. 1 SQL Injection Vulnerability in SugarCRM: CVE-2011-4833 Input passed via the "where" and "order" GET parameters to index.php is not properly sanitised befo...
Installation Path Disclosure Weakness in SPIP
High-Tech Bridge SA Security Research Lab has discovered a weakness in SPIP which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in SPIP The weakness exists due to application reveals the full path to installation directory in an...
Two SQL Injections in All In One WP Security WordPress plugin
High-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin, which can be exploited to perform SQL Injection attacks. Both vulnerabilities require administrative privileges, however can be also exploited by non-authenticated...
Multiple Vulnerabilities in CLANSPHERE
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CLANSPHERE which could be exploited to perform cross-site scripting, script insertion and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in CLANSPHERE The vulnerability exists due to input...
SQL Injection in AdRotate
High-Tech Bridge Security Research Lab discovered vulnerability in AdRotate, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in AdRotate: CVE-2014-1854 The vulnerability exists due to insufficient validation of "track" HTTP GET parameter passed to...
SQL Injection in Orbit Open Ad Server
High-Tech Bridge Security Research Lab discovered vulnerability in Orbit Open Ad Server, which can be exploited to perform SQL Injection attacks, alter SQL requests to database of vulnerable application and potentially gain control over the vulnerable website. 1 SQL Injection in Orbit Open Ad...
Unrestricted Upload of File with Dangerous Type in BoltWire
High-Tech Bridge Security Research Lab discovered vulnerability in BoltWire, which can be exploited to execute arbitrary PHP code on the target system and gain complete control over vulnerable web application. 1 Unrestricted Upload of File with Dangerous Type in BoltWire: CVE-2014-4169 The...
SQL Injection in Chamilo LMS
High-Tech Bridge Security Research Lab discovered vulnerability in Chamilo LMS, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in Chamilo LMS: CVE-2013-6787 The vulnerability exists due to insufficient validation of "password0" HTTP POST parameter passed to...
SQL Injection in vtiger CRM
High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in vtiger CRM, which can be exploited to execute arbitrary SQL commands in application's database. 1 SQL Injection in vtiger CRM: CVE-2013-5091 The vulnerability exists due to insufficient validation of "onlyforuser" HT...
Multiple vulnerabilities in Open Journal Systems (OJS)
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Open Journal Systems which can be exploited to manipulate local files, upload arbitrary files and perform Cross-Site Scripting XSS attacks. 1 Arbitrary File Manipulation in Open Journal Systems: CVE-2012-1467 1.1...
Multiple Vulnerabilities in Piwigo
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Piwigo, which can be exploited to perform Сross-Site Request Forgery and Path Traversal attacks. 1 Сross-Site Request Forgery CSRF in Piwigo: CVE-2013-1468 The vulnerability exists due to insufficient verificatio...
Heap Buffer Overflow in PHP
High-Tech Bridge Security Research Lab discovered a remote heap buffer overflow vulnerability in PHP, which can be exploited to cause a denial of service or execute arbitrary code on the target system. 1 Heap Buffer Overflow in PHP: CVE-2014-9705 The vulnerability resides within the...
SQL Injection Vulnerability in OrangeHRM
High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in OrangeHRM, which could be exploited to alter SQL requests to application's database. 1 SQL Injection Vulnerability in Orange HRM: CVE-2012-5367 The vulnerability was discovered in the "/symfony/web/index.php" script...
Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin
High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Easing Slider WordPress plugin, which can be exploited against administrators of WordPress with the vulnerable plugin to perform Cross-Site Scripting attacks. Successful exploitation of the vulnerabilities may allow an...
SQL Injection in Dolphin | HTB23216
High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in Dolphin, which can be exploited to perform SQL injection attacks and obtain sensitive information from the application database. 1 SQL Injection in Dolphin: CVE-2014-3810 The vulnerability exists due to insufficient...
Cross-Site Scripting (XSS) in Magnolia CMS
High-Tech Bridge Security Research Lab discovered XSS vulnerability in Magnolia CMS, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application. 1 Cross-Site Scripting XSS in Magnolia CMS: CVE-2013-4759 The vulnerability exists due to insufficient...
Cross-Site Scripting (XSS) in Geeklog
High-Tech Bridge Security Research Lab discovered vulnerability in Geeklog that can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Geeklog: CVE-2013-1470 The vulnerability exists due to insufficient filtration of user-supplied data in "calendartype" HTTP...
Multiple vulnerabilities in PBBoard
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in PBBoard, which can be exploited to perform SQL injection attacks, change password of arbitrary user and create arbitrary files in folder of the vulnerable application. 1 Multiple SQL Injections in PBBoard: CVE-2012-4034...
SQL Injection in Huge IT Slider WordPress Plugin
High-Tech Bridge Security Research Lab discovered an SQL injection vulnerability in Huge IT Slider WordPress Plugin. This vulnerability can be exploited by website administrators as well as anonymous attackers to inject and execute arbitrary SQL queries within the application’s database. 1 SQL...
Cross-Site Scripting (XSS) in Tweet Blender Wordpress Plugin
High-Tech Bridge Security Research Lab discovered vulnerability in Tweet Blender Wordpress Plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Tweet Blender Wordpress Plugin: CVE-2013-6342 1.1 The vulnerability exists due to insufficient...
Cross-Site Scripting (XSS) in Kayako Fusion
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Kayako Fusion, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Kayako Fusion: CVE-2012-3233 Input appended to the URL after...
Cross-site Scripting (XSS) Vulnerability in Zikula Application Framework
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zikula Application Framework, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Zikula Application Framework Input passed via the "themename" parameter to...
Cross-site Scripting (XSS) Vulnerability in Nuggetz CMS
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Nuggetz CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Nuggetz CMS The vulnerability exists due to input sanitation error in the "pagevalue" parameter in...
Multiple vulnerabilities in MantisBT
High-Tech Bridge Security Research Lab has discovered multiple vulnerabilities in MantisBT, which can be exploited to perform Cross-Site Scripting XSS and SQL injection attacks. Improper access control vulnerability discloses database's credentials login and password in plaintext. 1 Cross-Site...
Multiple SQL Injection Vulnerabilities in web2Project
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in web2Project, which can be exploited to perform SQL Injection attacks and gain complete access to vulnerable website. 1 SQL Injection in web2Project: CVE-2014-3119 1.1 The vulnerability exists due to insufficient...
XSS in PrestaShop
High-Tech Bridge SA Security Research Lab has discovered vulnerability in PrestaShop, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in PrestaShop Input passed via the "product" POST parameter to ajax.php is not properly sanitised before being...
Multiple vulnerabilities in Newscoop
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Newscoop, which can be exploited to perform Remote File Inclusion, SQL Injection and Cross-Site Scripting XSS attacks. 1 Multiple Remote File Inclusion in Newscoop: CVE-2012-1933 1.1 Input passed via the...
Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin
High-Tech Bridge Security Research Lab discovered vulnerability in WP-Cron Dashboard Wordpress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in WP-Cron Dashboard Wordpress plugin: CVE-2013-6991 The vulnerability exists due to insufficient...
SQL Injection Vulnerability in Symphony
High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in Symphony, which can be exploited to alter SQL requests to database of the vulnerable application. 1 SQL Injection in Symphony: CVE-2013-2559 The vulnerability exists due to insufficient filtration of "sort" HTTP GET...
Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in All-in-One Event Calendar Plugin for WordPress, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in All-in-One Event Calendar Plugin for WordPress: CVE-2012-1835 1.1...
Cross-Site Scripting (XSS) in Phorum
High-Tech Bridge Security Research Lab discovered vulnerability in Phorum, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Phorum: CVE-2012-4234 Input passed via the "group" GET parameter to /control.php is not properly sanitised before being...
Cross-Site Request Forgery (CSRF) in Kanboard
High-Tech Bridge Security Research Lab discovered vulnerability in Kanboard, which can be exploited to perform Сross-Site Request Forgery CSRF attacks and gain complete control over the vulnerable application. 1. Сross-Site Request Forgery CSRF in Kanboard: CVE-2014-3920 The vulnerability exists...
Multiple XSS in Fork CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Fork CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Fork CMS: CVE-2012-1188 1.1 Input passed via the "type" and "querystring" GET parameters to...
Multiple vulnerabilities in ZENphoto
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ZENphoto, which can be exploited to perform arbitrary PHP code execution, sql injection and cross site scripting attacks. 1 Arbitrary PHP Code Execution in ZENphoto: CVE-2012-0993 Input passed via...
Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework (SPF)
High-Tech Bridge Security Research Lab discovered multiple command execution vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine remotely. Similar vulnerabilities were discovered...
Multiple Vulnerabilities in phpList
High-Tech Bridge Security Research Lab has discovered multiple vulnerabilities in phpList, which can be exploited to perform Cross-Site Scripting XSS and SQL Injection attacks against the vulnerable application. 1 Cross-Site Scripting XSS in phpList: CVE-2012-3952 Input passed via the "unconfirme...
Multiple Vulnerabilities in CMSimple
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CMSimple which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in CMSimple The vulnerability exists due to input sanitation...
Multiple XSS vulnerabilities in XOOPS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in XOOPS, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Multiple Cross-Site Scripting XSS in XOOPS: CVE-2012-0984 1.1 Input passed via the "touserid" POST parameter to /modules/pm/pmlite.php ...
Cross-site Scripting (XSS) Vulnerabilities in GBook PHP guestbook
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in GBook PHP guestbook which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in GBook PHP guestbook The vulnerability exists due to input sanitation error in th...
Multiple SQL Injection Vulnerabilities in AuraCMS
High-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in AuraCMS, which can be exploited to alter SQL queries and execute arbitrary SQL commands in application's database. 1 Multiple SQL Injection Vulnerabilities in AuraCMS: CVE-2014-1401 1.1 The vulnerability exists...
Multiple vulnerabilities in Elefant CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Elefant CMS, which can be exploited to perform SQL Injection and Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Elefant CMS: CVE-2012-1296 1.1 Input passed via the "title" and "body" GET paramete...
SQL Injection Vulnerabilities in 4site CMS
High-Tech Bridge SA Security Research Lab has discovered three vulnerabilities in 4site CMS which could be exploited to execute arbitrary SQL commands in applications database. 1 SQL injection vulnerabilities in 4site CMS: CVE-2010-4152 1.1 The vulnerability exists due to insufficient validation ...
Cross-Site Scripting (XSS) in Duplicator WordPress Plugin
High-Tech Bridge Security Research Lab discovered XSS vulnerability in Duplicator WordPress plugin, which can be exploited to perform cross-site scripting attacks against vulnerable application. 1 Cross-Site Scripting XSS in Duplicator WordPress Plugin: CVE-2013-4625 The vulnerability exists due ...
Cross-Site Scripting (XSS) Vulnerabilities in Flogr
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Flogr, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS Vulnerabilities in Flogr: CVE-2012-4336 Input appended to the URL after /index.php is not properly sanitised before...
Cross-site Scripting (XSS) Vulnerability in PHP Directory Listing Script
High-Tech Bridge SA Security Research Lab has discovered vulnerability in PHP Directory Listing Script which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in PHP Directory Listing Script The vulnerability exists due to input sanitation error ...