Htbridge - Page 3 of Htbridge Most Viewed Vulnerabilities List

htbridge•added 2010/04/12 12:0 a.m.•65 views

Cross-site Scripting Vulnerability in Microsoft SharePoint Server 2007

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Microsoft SharePoint Server 2007 which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting vulnerability in Microsoft SharePoint Server 2007: CVE-2010-0817 An input sanitation error was found ...

4.3CVSS5.9AI score0.28707EPSS

htbridge•added 2011/03/01 12:0 a.m.•63 views

Installation Path Disclosure Weakness in xt:Commerce

High-Tech Bridge SA Security Research Lab has discovered a weakness in xt:Commerce which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in xt:Commerce The weakness exists due to application reveals the full path to installation...

5CVSS6.9AI score

htbridge•added 2014/10/08 12:0 a.m.•62 views

Multiple vulnerabilities in EspoCRM

High-Tech Bridge Security Research Lab discovered multiple high-risk vulnerabilities in EspoCRM, which can be exploited by remote attacker to execute arbitrary PHP code on a vulnerable system, reinstall the application from scratch, and compromise the entire system as the result. EspoCRM is also...

7.6CVSS6.7AI score0.05026EPSS

htbridge•added 2012/08/07 12:0 a.m.•62 views

Privilege Escalation Vulnerability in Microsoft Windows

High-Tech Bridge Security Research Lab has discovered a vulnerability in Microsoft Windows which could be exploited to escalate privileges under certain conditions. The vulnerability exists due to the “IKE and AuthIP IPsec Keying Modules” system service, which tries to load the “wlbsctrl.dll” DLL...

6.2CVSS6.9AI score0.01267EPSS

Exploits6

htbridge•added 2011/03/17 12:0 a.m.•61 views

Multiple Vulnerabilities in Collabtive

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Collabtive which could be exploited to perform cross-site scripting and cross-site request forgery attacks and gain access to sensitive information. 1 Cross-site scripting XSS vulnerability in Collabtive 1.1 The...

5.1CVSS6.7AI score

htbridge•added 2011/04/19 12:0 a.m.•60 views

Cross-site Scripting (XSS) Vulnerabilities in YaPiG

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in YaPiG which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in YaPiG 1.1 The vulnerability exists due to input sanitation errors in multiple scripts inside t...

4.3CVSS6.5AI score

htbridge•added 2014/02/26 12:0 a.m.•59 views

Cross-Site Scripting (XSS) in CMSimple

High-Tech Bridge Security Research Lab discovered vulnerability in CMSimple, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in CMSimple: CVE-2014-2219 The vulnerability exists due to insufficient sanitisation of user-supplied data in "d"...

4.3CVSS5.8AI score0.01193EPSS

htbridge•added 2013/10/02 12:0 a.m.•59 views

Cross-Site Scripting (XSS) in GuppY

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in GuppY, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application. 1 Cross-Site Scripting XSS in GuppY: CVE-2013-5983 1.1 The vulnerability exists due to insufficient...

4.3CVSS5.6AI score0.02177EPSS

htbridge•added 2012/07/04 12:0 a.m.•59 views

Cross-Site Scripting (XSS) in Redaxo

High-Tech Bridge Security Research Lab has discovered vulnerability in Redaxo, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Redaxo: CVE-2012-3869 1.1 Input passed via the "subpage" GET parameter to /redaxo/index.php when "page" is set to "user"...

4.3CVSS5.9AI score0.01206EPSS

htbridge•added 2012/02/01 12:0 a.m.•59 views

Multiple XSS in Chyrp

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Chyrp, which can be exploited to perform Cross Site Scripting attacks. 1 Cross Site Scripting XSS in Chyrp: CVE-2012-1001 1.1 Input passed via the "content" POST parameter to /includes/ajax.php is not properly...

4.3CVSS6.5AI score0.03558EPSS

Exploits2Affected Software1

htbridge•added 2012/01/04 12:0 a.m.•59 views

CSRF (Cross-Site Request Forgery) in DClassifieds

High-Tech Bridge SA Security Research Lab has discovered vulnerability in DClassifieds, which can be exploited to perform Сross-Site Request Forgery CSRF attacks. 1 Cross-site request forgery CSRF in DClassifieds: CVE-2012-0990 The application allows authorized users to perform certain actions vi...

5.1CVSS6.8AI score0.00951EPSS

htbridge•added 2014/01/02 12:0 a.m.•58 views

Cross-Site Scripting (XSS) in Komento Joomla Extension

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Komento Joomla Extension, which can be exploited to perform script insertion attacks. 1 Cross-Site Scripting XSS in Komento Joomla Extension: CVE-2014-0793 1.1 The vulnerability exists due to insufficient sanitisation of...

4.3CVSS5.6AI score0.01824EPSS

htbridge•added 2011/02/10 12:0 a.m.•58 views

SQL Injection Vulnerabilities in WP Forum Server

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in WP Forum Server WordPress plugin which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerabilities in WP Forum Server 1.1 The vulnerability exists due to input sanitation errors in the...

7.5CVSS2.7AI score0.05021EPSS

htbridge•added 2014/09/10 12:0 a.m.•57 views

Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin

High-Tech Bridge Security Research Lab discovered three vulnerabilities in Photo Gallery WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Photo Gallery WordPress plugin: CVE-2014-6315 1.1 Input passed via the "callback" HTTP GET...

2.6CVSS0.2AI score0.02374EPSS

htbridge•added 2012/10/24 12:0 a.m.•57 views

Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine. The research was inspired by the vulnerability found by Jon Passki http://osvdb.org/85873. Even if the...

8.3CVSS10.5AI score0.01664EPSS

Exploits7Affected Software1

htbridge•added 2011/06/29 12:0 a.m.•56 views

Cross-site Scripting (XSS) Vulnerability in Tiki Wiki CMS Groupware

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Tiki Wiki CMS Groupware, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Tiki Wiki CMS Groupware Input passed via the GET "ajax" parameter to snarfajax.php is not...

2.6CVSS5.9AI score0.07652EPSS

htbridge•added 2010/10/21 12:0 a.m.•56 views

Script Insertion Vulnerability in Textpattern CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Textpattern CMS which could be exploited to perform script insertion attacks. 1 Script insertion vulnerability in Textpattern CMS An input sanitation error exists in the comment field. A remote attacker can insert arbitrary...

6.8AI score

htbridge•added 2015/01/14 12:0 a.m.•55 views

Multiple Vulnerabilities in my little forum

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in my little forum, which can be exploited to perform SQL Injection and Cross-Site Scripting XSS attacks. The SQL injection vulnerabilities have medium risk assigned as they can be exploited under administrator account or...

6.5CVSS7.6AI score0.02421EPSS

Exploits4Affected Software1

htbridge•added 2013/09/18 12:0 a.m.•55 views

Cross-Site Scripting (XSS) in Feng Office

High-Tech Bridge Security Research Lab discovered vulnerability in Feng Office, which can be exploited to perform Cross-Site Scripting XSS attacks against users of vulnerable application. 1 Cross-Site Scripting XSS in Feng Office: CVE-2013-5744 1.1 The vulnerability exists due to insufficient...

4.3CVSS5.8AI score0.0096EPSS

htbridge•added 2013/07/17 12:0 a.m.•55 views

Multiple Vulnerabilities in BigTree CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in BigTree CMS, which can be exploited to perform SQL injection, Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attacks. A remote attacker can add, modify or delete information in application's database and...

7.5CVSS8.1AI score0.03295EPSS

Exploits8Affected Software1

htbridge•added 2010/04/27 12:0 a.m.•55 views

Cross-site Scripting (XSS) in Saurus CMS

High-Tech Bridge SA Security Research Lab has discovered a vulnerability in Saurus CMS which could be exploited to perform cross-site scripting XSS attacks. 1 Cross-site scripting vulnerability in Saurus CMS: CVE-2010-1997 The vulnerability exists due to insufficient input sanitation in the HTTP...

2.6CVSS5.7AI score0.03378EPSS

htbridge•added 2014/09/17 12:0 a.m.•54 views

Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in EWWW Image Optimizer WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrator of a WordPress website with vulnerable plugin. 1 Reflected Cross-Site Scripting XSS in EWWW Image...

2.6CVSS0.3AI score0.02064EPSS

htbridge•added 2014/04/23 12:0 a.m.•54 views

CSRF and Remote Code Execution in EGroupware

High-Tech Bridge Security Research Lab discovered CSRF and Remote Code Execution vulnerabilities in EGroupware, which can be exploited by remote attacker to gain full control over the application and compromise vulnerable system. 1 Сross-Site Request Forgery CSRF in EGroupware: CVE-2014-2987 The...

8.5CVSS1.4AI score0.0184EPSS

htbridge•added 2013/04/03 12:0 a.m.•54 views

Cross-Site Request Forgery (CSRF) in UMI.CMS

High-Tech Bridge Security Research Lab discovered CSRF vulnerability in UMI.CMS, which can be exploited to perform Cross-Site Request Forgery CSRF attacks and create new administrator in the vulnerable application. 1 Cross-site Request Forgery CSRF in UMI.CMS: CVE-2013-2754 The application allows...

5.1CVSS6.3AI score0.02268EPSS

htbridge•added 2011/08/31 12:0 a.m.•54 views

Multiple Vulnerabilities in MantisBT

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in MantisBT which could be exploited to perform cross-site scripting attacks, gain access to sensitive information and compromise vulnerable system. 1 Cross-site scripting XSS vulnerabilities in MantisBT:...

7.6CVSS1.7AI score0.09296EPSS

htbridge•added 2014/02/12 12:0 a.m.•53 views

Multiple Vulnerabilities in OpenDocMan

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenDocMan, which can be exploited to perform SQL Injection and gain administrative access to the application. 1 SQL Injection in OpenDocMan: CVE-2014-1945 The vulnerability exists due to insufficient validation of...

7.5CVSS9.7AI score0.02582EPSS

Exploits8Affected Software1

htbridge•added 2014/01/15 12:0 a.m.•53 views

SQL Injection in doorGets CMS

High-Tech Bridge Security Research Lab discovered vulnerability in doorGets CMS, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in doorGets CMS: CVE-2014-1459 The vulnerability exists due to insufficient validation of "positiondownid" HTTP POST parameter passed to...

5.1CVSS8AI score0.02269EPSS

htbridge•added 2013/12/26 12:0 a.m.•53 views

SQL Injection in Sexy Polling Joomla Extension

High-Tech Bridge Security Research Lab discovered vulnerability in Sexy Polling Joomla Extension, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in Sexy Polling Joomla Extension: CVE-2013-7219 The vulnerability exists due to insufficient validation of "answerid" HTTP POS...

7.5CVSS7.9AI score0.02358EPSS

htbridge•added 2013/11/25 12:0 a.m.•53 views

XSS and Full Path Disclosure in MijoSearch Joomla Extension

High-Tech Bridge Security Research Lab discovered 2 vulnerabilities in MijoSearch Joomla Extension, which can be exploited to gain access to potentially sensitive data and perform Cross-Site Scripting XSS attacks against users of vulnerable application. 1 Cross-site Scripting in MijoSearch:...

4.3CVSS6.1AI score0.01113EPSS

Exploits4Affected Software1

htbridge•added 2011/04/28 12:0 a.m.•53 views

Cross-site Request Forgery (CSRF) in Open Classifieds

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Open Classifieds which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in Open Classifieds The vulnerability exists due to insufficient validation of the request origin in...

5.1CVSS6.7AI score

htbridge•added 2011/02/22 12:0 a.m.•53 views

Multiple Vulnerabilities in GRAND Flash Album Gallery

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in GRAND Flash Album Gallery which could be exploited to perform SQL injection attacks and gain access to sensitive information. 1 SQL injection vulnerabilities in GRAND Flash Album Gallery The vulnerability exists...

7.5CVSS8.6AI score

htbridge•added 2011/02/01 12:0 a.m.•53 views

Cross-site Scripting (XSS) Vulnerabilities in Gollos

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Gollos which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Gollos 1.1 The vulnerability exists due to input sanitation errors in the "returnurl" paramet...

4.3CVSS6.5AI score

htbridge•added 2010/04/13 12:0 a.m.•53 views

Multiple vulnerabilities in Zikula Application Framework

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zikula Application Framework, which can be exploited to perform cross-site scripting XSS and cross-site request forgery CSRF attacks. 1 XSRF CSRF in Zikula Application Framework: CVE-2010-1732 The vulnerability...

5.1CVSS1.2AI score0.04103EPSS

htbridge•added 2014/11/12 12:0 a.m.•52 views

Cross-Site Scripting (XSS) in Revive Adserver

High-Tech Bridge Security Research Lab discovered an XSS vulnerability in Revive Adserver formerly known as OpenX Source, which can be exploited to perform Cross-Site Scripting attacks against authenticated users and administrators of the vulnerable application leading to total compromise of the...

2.6CVSS5.3AI score0.02309EPSS

htbridge•added 2014/09/17 12:0 a.m.•52 views

Two XSS in Contact Form DB WordPress plugin

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Contact Form DB WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrator of a WordPress website with vulnerable plugin installed. 1 Two Cross-Site Scripting XSS...

2.6CVSS0.1AI score0.02041EPSS

htbridge•added 2013/12/11 12:0 a.m.•52 views

Path Traversal in eduTrac

High-Tech Bridge Security Research Lab discovered path traversal vulnerability in eduTrac which can be exploited to read arbitrary files on vulnerable system with privileges of web server. 1 Path Traversal in eduTrac: CVE-2013-7097 The vulnerability exists due to insufficient filtration of...

5CVSS6.5AI score0.03561EPSS

htbridge•added 2013/01/16 12:0 a.m.•52 views

SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in Wysija Newsletters WordPress plugin, which can be exploited to perform SQL Injection attacks. 1 SQL Injections in Wysija Newsletters WordPress plugin: CVE-2013-1408 The vulnerabilities exist due to insufficient filtration of...

5.1CVSS7.8AI score0.04314EPSS

Exploits4Affected Software1

htbridge•added 2012/04/18 12:0 a.m.•52 views

Сross-Site Request Forgery (CSRF) in TestLink

High-Tech Bridge Security Research Lab has discovered vulnerabiliy in TestLink, which can be exploited to perform Сross-Site Request Forgery CSRF attacks. 1 Сross-Site Request Forgery CSRF in TestLink: CVE-2012-2275 The application allows authorized users to perform certain actions via HTTP...

5.1CVSS6.2AI score0.02729EPSS

htbridge•added 2012/01/04 12:0 a.m.•52 views

Multiple vulnerabilities in OSclass

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OSclass, which can be exploited to perform cross-site scripting and sql injection attacks. 1 SQL Injection in OSclass: CVE-2012-0973. Input passed via the "sCategory" GET parameter to /index.php is not properly...

7.5CVSS7.2AI score0.03521EPSS

htbridge•added 2014/12/17 12:0 a.m.•51 views

Two XSS vulnerabilities in Simple Security WordPress Plugin

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Simple Security WordPress plugin, which can be exploited to perform Cross-Site Scripting attacks against administrators of WP websites with the vulnerable plugin. 1 Two Cross-Site Scripting XSS Vulnerabilities in Simple...

2.6CVSS0.3AI score0.01618EPSS

htbridge•added 2013/11/06 12:0 a.m.•51 views

User Identity Spoofing in Bitrix Site Manager

High-Tech Bridge Security Research Lab discovered vulnerability in Bitrix Site Manager, which can be exploited to spoof user's identity and read, modify or delete pre-ordered items in customer's basket. 1 User Identity Spoofing in Bitrix Site Manager: CVE-2013-6788 The vulnerability exists due to...

6.8CVSS6.3AI score0.01628EPSS

Exploits2Affected Software1

htbridge•added 2013/05/08 12:0 a.m.•51 views

Multiple Vulnerabilities in OpenX

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting XSS attacks and compromise vulnerable system. 1 Local File Inclusion in OpenX: CVE-2013-3514 Input passed via "group" HTTP GET...

7.6CVSS0.6AI score0.04226EPSS

htbridge•added 2013/01/16 12:0 a.m.•51 views

Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in CommentLuv WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in CommentLuv wordpress plugin: CVE-2013-1409 The vulnerability exists due to insufficient filtration of...

2.6CVSS0.4AI score0.04546EPSS

htbridge•added 2010/07/22 12:0 a.m.•51 views

Multiple Vulnerabilities in DiamondList

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in DiamondList which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in DiamondList: CVE-2010-3023 1.1 The vulnerability exists due...

5.1CVSS6.1AI score0.02572EPSS

Exploits2Affected Software1

htbridge•added 2010/06/10 12:0 a.m.•51 views

Multiple Vulnerabilities in OneCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OneCMS which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerabilities in OneCMS The vulnerability exists due to input sanitation error in the "cat"...

7.5CVSS7.5AI score

htbridge•added 2014/09/17 12:0 a.m.•50 views

Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in Google Calendar Events WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrator of a WordPress website with vulnerable plugin. 1 Reflected Cross-Site Scripting XSS in Google Calend...

2.6CVSS0.1AI score0.02388EPSS

htbridge•added 2014/02/12 12:0 a.m.•50 views

Cross-Site Scripting (XSS) in Ilch CMS

High-Tech Bridge Security Research Lab discovered vulnerability in Ilch CMS, which can be exploited to perform Cross-Site Scripting XSS attacks against users and administrators of vulnerable application. 1 Cross-Site Scripting XSS in Ilch CMS: CVE-2014-1944 The vulnerability exists due to...

4.3CVSS0.3AI score0.03268EPSS

htbridge•added 2012/11/26 12:0 a.m.•50 views

Novell GroupWise Multiple Remote Code Execution Vulnerabilities

High-Tech Bridge Security Research Lab discovered multiple untrusted pointer dereference vulnerabilities in Novell GroupWise, which could be exploited to compromise a remote system. 1 Untrusted Pointer Dereference in Novell GroupWise: CVE-2013-0804 1.1 The vulnerability exists due to an untrusted...

9.3CVSS7.5AI score0.12299EPSS

htbridge•added 2012/05/23 12:0 a.m.•50 views

Multiple vulnerabilities in TinyWebGallery

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in TinyWebGallery, which can be exploited to perform Сross-Site Request Forgery CSRF, Arbitrary Code Execution and Cross-Site Scripting XSS attacks. 1 Сross-Site Request Forgery CSRF in TinyWebGallery: CVE-2012-2930...

2.6CVSS7.8AI score0.0144EPSS