559 matches found
Multiple vulnerabilities in PHPShop CMS Free
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in PHPShop CMS Free, which can be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-Site Scripting in PHPShop CMS Free 1.1 Input appended to the URL after multiple files is not properly...
Installation Path Disclosure Weakness in NextGEN Gallery wordpress plugin
High-Tech Bridge SA Security Research Lab has discovered a weakness in NextGEN Gallery wordpress plugin which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in NextGEN Gallery wordpress plugin The weakness exists due to application...
Installation Path Disclosure Weakness in Pluck CMS
High-Tech Bridge SA Security Research Lab has discovered a weakness in Pluck CMS which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in Pluck CMS The weakness exists due to application reveals the full path to installation director...
Multiple Vulnerabilities in JAF CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in JAF CMS which could be exploited to compromise vulnerable system. 1 Remote code execution in JAF CMS The vulnerability exists due to insufficient sanitation of input data in module/log/vislog.php. A remote attack...
Multiple Vulnerabilities in AneCMS
High-Tech Bridge SA Security Research Lab has discovered three vulnerabilities in AneCMS which could be exploited to perform cross-site scripting and script insertion attacks and execute arbitrary SQL commands in applications database. 1 Cross-site scripting XSS vulnerability in AneCMS The...
Two XSS Vulnerabilities in SupportCenter Plus
High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in a web-based customer support software SupportCenter Plus. These vulnerabilities can be exploited to perform Cross-Site Scripting attacks against authenticated users of the vulnerable software. 1 Cross-Site Scripting XSS ...
Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin
High-Tech Bridge Security Research Lab discovered vulnerability in XCloner Wordpress plugin, which can be exploited to perform a CSRF attack and gain access to a backed-up copy of vulnerable website. Сross-Site Request Forgery CSRF in XCloner Wordpress Plugin: CVE-2014-2340 The vulnerability exis...
SQL Injection in JV Comment Joomla Extension
High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in JV Comment Joomla Extension, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in JV Comment Joomla Extension: CVE-2014-0794 The vulnerability exists due to insufficient validation of "id" HTTP...
Multiple Vulnerabilities in Kasseler CMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Kasseler CMS, which can be exploited to perform SQL injection, Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attacks and compromise vulnerable application. 1 SQL Injection in Kasseler CMS: CVE-2013-3727 T...
SQL Injection Vulnerability in ImageCMS
High-Tech Bridge Security Research Lab discovered vulnerability in ImageCMS, which can be exploited to perform SQL injection attacks. 1 SQL injection vulnerability in ImageCMS: CVE-2012-6290 The vulnerability exists due to insufficient filtration of the "q" HTTP GET parameter passed to...
Paltalk Messenger ActiveX Control Multiple Insecure Methods
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Paltalk Messenger, which can be exploited to overwrite arbitrary files. 1 Insecure methods in Paltalk Messenger ActiveX Control 1.1 The vulnerability is caused due to the Office Viewer ActiveX control Oa.ocx...
Local PHP File Inclusion in FluxBB
High-Tech Bridge Security Research Lab discovered vulnerability in FluxBB, which can be exploited to compromise vulnerable system. 1 Local PHP File Inclusion in FluxBB: CVE-2014-9574 The vulnerability exists due to absence of filtration of the "installlang" HTTP GET parameter before including PHP...
SQL injection in Serendipity
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Serendipity, which can be exploited to perform SQL injection attacks. 1 SQL injection in Serendipity 1.1 Input passed via the "url" GET parameter to comment.php is not properly sanitised before being used in a SQL query. Th...
SQL Injection Vulnerability in cdnvote
High-Tech Bridge SA Security Research Lab has discovered vulnerability in cdnvote WordPress plugin which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerability in cdnvote The vulnerability exists due to input sanitation errors in the "cdnvotepoint" parameter in...
Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms
High-Tech Bridge Security Research Lab discovered two vulnerabilities in Forma Lms, which can be exploited to perform Cross-Site Scripting XSS attacks against vulnerable website. 1 Reflected Cross-Site Scripting XSS in Forma Lms: CVE-2014-5257 1.1 The vulnerability exists due to insufficient...
Reflected Cross-Site Scripting (XSS) in MyWebSQL
High-Tech Bridge Security Research Lab discovered vulnerability in MyWebSQL, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in MyWebSQL: CVE-2014-4735 The vulnerability is caused by insufficient sanitization of the "table" HTTP GET paramet...
Multiple vulnerabilities in AContent
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in AContent, which can be exploited to bypass authentication and to perform Cross-Site Scripting XSS and SQL Injection attacks. 1 SQL Injection in AContent: CVE-2012-5167 1.1 The vulnerability exists due to insufficient...
Reflected Cross-Site Scripting (XSS) in MODX Revolution
High-Tech Bridge Security Research Lab discovered vulnerability in MODX Revolution, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in MODX Revolution: CVE-2014-5451 The vulnerability exists due to insufficient sanitization of input data...
Multiple Vulnerabilities in KrisonAV CMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in KrisonAV CMS, which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-Site Scripting XSS vulnerability in KrisonAV CMS: CVE-2013-2712 The vulnerability exists due to...
Multiple vulnerabilities in 11in1
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in 11in1, which can be exploited to perform Local File Inclusion and Сross-Site Request Forgery CSRF attacks. 1 Local File Inclusion in 11in1: CVE-2012-0996 Input passed via the "class" GET parameter to index.php an...
Multiple Vulnerabilities in xtcModified
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in xtcModified which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in xtcModified 1.1 The vulnerability exists due to input...
Cross-site Scripting (XSS) Vulnerability in Pligg CMS
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Pligg CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Pligg CMS The vulnerability exists due to input sanitation error in the "search" parameter in...
Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin
High-Tech Bridge Security Research Lab discovered three XSS vulnerabilities in WP Google Maps WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrators of vulnerable WP website. 1 Multiple XSS in WP Google Maps WordPress plugin: CVE-2014-7182 1.1...
Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in VideoWhisper Live Streaming Integration, which can be exploited to execute arbitrary code on the target system, gain access to potentially sensitive data, perform Cross-Site Scripting XSS attacks against users of...
PHP Code Injection in FUDforum
High-Tech Bridge Security Research Lab discovered vulnerability in FUDforum, which can be exploited to execute arbitrary PHP code on the target system. 1 PHP Code Injection in FUDforum: CVE-2013-2267 The vulnerability exists due to insufficient validation of HTTP POST parameters "regexstr",...
Path Traversal in webEdition
High-Tech Bridge Security Research Lab discovered vulnerability in webEdition, which can be exploited to read arbitrary files on the target system. 1 Path Traversal in webEdition: CVE-2014-5258 The vulnerability exists due to insufficient sanitization of the "file" HTTP GET parameter in...
Multiple Vulnerabilities in Gnew
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Gnew, which can be exploited to execute arbitrary PHP code and pefrom SQL injection attacks against vulnerable application. 1 PHP File Inclusion in Gnew: CVE-2013-5639 Vulnerability exists due to insufficient validation...
Multiple XSS Vulnerabilities in Jahia xCM
High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in Jahia xCM, which can be exploited to perform cross-site scripting attacks against administrator of vulnerable application. 1 Multiple Cross-Site Scripting XSS Vulnerabilites in Jahia xCM: CVE-2013-4624 1.1 The...
McAfee Virtual Technician ActiveX Control Insecure Method
High-Tech Bridge Security Research Lab discovered vulnerability in McAfee Virtual Technician ActiveX control, which can be exploited by remote malicious person to overwrite arbitrary files with garbage data on a vulnerable system. 1 Insecure method in McAfee Virtual Technician ActiveX control:...
Multiple vulnerabilities in Banana Dance
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Banana Dance, which can be exploited to gain access to sensitive information, perform SQL injection attacks and compromise vulnerable system. 1 PHP File Inclusion in Banana Dance: CVE-2012-5242 Input passed via the "nam...
Multiple Cross-Site Scripting (XSS) in Kajona
High-Tech Bridge Security Research Lab has discovered multiple Cross-Site Scripting XSS vulnerabilities in Kajona. 1 Multiple Cross-Site Scripting XSS in Kajona: CVE-2012-3805 1.1 Input passed via the "absendername", "absenderemail" and "absendernachricht" GET parameters to /index.php when "page"...
Local File Inclusion Vulnerabilities in vtiger CRM
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in vtiger CRM which could be exploited to perform gain access to sensitive information and compromise vulnerable system. 1 Local file inclusion vulnerabilities in vtiger CRM 1.1 The vulnerability exists due to input...
Multiple Vulnerabilities in A Really Simple Chat (ARSC)
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in A Really Simple Chat ARSC which could be exploited to perform cross-site scripting, cross-site request forgery and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in A Really Simple Chat ARSC:...
Cross-site Request Forgery Vulnerabilities in F3Site
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in F3Site which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerabilities in F3Site 1.1 The vulnerability exists due to insufficient validation of the reques...
Cross-site Scripting (XSS) Vulnerability in AChecker
High-Tech Bridge SA Security Research Lab has discovered vulnerability in AChecker which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in AChecker: CVE-2010-3455 The vulnerability exists due to input sanitation error in the "uri" parameter in...
Multiple Vulnerabilities in SantaFox
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SantaFox which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in SantaFox: CVE-2010-3463 The vulnerability exists due to input...
Multiple Vulnerabilities in Eventum
High-Tech Bridge Security Research Lab discovered vulnerability in Eventum, which can be exploited to reinstall and compromise vulnerable application. 1 Incorrect Default Permissions in Eventum: CVE-2014-1631 The vulnerability exists due to incorrect default permission set for installation script...
Multiple Cross-Site Scripting (XSS) in glFusion
High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in glFusion, which can be exploited to perform Cross-Site Scripting attacks. glFusion has a "badbehaviour" plugin installed by default that verifies HTTP Referer, aimed to protect against spambots. The plugin also make...
Untrusted Pointer Dereference Vulnerability in Corel WordPerfect X6
High-Tech Bridge Security Research Lab discovered an untrusted pointer dereference vulnerability in Corel WordPerfect. Opening of a malicious WPD WordPerfect Document causes immediate application crash, resulting in a loss of all unsaved current application data of the user. 1 Untrusted Pointer...
Multiple XSS in Dotclear
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Dotclear, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Dotclear: CVE-2012-1039 1.1 Input passed via the "logindata" POST parameter to /admin/auth.php is not...
Installation Path Disclosure Weakness in Joomla!
High-Tech Bridge SA Security Research Lab has discovered a weakness in Joomla! which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in Joomla! The weakness exists due to application reveals the full path to installation directory in...
Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin
High-Tech Bridge Security Research Lab discovered vulnerability in Ad-minister Wordpress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Ad-minister Wordpress plugin: CVE-2013-6993 The vulnerability exists due to insufficient sanitisation ...
Remote Code Execution in Microweber
High-Tech Bridge Security Research Lab discovered vulnerability in Microweber, which can be exploited to delete arbitrary files and compromise vulnerable system as a consequence. 1 Improper Access Control in Microweber: CVE-2013-5984 Vulnerability exists due to improper access restriction to...
Multiple Vulnerabilities in X2CRM
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in X2CRM, which can be exploited to include arbitrary local files and execute arbitrary PHP code, as well as to perform Cross-Site Sripting XSS attacks against users of vulnerable application. 1 PHP File Inclusion in X2CRM...
Cross-Site Scripting (XSS) in BackWPup WordPress Plugin
High-Tech Bridge Security Research Lab discovered XSS vulnerability in BackWPup WordPress Plugin, which can be exploited to perform cross-site scripting attacks against administrator of vulnerable application. 1 Cross-Site Scripting XSS in BackWPup WordPress Plugin: CVE-2013-4626 The vulnerabilit...
Cross-Site Scripting (XSS) in Pivotx
High-Tech Bridge SA Security Research Lab has discovered vulnerabiliy in Pivotx, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Pivotx: CVE-2012-2274 1.1 Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitise...
SQL Injection Vulnerabilities in WP Forum wordpress plugin
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in WP Forum wordpress plugin which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerabilities in WP Forum wordpress plugin 1.1 The vulnerability exists due to input sanitation error in the...
Multiple Vulnerabilities in boastMachine
High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in boastMachine which could be exploited to perform cross-site scripting attacks and execute arbitrary SQL commands in applications database. 1 Cross-site scripting XSS vulnerability in boastMachine The vulnerability...
Multiple vulnerabilities in Sharetronix
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Sharetronix, which can be exploited to perform SQL injection and Сross-Site Request Forgery CSRF attacks against vulnerable application. A remote hacker can gain full control over the application. 1 SQL Injection in...
Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin
High-Tech Bridge Security Research Lab discovered vulnerability in AskApache Firefox Adsense Wordpress plugin, which can be exploited to perform Сross-Site Request Forgery CSRF attacks. 1 Сross-Site Request Forgery CSRF in AskApache Firefox Adsense Wordpress plugin: CVE-2013-6992 The vulnerabilit...