Htbridge - Page 5 of Htbridge Most Viewed Vulnerabilities List

htbridge•added 2013/01/02 12:0 a.m.•41 views

Cross-Site Scripting (XSS) vulnerability in gpEasy

High-Tech Bridge Security Research Lab discovered vulnerability in gpEasy, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in gpEasy: CVE-2013-0807 The vulnerability exists due to insufficient sanitisation of user-supplied data in "section" HTTP GET...

2.6CVSS5.8AI score0.03993EPSS

htbridge•added 2012/07/26 12:0 a.m.•41 views

Multiple Vulnerabilities in LibreOffice

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LibreOffice which could be exploited to perform denial of service DoS attacks. 1 Multiple vulnerabilities in LibreOffice: CVE-2012-4233 1.1 NULL pointer dereference error was found in the vcllo.dll while processi...

2.6CVSS7.7AI score0.03482EPSS

htbridge•added 2012/04/11 12:0 a.m.•41 views

Local File Inclusion in PluXml

High-Tech Bridge SA Security Research Lab has discovered vulnerabiliy in PluXml, which can be exploited to perform Local File Inclusion attacks. 1 Local File Inclusion in PluXml 1.1 Input passed via the "defaultlang" POST parameter to /update/index.php is not properly verified before being used i...

7.6CVSS2AI score0.09775EPSS

htbridge•added 2012/03/14 12:0 a.m.•41 views

Multiple vulnerabilities in osCmax

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in osCmax, which can be exploited to perform SQL Injection and Cross-Site Scripting XSS attacks. 1 Multiple Cross-Site Scripting XSS in osCmax: CVE-2012-1664 1.1 Input passed via the "username" POST parameter to...

7.5CVSS7.2AI score0.02861EPSS

htbridge•added 2011/12/14 12:0 a.m.•41 views

Multiple vulnerabilities in ImpressCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ImpressCMS, which can be exploited to perform cross-site scripting and local file inclusion attacks. 1 Multiple Arbitrary XSS vulnerabilities in ImpressCMS: CVE-2012-0986 1.1 Input appended to the URL after...

7.6CVSS6AI score0.01685EPSS

htbridge•added 2011/06/07 12:0 a.m.•41 views

Cross-site Scripting (XSS) Vulnerability in FlatPress

High-Tech Bridge SA Security Research Lab has discovered vulnerability in FlatPress which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in FlatPress The vulnerability exists due to input sanitation error in the "name", "email" and "url"...

4.3CVSS6AI score

htbridge•added 2010/11/30 12:0 a.m.•41 views

Multiple Vulnerabilities in BLOG:CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BLOG:CMS which could be exploited to perform cross-site scripting, script insertion and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in BLOG:CMS: CVE-2010-4749 1.1 The...

5.1CVSS6.5AI score0.02016EPSS

htbridge•added 2010/11/22 12:0 a.m.•41 views

Cross-site Scripting (XSS) Vulnerabilities in Zimplit CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zimplit CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Zimplit CMS: CVE-2010-4513 1.1 The vulnerability exists due to input sanitation error in...

4.3CVSS6.2AI score0.01808EPSS

htbridge•added 2010/07/27 12:0 a.m.•41 views

Directory Traversal Vulnerability in SoftX FTP Client

High-Tech Bridge SA Security Research Lab has discovered vulnerability in SoftX FTP Client which could be exploited to execute arbitrary code on vulnerable system. 1 Directory Traversal Vulnerability in SoftX FTP Client: CVE-2010-3096 The vulnerability exists due to insufficient sanitation of the...

7.6CVSS7.8AI score0.01354EPSS

htbridge•added 2010/05/10 12:0 a.m.•41 views

Multiple Cross-site Scripting Vulnerabilities in GetSimple CMS

High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in GetSimple CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting vulnerability in GetSimple CMS: CVE-2010-5052 The vulnerability exists due to input sanitation error in the "val"...

2.6CVSS6.2AI score0.03336EPSS

htbridge•added 2014/07/23 12:0 a.m.•40 views

SQL Injection Vulnerability in ArticleFR

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in ArticleFR, which can be exploited to perform SQL Injection attacks and gain complete control over vulnerable website. 1 SQL Injection in ArticleFR: CVE-2014-5097 The vulnerability exists due to insufficient...

7.5CVSS8.5AI score0.02348EPSS

htbridge•added 2014/02/19 12:0 a.m.•40 views

Cross-Site Scripting (XSS) in Open Classifieds

High-Tech Bridge Security Research Lab discovered vulnerability in Open Classifieds, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Open Classifieds: CVE-2014-2024 The vulnerability exists due to insufficient sanitisation of user-supplied data...

4.3CVSS5.8AI score0.0124EPSS

htbridge•added 2013/06/12 12:0 a.m.•40 views

XSS Vulnerabilities in OpenCms

High-Tech Bridge Security Research Lab discovered 2 XSS vulnerabilities in OpenCms, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application. 1 Multiple Cross-Site Scripting XSS in OpenCms: CVE-2013-4600 1.1 The vulnerability exists due to insufficien...

4.3CVSS5.6AI score0.01878EPSS

htbridge•added 2013/03/06 12:0 a.m.•40 views

Path Traversal in AWS XMS

High-Tech Bridge Security Research Lab discovered path traversal vulnerability in AWS XMS, which can be exploited to read contents of arbitrary files. 1 Path Traversal in AWS XMS: CVE-2013-2474 The vulnerability exists due to insufficient filtration of "what" HTTP GET parameter passed to...

5CVSS1.6AI score0.10008EPSS

htbridge•added 2012/09/19 12:0 a.m.•40 views

Multiple vulnerabilities in OpenX

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to perform Cross-Site Scripting XSS and SQL Injection attacks. 1 Cross-Site Scripting XSS in OpenX: CVE-2012-4989 Input passed via the "parent" GET parameter to /www/admin/plugin-index.php ...

6.5CVSS6.9AI score0.04388EPSS

htbridge•added 2011/05/05 12:0 a.m.•40 views

SQL Injection Vulnerability in ExtCalendar 2

High-Tech Bridge SA Security Research Lab has discovered vulnerability in ExtCalendar 2 which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerability in ExtCalendar 2 The vulnerability exists due to input sanitation errors in the "search" parameter in calsearch.php. A...

7.5CVSS8.5AI score

htbridge•added 2011/03/24 12:0 a.m.•40 views

Cross-site Request Forgery (CSRF) in phpCollab

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in phpCollab which can be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in phpCollab 1.1 The vulnerability exists due to insufficient validation of the request origin in...

5.1CVSS7.5AI score

htbridge•added 2010/12/28 12:0 a.m.•40 views

Multiple Vulnerabilities in VaM Shop

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in VaM Shop which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in VaM Shop: CVE-2011-0504 1.1 The vulnerability exists due to...

5.1CVSS6.4AI score0.04006EPSS

htbridge•added 2014/10/29 12:0 a.m.•39 views

Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension

High-Tech Bridge Security Research Lab discovered vulnerability in Simple Email Form Joomla Extension, which can be exploited to perform Cross-Site Scripting XSS attacks against visitors and administrators of Joomla websites with installed plugin. 1 Reflected Cross-Site Scripting XSS in Simple...

4.3CVSS5.8AI score0.0187EPSS

htbridge•added 2014/08/13 12:0 a.m.•39 views

Reflected Cross-Site Scripting (XSS) in BlackCat CMS

High-Tech Bridge Security Research Lab discovered vulnerability in BlackCat CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in BlackCat CMS: CVE-2014-5259 The vulnerability exists due to insufficient sanitization of the "msg" HTTP GET...

4.3CVSS5.8AI score0.02041EPSS

htbridge•added 2013/12/18 12:0 a.m.•39 views

Multiple Vulnerabilities in Horizon QCMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Horizon QCMS, which can be exploited to read contents of arbitrary files and perform SQL Injection attacks. 1 Path Traversal in Horizon QCMS: CVE-2013-7138 The vulnerability exists due to insufficient filtration of...

7.5CVSS8.2AI score0.01859EPSS

Exploits9Affected Software1

htbridge•added 2013/07/10 12:0 a.m.•39 views

SQL Injection in Cotonti

High-Tech Bridge Security Research Lab discovered vulnerability in Cotonti, which can be exploited to perform SQL injection attacks against vulnerable application. A remote attacker can read, modify or delete data in application’s database and even gain complete control over the application under...

7.5CVSS8.6AI score0.02624EPSS

htbridge•added 2013/05/22 12:0 a.m.•39 views

SQL Injection in Dolphin | HTB23157

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in Dolphin, which can be exploited to manipulate SQL requests passed to vulnerable application and obtain sensitive data from the database. 1 SQL Injection in Dolphin: CVE-2013-3638 The vulnerability exists due to...

5.1CVSS9.7AI score0.0141EPSS

htbridge•added 2013/01/16 12:0 a.m.•39 views

Multiple XSS vulnerabilities in Events Manager WordPress plugin

High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in Events Manager WordPress plugin, which can be exploited to perform Cross-Site Scripting attacks. 1 Multiple XSS vulnerabilities in Events Manager WordPress plugin: CVE-2013-1407 1.1 The vulnerability exists due to...

4.3CVSS0.5AI score0.02058EPSS

htbridge•added 2012/08/22 12:0 a.m.•39 views

Multiple vulnerabilities in TCExam

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in TCExam, which can be exploited to perform Cross-Site Scripting XSS and SQL injection attacks. 1 SQL Injection in TCExam: CVE-2012-4601 1.1 Input passed via the "usergroups" POST parameter to /admin/code/tceedittest.php ...

6.5CVSS7.5AI score0.01792EPSS

htbridge•added 2012/04/25 12:0 a.m.•39 views

Multiple vulnerabilities in Pligg CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pligg CMS , which can be exploited to perform Cross-Site Scripting XSS and Local File Inclusion attacks. 1 Multiple Cross-Site Scripting XSS in Pligg CMS: CVE-2012-2436 1.1 Input passed via the arbitrary any GET...

7.6CVSS6.3AI score0.02527EPSS

htbridge•added 2012/03/07 12:0 a.m.•39 views

Multiple vulnerabilities in OrangeHRM

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OrangeHRM, which can be exploited to perform SQL Injection and Cross-Site Scripting XSS attacks. 1 SQL Injection in OrangeHRM: CVE-2012-1506 1.1 Input passed via the "hspSummaryId" GET parameter to...

6.5CVSS7.7AI score0.02355EPSS

htbridge•added 2011/08/26 12:0 a.m.•39 views

Buffer Overflow in HP Device Access Manager for Protect Tools Information Store

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in HP Device Access Manager for Protect Tools Information Store which could be exploited to compromise vulnerable system. 1 Buffer overflow in HP Device Access Manager for Protect Tools Information Store: CVE-2011-4162 The...

9.3CVSS7.6AI score0.07981EPSS

htbridge•added 2011/02/22 12:0 a.m.•39 views

Cross-site Scripting (XSS) Vulnerability in PhotoSmash

High-Tech Bridge SA Security Research Lab has discovered vulnerability in PhotoSmash WordPress plugin which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in PhotoSmash The vulnerability exists due to input sanitation error in the "action"...

4.3CVSS0.8AI score

htbridge•added 2010/10/13 12:0 a.m.•39 views

Cross-site Scripting (XSS) Vulnerability in NinkoBB

High-Tech Bridge SA Security Research Lab has discovered vulnerability in NinkoBB which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in NinkoBB: CVE-2010-4874 The vulnerability exists due to input sanitation error in parameters...

4.3CVSS5.7AI score0.02154EPSS

htbridge•added 2010/07/22 12:0 a.m.•39 views

Cross-site Request Forgery (CSRF) in Open blog

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Open blog which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery vulnerabilities in Open blog: CVE-2010-3025 1.1 The vulnerability exists due to insufficient validati...

5.1CVSS7.2AI score0.02195EPSS

htbridge•added 2010/05/06 12:0 a.m.•39 views

Multiple Vulnerabilities in LiSK CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LiSK CMS which could be exploited to perform cross-site scripting attacks and execute arbitrary SQL commands in applications database. 1 Cross-site scripting XSS vulnerability in LiSK CMS: CVE-2010-2013 The...

6.5CVSS7AI score0.01062EPSS

htbridge•added 2013/02/13 12:0 a.m.•38 views

OS Command Injection in CosCms

High-Tech Bridge Security Research Lab discovered vulnerability in CosCms, which can be exploited to execute arbitrary OS commands on web server where the vulnerable application is hosted. 1 OS Command Injection in CosCms: CVE-2013-1668 Vulnerability exists due to insufficient validation of...

8.5CVSS1.5AI score0.06977EPSS

htbridge•added 2012/11/28 12:0 a.m.•38 views

Multiple SQL Injection Vulnerabilities in Elite Bulletin Board

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Elite Bulletin Board, which can be exploited to perform SQL injection attacks. 1 Multiple SQL injection vulnerabilities in Elite Bulletin Board: CVE-2012-5874 The vulnerabilities exist due to insufficient sanitation of...

7.5CVSS1.2AI score0.02514EPSS

htbridge•added 2012/10/31 12:0 a.m.•38 views

Multiple vulnerabilities in dotProject

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in dotProject, which can be exploited to perform SQL injection and cross-site scripting XSS attacks. 1 SQL Injection in dotProject: CVE-2012-5701 High-Tech Bridge Security Research Lab has discovered multiple SQL injection...

2.6CVSS7.3AI score0.02081EPSS

htbridge•added 2012/08/01 12:0 a.m.•38 views

Multiple vulnerabilities in jCore

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in jCore, which can be exploited to perform Cross-Site Scripting XSS and SQL Injection attacks. 1 SQL Injection in jCore: CVE-2012-4232 1.1 Input passed via the "memberloginid" COOKIE parameter to /admin/index.php is not...

7.5CVSS7AI score0.04298EPSS

htbridge•added 2011/04/28 12:0 a.m.•38 views

Cross-site Request Forgery (CSRF) Vulnerabilities in Argyle Social

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Argyle Social which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerabilities in Argyle Social 1.1 The vulnerability exists due to insufficient validation...

5.1CVSS7.4AI score

htbridge•added 2011/04/26 12:0 a.m.•38 views

Multiple Vulnerabilities in poMMo

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in poMMo which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in poMMo 1.1 The vulnerability exists due to input sanitation erro...

5.1CVSS6.6AI score

htbridge•added 2010/11/16 12:0 a.m.•38 views

Installation Path Disclosure Weakness in Enano CMS

High-Tech Bridge SA Security Research Lab has discovered a weakness in Enano CMS which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in Enano CMS: CVE-2010-4781 The weakness exists due to application reveals the full path to...

5CVSS6.5AI score0.03023EPSS

htbridge•added 2010/11/16 12:0 a.m.•38 views

SQL Injection Vulnerability in Enano CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Enano CMS which could be exploited to execute arbitrary SQL commands in applications database. 1 SQL injection vulnerability in Enano CMS: CVE-2010-4780 An input validation error exists in the way application handles users...

7.5CVSS8.2AI score0.01588EPSS

htbridge•added 2010/09/29 12:0 a.m.•38 views

Cross-site Scripting (XSS) Vulnerabilities in Contenido CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Contenido CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Contenido CMS 1.1 The vulnerability exists due to input sanitation error in the "idart"...

4.3CVSS6.3AI score

htbridge•added 2010/09/01 12:0 a.m.•38 views

Cross-site Scripting (XSS) Vulnerabilities in ATutor

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ATutor which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in ATutor The vulnerability exists due to input sanitation error in the "cid" parameter in...

2.6CVSS6.3AI score

htbridge•added 2014/06/11 12:0 a.m.•37 views

Improper Access Control in ArticleFR

High-Tech Bridge Security Research Lab discovered vulnerability in ArticleFR, which can be exploited to execute arbitrary UPDATE SQL statements, alter information stored in database and gain complete control over the web site. 1 Improper Access Control in ArticleFR: CVE-2014-4170 The vulnerabilit...

7.5CVSS1.6AI score0.14144EPSS

htbridge•added 2014/03/14 12:0 a.m.•37 views

Сross-Site Request Forgery (CSRF) in XCloner Standalone

High-Tech Bridge Security Research Lab discovered vulnerability in XCloner Standalone, which can be exploited to perform Сross-Site Request Forgery CSRF attacks and gain complete control over the website. 1. Сross-Site Request Forgery CSRF in XCloner Standalone: CVE-2014-2579 1.1 The vulnerabilit...

7.6CVSS1AI score0.0621EPSS

htbridge•added 2014/01/29 12:0 a.m.•37 views

Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel

High-Tech Bridge Security Research Lab discovered two vulnerabilities in Seo Panel, which can be exploited to perform Cross-Site Scripting XSS attacks agains users of the vulnerable application to steal their sensitive data. 1 Two Cross-Site Scripting XSS in Seo Panel: CVE-2014-1855 1.1 The...

4.3CVSS6AI score0.01864EPSS

htbridge•added 2013/12/18 12:0 a.m.•37 views

Improper Authentication in Burden

High-Tech Bridge Security Research Lab discovered vulnerability in application authentication mechanism in Burden, which can be exploited by remote non-authenticated attacker to gain administrative access to the vulnerable application. 1 Improper Authentication in Burden: CVE-2013-7137 The...

7.5CVSS9.4AI score0.16075EPSS

htbridge•added 2013/11/20 12:0 a.m.•37 views

SQL Injection in InstantCMS

High-Tech Bridge Security Research Lab discovered blind SQL injection vulnerability in InstantCMS, which can be exploited to perform SQL Injection attacks, alter SQL requests and compromise vulnerable application. 1 SQL Injection in InstantCMS: CVE-2013-6839 The vulnerability exists due to...

7.5CVSS8.6AI score0.01299EPSS

Exploits7Affected Software1

htbridge•added 2013/04/17 12:0 a.m.•37 views

Multiple Vulnerabilities in Jojo CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Jojo CMS, which can be exploited to perform SQL Injection and Cross-Site Scripting XSS attacks. 1 SQL Injection in Jojo CMS: CVE-2013-3081 The vulnerability is caused by insufficient filtration of user-supplied input...

6.8CVSS7.3AI score0.03233EPSS

htbridge•added 2013/04/10 12:0 a.m.•37 views

SQL Injection in b2evolution

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in b2evolution, which can be exploited to alter SQL requests passed to the vulnerable application's database. 1 SQL Injection in b2evolution: CVE-2013-2945 The vulnerability exists due to insufficient validation of HTTP...

5.1CVSS0.7AI score0.02749EPSS