559 matches found
SQL Injection in b2evolution
High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in b2evolution, which can be exploited to alter SQL requests passed to the vulnerable application's database. 1 SQL Injection in b2evolution: CVE-2013-2945 The vulnerability exists due to insufficient validation of HTTP...
Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart
High-Tech Bridge Security Research Lab discovered XSS vulnerability in Quick.Cms and Quick.Cart - two products developed by OpenSolution team, which can be exploited to perform cross-site scripting attacks. 1. Cross-Site Scripting XSS vulnerability in Quick.Cms and Quick.Cart: CVE-2012-6430 The...
Multiple XSS in pragmaMx
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in pragmaMx, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Multiple Cross-Site Scripting XSS in pragmaMx: CVE-2012-2452 1.1 Input passed via a name of a GET parameter to modules.php is not...
Multiple Vulnerabilities in Habari
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Habari which could be exploited to perform cross-site scripting attacks and gain potentially sensitive information. 1 Information disclosure weakness in Habari: CVE-2010-4608 The weakness was found in the...
Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin
High-Tech Bridge Security Research Lab discovered vulnerability in MaxButtons WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against logged-in administrator. 1 Reflected Cross-Site Scripting XSS in MaxButtons wordpress plugin: CVE-2014-7181 Input passed via t...
Multiple XSS Vulnerabilities in Xaraya
High-Tech Bridge Security Research Lab discovered four XSS vulnerabilities in Xaraya, which can be exploited to perform cross-site scripting attacks against administrators of vulnerable application. 1 Multiple Cross-Site Scripting XSS in Xaraya: CVE-2013-3639 1.1 The vulnerability exists due to...
Cross-Site Request Forgery (CSRF) in CMS Made Simple
High-Tech Bridge Security Research Lab discovered vulnerability in CMS Made Simple, which can be exploited to perform cross-site request forgery CSRF attacks. 1. Сross-Site Request Forgery CSRF in CMS Made Simple: CVE-2012-5450 The application allows authorized administrator to perform certain...
Multiple vulnerabilities in Piwigo
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Piwigo, which can be exploited to perform Cross-Site Scripting XSS and Path Traversal attacks. 1 Directory Path Traversal in Piwigo: CVE-2012-2208 1.1 Input passed via the "language" GET parameter to upgrade.php ...
XSS vulnerability in CMS Tree Page View Wordpress Plugin
High-Tech Bridge SA Security Research Lab has discovered vulnerability in CMS Tree Page View Wordpress Plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in CMS Tree Page View Wordpress Plugin: CVE-2012-1834 1.1 Input passed via the "cmstpvview"...
Cross-site Request Forgery (CSRF) in Webjaxe
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Webjaxe which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in Webjaxe The vulnerability exists due to insufficient validation of the request origin in...
Authentication Bypass Vulnerability in phpMySport
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in phpMySport which could be exploited to bypass authentication mechanisms and gain access to the application. 1 Authentication bypass vulnerability in phpMySport The vulnerability exists due to insufficient...
Directory Traversal Vulnerability in CrossFTP Pro
High-Tech Bridge SA Security Research Lab has discovered vulnerability in CrossFTP Pro which could be exploited to execute arbitrary code on vulnerable system. 1 Directory Traversal Vulnerability in CrossFTP Pro: CVE-2010-4153 The vulnerability exists due to insufficient sanitation of the...
Multiple Cross-site Scripting (XSS) Vulnerabilities in Spitfire
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Spitfire which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Spitfire 1.1 The vulnerability exists due to input sanitation error in the "cmsid" and...
Multiple Vulnerabilities in Ecomat CMS
High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in Ecomat CMS which could be exploited to perform cross-site scripting attacks and execute arbitrary SQL commands in applications database. 1 Cross-site scripting XSS vulnerability in Ecomat CMS: CVE-2010-5030 The...
Self-XSS in Microsoft Dynamics CRM 2013 SP1
High-Tech Bridge Security Research Lab discovered a DOM-based self-XSS vulnerability in Microsoft Dynamics CRM 2013 SP1, which can be exploited to perform Cross-Site Scripting attacks against authenticated users. The vulnerability exists due to insufficient filtration of user-supplied input passe...
Reflected Cross-Site Scripting (XSS) in Textpattern
High-Tech Bridge Security Research Lab discovered XSS vulnerability in Textpattern, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application. 1 Reflected Cross-Site Scripting XSS in Textpattern: CVE-2014-4737 The vulnerability exists due to insufficie...
Multiple XSS in KnowledgeTree Community Edition
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in KnowledgeTree Community Edition, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in KnowledgeTree Community Edition: CVE-2012-0988 Input appended to the...
2 Buffer Overflows in Wireless Manager Sony VAIO
High-Tech Bridge SA Security Research Lab has discovered 2 buffer overflow vulnerabilities in Wireless Manager Sony VAIO which can be exploited to execute arbitrary code on vulnerable system. 1 Buffer Overflow in Wireless Manager Sony VAIO: CVE-2012-0985 1.1 The method SetTmpProfileOption in...
Multiple Vulnerabilities in SiT! Support Incident Tracker
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform cross-site scripting, cross-site request forgery and SQL injection attacks. 1 Cross-site scripting XSS vulnerabilities in SiT! Support Incident...
Cross-site Request Forgery (CSRF) Vulnerability in InTerra Blog Machine
High-Tech Bridge SA Security Research Lab has discovered vulnerability in InTerra Blog Machine which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerability in InTerra Blog Machine: CVE-2011-1670 The vulnerability exists due to insufficien...
Directory Traversal Vulnerability in FreshFTP
High-Tech Bridge SA Security Research Lab has discovered vulnerability in FreshFTP which could be exploited to execute arbitrary code on vulnerable system. 1 Directory Traversal Vulnerability in FreshFTP: CVE-2010-4149 The vulnerability exists due to insufficient sanitation of the downloaded...
Cross-site Request Forgery (CSRF) in pimcore
High-Tech Bridge SA Security Research Lab has discovered vulnerability in pimcore which could be exploited to perform cross-site request forgery attacks. 1 Cross-site Request Forgery CSRF in pimcore The vulnerability exists due to insufficient validation of the request origin in...
Directory Traversal Vulnerability in Frigate 3 FTP Client
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Frigate 3 built-in FTP client which could be exploited to execute arbitrary code on vulnerable system. 1 Directory Traversal Vulnerability in Frigate 3 FTP Client: CVE-2010-3097 The vulnerability exists due to insufficient...
Reflected Cross-Site Scripting (XSS) in e107
High-Tech Bridge Security Research Lab discovered vulnerability in e107, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in e107: CVE-2014-4734 The vulnerability exists due to insufficient sanitization of "type" HTTP GET parameter passed to...
Cross-Site Scripting (XSS) in Offiria
High-Tech Bridge Security Research Lab discovered vulnerability in Offiria, which can be exploited to perform Cross-Site Scripting XSS attacks against users of vulnerable application. 1 Reflected Cross-Site Scripting XSS in Offiria: CVE-2014-2689 The vulnerability exists due to insufficient...
Multiple Cross-Site Scripting (XSS) in Claroline
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Claroline, which can be exploited to perform Cross-Site Scripting XSS attacks against vulnerable web application visitors and administrators. 1 Cross-Site Scripting XSS in Claroline: CVE-2013-6267 1.1 The vulnerability...
Improper Access Control in Collabtive
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Collabtive, which can be exploited to gain complete control over the application. 1 Improper Access Control in Collabtive: CVE-2013-5027 The vulnerability exists due to improper access restrictions to the third installation...
Multiple Cross-Site Scripting (XSS) vulnerabilities in GetSimple CMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in GetSimple CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. The application has XSS filter, however it can be bypassed as demonstrated below. 1 Cross-Site Scripting XSS in GetSimple CMS:...
Multiple vulnerabilities in Achievo
High-Tech Bridge Security Research Lab discovered two vulnerabilities in Achievo, which can be exploited to perform SQL injection and cross-site scripting XSS attacks. 1 SQL Injection vulnerability in Achievo: CVE-2012-5865 The vulnerability was discovered in the "dispatch.php" script while...
Multiple vulnerabilities in BabyGekko
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in BabyGekko, which can be exploited to include local PHP files, perform SQL Injection and Cross-Site Scripting XSS attacks. 1 Multiple SQL Injections in BabyGekko: CVE-2012-5698 Two SQL injections exist in BabyGekko...
Multiple vulnerabilities in Subrion CMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Subrion CMS, which can be exploited to perform Cross-Site Scripting XSS, SQL Injection and Сross-Site Request Forgery CSRF attacks. 1 SQL Injection in Subrion CMS: CVE-2012-4772 Input passed via the "planid" POST...
Multiple vulnerabilities in OpenEMR
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OpenEMR, which can be exploited to perform local file inclusion and arbitrary command execution attacks. 1 Multiple Local File Inclusion vulnerabilities in OpenEMR: CVE-2012-0991 1.1 Input passed via the "formnam...
Multiple Vulnerabilities in miniblog
High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in miniblog which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in miniblog 1.1 The vulnerability exists due to input sanitation error i...
Cross-site Scripting (XSS) Vulnerability in Happy Chat
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Happy Chat which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Happy Chat The vulnerability exists due to input sanitation error in the "nick" parameter in...
SQL Injection Vulnerability in Shutter
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Shutter which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerability in Shutter The vulnerability exists due to input sanitation errors in the "albumID" parameter in index.html. A remote attacker...
Multiple Vulnerabilities in Redaxscript
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Redaxscript which could be exploited to perform SQL injection attacks and gain access to sensitive information. 1 SQL injection vulnerabilities in Redaxscript The vulnerability exists due to input sanitation erro...
Multiple Vulnerabilities in Hycus CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Hycus CMS which could be exploited to perform SQL injection attacks, gain access to sensitive information and compromise vulnerable system. 1 SQL injection vulnerabilities in Hycus CMS: CVE-2010-4612 The...
Multiple Vulnerabilities in DynPG
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in DynPG which could be exploited to perform SQL injection attacks, disclose potentially sensitive information and compromise vulnerable system. 1 Installation path disclosure weakness in in DynPG: CVE-2010-4401 The...
Installation Path Disclosure Weakness in CLANSPHERE
High-Tech Bridge SA Security Research Lab has discovered a weakness in CLANSPHERE which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in CLANSPHERE The weakness exists due to application reveals the full path to installation...
SQL Injection Vulnerability in DeluxeBB
High-Tech Bridge SA Security Research Lab has discovered vulnerability in DeluxeBB which could be exploited to execute arbitrary SQL commands in applications database. 1 SQL injection vulnerability in DeluxeBB: CVE-2010-4151 An input validation error exists in the "xthedateformat" parameter in...
Directory Traversal Vulnerability in AnyConnect
High-Tech Bridge SA Security Research Lab has discovered vulnerability in AnyConnect which could be exploited to execute arbitrary code on vulnerable system. 1 Directory Traversal Vulnerability in AnyConnect: CVE-2010-4148 The vulnerability exists due to insufficient sanitation of the downloaded...
Cross-site Scripting (XSS) Vulnerabilities in Docebo
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Docebo which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Docebo 1.1 The vulnerability exists due to input sanitation error in the "upsignature" paramete...
Cross-site Scripting (XSS) Vulnerabilities in odCMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in odCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in odCMS 1.1 The vulnerability exists due to input sanitation error in the "content" parameter in...
Cross-site Scripting Vulnerability in Acuity CMS
High-Tech Bridge SA Security Research Lab has discovered a vulnerability in Acuity CMS which could be exploited to perform cross-site scripting XSS attacks. 1 Cross-site scripting vulnerability in Acuity CMS Input sanitation error was found in the "page" parameter in /admin/pages/addpage.asp. A...
Arbitrary File Upload in HelpDEZk
High-Tech Bridge Security Research Lab discovered vulnerability in HelpDEZk, which can be exploited to compromise vulnerable web site. 1 Unrestricted Upload of File with Dangerous Type in HelpDEZk: CVE-2014-8337 The vulnerability exists due to absence of validation of file extensions when uploadi...
Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite
High-Tech Bridge Security Research Lab discovered XSS vulnerability in Storesprite, which can be exploited to perform Cross-Site Scripting attacks. 1 Reflected Cross-Site Scripting XSS in Storesprite: CVE-2014-3737 The vulnerability exists due to insufficient sanitisation of user-supplied data in...
Сross-Site Request Forgery (CSRF) in TAO
High-Tech Bridge Security Research Lab discovered vulnerability in TAO, which can be exploited to gain complete administrative control over the vulnerable application. 1 Сross-Site Request Forgery CSRF in TAO: CVE-2014-2989 The vulnerability exists due to insufficient verification of the HTTP...
SQL Injection in appRain
High-Tech Bridge Security Research Lab discovered vulnerability in appRain, which can be exploited to perform SQL Injection attacks. 1 Blind SQL Injection in appRain: CVE-2013-6058 The vulnerability is caused by insufficient validation of user-supplied data appended to "/blog-by-cat/" URL. Remote...
Cross-Site Scripting (XSS) in Twilight CMS
High-Tech Bridge Security Research Lab discovered vulnerability in Twilight CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Twilight CMS: CVE-2013-4899 The vulnerability exists due to insufficient filtration of user-supplied data appended to...
Path Traversal in DeWeS Web Server (Twilight CMS)
High-Tech Bridge Security Research Lab discovered path traversal vulnerability in DeWeS web server that is supplied in package with Twilight CMS Windows version, which can be exploited to read arbitrary files on vulnerable system. 1 Path Traversal in DeWeS Web Server: CVE-2013-4900 The...