Lucene search
K
HtbridgeMost viewed

559 matches found

htbridge
htbridge
added 2013/04/10 12:0 a.m.37 views

SQL Injection in b2evolution

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in b2evolution, which can be exploited to alter SQL requests passed to the vulnerable application's database. 1 SQL Injection in b2evolution: CVE-2013-2945 The vulnerability exists due to insufficient validation of HTTP...

5.1CVSS0.7AI score0.02749EPSS
Exploits5Affected Software1
htbridge
htbridge
added 2012/12/19 12:0 a.m.37 views

Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart

High-Tech Bridge Security Research Lab discovered XSS vulnerability in Quick.Cms and Quick.Cart - two products developed by OpenSolution team, which can be exploited to perform cross-site scripting attacks. 1. Cross-Site Scripting XSS vulnerability in Quick.Cms and Quick.Cart: CVE-2012-6430 The...

4.3CVSS5.4AI score0.0391EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2012/05/02 12:0 a.m.37 views

Multiple XSS in pragmaMx

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in pragmaMx, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Multiple Cross-Site Scripting XSS in pragmaMx: CVE-2012-2452 1.1 Input passed via a name of a GET parameter to modules.php is not...

4.3CVSS6.4AI score0.01699EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2010/12/02 12:0 a.m.37 views

Multiple Vulnerabilities in Habari

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Habari which could be exploited to perform cross-site scripting attacks and gain potentially sensitive information. 1 Information disclosure weakness in Habari: CVE-2010-4608 The weakness was found in the...

2.6CVSS6.3AI score0.02492EPSS
Exploits2Affected Software1
htbridge
htbridge
added 2014/09/24 12:0 a.m.36 views

Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in MaxButtons WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against logged-in administrator. 1 Reflected Cross-Site Scripting XSS in MaxButtons wordpress plugin: CVE-2014-7181 Input passed via t...

2.6CVSS0.1AI score0.02053EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2013/05/15 12:0 a.m.36 views

Multiple XSS Vulnerabilities in Xaraya

High-Tech Bridge Security Research Lab discovered four XSS vulnerabilities in Xaraya, which can be exploited to perform cross-site scripting attacks against administrators of vulnerable application. 1 Multiple Cross-Site Scripting XSS in Xaraya: CVE-2013-3639 1.1 The vulnerability exists due to...

2.6CVSS5.2AI score0.03217EPSS
Exploits2Affected Software1
htbridge
htbridge
added 2012/10/17 12:0 a.m.36 views

Cross-Site Request Forgery (CSRF) in CMS Made Simple

High-Tech Bridge Security Research Lab discovered vulnerability in CMS Made Simple, which can be exploited to perform cross-site request forgery CSRF attacks. 1. Сross-Site Request Forgery CSRF in CMS Made Simple: CVE-2012-5450 The application allows authorized administrator to perform certain...

2.6CVSS6.6AI score0.0087EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2012/04/04 12:0 a.m.36 views

Multiple vulnerabilities in Piwigo

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Piwigo, which can be exploited to perform Cross-Site Scripting XSS and Path Traversal attacks. 1 Directory Path Traversal in Piwigo: CVE-2012-2208 1.1 Input passed via the "language" GET parameter to upgrade.php ...

7.6CVSS1.2AI score0.09432EPSS
Exploits7Affected Software1
htbridge
htbridge
added 2012/03/21 12:0 a.m.36 views

XSS vulnerability in CMS Tree Page View Wordpress Plugin

High-Tech Bridge SA Security Research Lab has discovered vulnerability in CMS Tree Page View Wordpress Plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in CMS Tree Page View Wordpress Plugin: CVE-2012-1834 1.1 Input passed via the "cmstpvview"...

4.3CVSS0.1AI score0.02394EPSS
Exploits1Affected Software1
htbridge
htbridge
added 2011/03/29 12:0 a.m.36 views

Cross-site Request Forgery (CSRF) in Webjaxe

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Webjaxe which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in Webjaxe The vulnerability exists due to insufficient validation of the request origin in...

5.1CVSS6.3AI score0.00629EPSS
Exploits1Affected Software1
htbridge
htbridge
added 2010/12/21 12:0 a.m.36 views

Authentication Bypass Vulnerability in phpMySport

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in phpMySport which could be exploited to bypass authentication mechanisms and gain access to the application. 1 Authentication bypass vulnerability in phpMySport The vulnerability exists due to insufficient...

7.5CVSS7.5AI score
Exploits0Affected Software1
htbridge
htbridge
added 2010/09/27 12:0 a.m.36 views

Directory Traversal Vulnerability in CrossFTP Pro

High-Tech Bridge SA Security Research Lab has discovered vulnerability in CrossFTP Pro which could be exploited to execute arbitrary code on vulnerable system. 1 Directory Traversal Vulnerability in CrossFTP Pro: CVE-2010-4153 The vulnerability exists due to insufficient sanitation of the...

7.6CVSS7.8AI score0.01418EPSS
Exploits0Affected Software1
htbridge
htbridge
added 2010/07/08 12:0 a.m.36 views

Multiple Cross-site Scripting (XSS) Vulnerabilities in Spitfire

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Spitfire which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Spitfire 1.1 The vulnerability exists due to input sanitation error in the "cmsid" and...

4.3CVSS6.5AI score
Exploits0Affected Software1
htbridge
htbridge
added 2010/05/18 12:0 a.m.36 views

Multiple Vulnerabilities in Ecomat CMS

High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in Ecomat CMS which could be exploited to perform cross-site scripting attacks and execute arbitrary SQL commands in applications database. 1 Cross-site scripting XSS vulnerability in Ecomat CMS: CVE-2010-5030 The...

7.5CVSS7AI score0.01272EPSS
Exploits2Affected Software1
htbridge
htbridge
added 2014/12/29 12:0 a.m.35 views

Self-XSS in Microsoft Dynamics CRM 2013 SP1

High-Tech Bridge Security Research Lab discovered a DOM-based self-XSS vulnerability in Microsoft Dynamics CRM 2013 SP1, which can be exploited to perform Cross-Site Scripting attacks against authenticated users. The vulnerability exists due to insufficient filtration of user-supplied input passe...

2.6CVSS5.9AI score
Exploits0Affected Software1
htbridge
htbridge
added 2014/07/09 12:0 a.m.35 views

Reflected Cross-Site Scripting (XSS) in Textpattern

High-Tech Bridge Security Research Lab discovered XSS vulnerability in Textpattern, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application. 1 Reflected Cross-Site Scripting XSS in Textpattern: CVE-2014-4737 The vulnerability exists due to insufficie...

4.3CVSS5.5AI score0.01925EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2011/12/21 12:0 a.m.35 views

Multiple XSS in KnowledgeTree Community Edition

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in KnowledgeTree Community Edition, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in KnowledgeTree Community Edition: CVE-2012-0988 Input appended to the...

4.3CVSS6.2AI score0.01803EPSS
Exploits1Affected Software1
htbridge
htbridge
added 2011/12/07 12:0 a.m.35 views

2 Buffer Overflows in Wireless Manager Sony VAIO

High-Tech Bridge SA Security Research Lab has discovered 2 buffer overflow vulnerabilities in Wireless Manager Sony VAIO which can be exploited to execute arbitrary code on vulnerable system. 1 Buffer Overflow in Wireless Manager Sony VAIO: CVE-2012-0985 1.1 The method SetTmpProfileOption in...

9.3CVSS1.3AI score0.12984EPSS
Exploits6Affected Software1
htbridge
htbridge
added 2011/08/24 12:0 a.m.35 views

Multiple Vulnerabilities in SiT! Support Incident Tracker

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform cross-site scripting, cross-site request forgery and SQL injection attacks. 1 Cross-site scripting XSS vulnerabilities in SiT! Support Incident...

7.5CVSS7.6AI score0.01626EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2011/03/17 12:0 a.m.35 views

Cross-site Request Forgery (CSRF) Vulnerability in InTerra Blog Machine

High-Tech Bridge SA Security Research Lab has discovered vulnerability in InTerra Blog Machine which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerability in InTerra Blog Machine: CVE-2011-1670 The vulnerability exists due to insufficien...

2.6CVSS6.8AI score0.01741EPSS
Exploits1Affected Software1
htbridge
htbridge
added 2010/09/27 12:0 a.m.35 views

Directory Traversal Vulnerability in FreshFTP

High-Tech Bridge SA Security Research Lab has discovered vulnerability in FreshFTP which could be exploited to execute arbitrary code on vulnerable system. 1 Directory Traversal Vulnerability in FreshFTP: CVE-2010-4149 The vulnerability exists due to insufficient sanitation of the downloaded...

7.6CVSS7.6AI score0.01648EPSS
Exploits0Affected Software1
htbridge
htbridge
added 2010/08/02 12:0 a.m.35 views

Cross-site Request Forgery (CSRF) in pimcore

High-Tech Bridge SA Security Research Lab has discovered vulnerability in pimcore which could be exploited to perform cross-site request forgery attacks. 1 Cross-site Request Forgery CSRF in pimcore The vulnerability exists due to insufficient validation of the request origin in...

2.6CVSS7.3AI score
Exploits0Affected Software1
htbridge
htbridge
added 2010/07/22 12:0 a.m.35 views

Directory Traversal Vulnerability in Frigate 3 FTP Client

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Frigate 3 built-in FTP client which could be exploited to execute arbitrary code on vulnerable system. 1 Directory Traversal Vulnerability in Frigate 3 FTP Client: CVE-2010-3097 The vulnerability exists due to insufficient...

7.6CVSS7.8AI score0.0152EPSS
Exploits0Affected Software1
htbridge
htbridge
added 2014/06/18 12:0 a.m.34 views

Reflected Cross-Site Scripting (XSS) in e107

High-Tech Bridge Security Research Lab discovered vulnerability in e107, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in e107: CVE-2014-4734 The vulnerability exists due to insufficient sanitization of "type" HTTP GET parameter passed to...

2.6CVSS5.5AI score0.01892EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2014/04/02 12:0 a.m.34 views

Cross-Site Scripting (XSS) in Offiria

High-Tech Bridge Security Research Lab discovered vulnerability in Offiria, which can be exploited to perform Cross-Site Scripting XSS attacks against users of vulnerable application. 1 Reflected Cross-Site Scripting XSS in Offiria: CVE-2014-2689 The vulnerability exists due to insufficient...

4.3CVSS5.7AI score0.01193EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2013/10/23 12:0 a.m.34 views

Multiple Cross-Site Scripting (XSS) in Claroline

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Claroline, which can be exploited to perform Cross-Site Scripting XSS attacks against vulnerable web application visitors and administrators. 1 Cross-Site Scripting XSS in Claroline: CVE-2013-6267 1.1 The vulnerability...

4.3CVSS6.1AI score0.01379EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2013/07/31 12:0 a.m.34 views

Improper Access Control in Collabtive

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Collabtive, which can be exploited to gain complete control over the application. 1 Improper Access Control in Collabtive: CVE-2013-5027 The vulnerability exists due to improper access restrictions to the third installation...

7.5CVSS9.2AI score0.01253EPSS
Exploits1Affected Software1
htbridge
htbridge
added 2013/01/23 12:0 a.m.34 views

Multiple Cross-Site Scripting (XSS) vulnerabilities in GetSimple CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in GetSimple CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. The application has XSS filter, however it can be bypassed as demonstrated below. 1 Cross-Site Scripting XSS in GetSimple CMS:...

2.6CVSS6AI score0.0106EPSS
Exploits5Affected Software1
htbridge
htbridge
added 2012/11/14 12:0 a.m.34 views

Multiple vulnerabilities in Achievo

High-Tech Bridge Security Research Lab discovered two vulnerabilities in Achievo, which can be exploited to perform SQL injection and cross-site scripting XSS attacks. 1 SQL Injection vulnerability in Achievo: CVE-2012-5865 The vulnerability was discovered in the "dispatch.php" script while...

4.3CVSS1.2AI score0.01201EPSS
Exploits7Affected Software1
htbridge
htbridge
added 2012/10/24 12:0 a.m.34 views

Multiple vulnerabilities in BabyGekko

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in BabyGekko, which can be exploited to include local PHP files, perform SQL Injection and Cross-Site Scripting XSS attacks. 1 Multiple SQL Injections in BabyGekko: CVE-2012-5698 Two SQL injections exist in BabyGekko...

7.6CVSS9.7AI score0.04937EPSS
Exploits6Affected Software1
htbridge
htbridge
added 2012/09/05 12:0 a.m.34 views

Multiple vulnerabilities in Subrion CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Subrion CMS, which can be exploited to perform Cross-Site Scripting XSS, SQL Injection and Сross-Site Request Forgery CSRF attacks. 1 SQL Injection in Subrion CMS: CVE-2012-4772 Input passed via the "planid" POST...

7.5CVSS7.4AI score0.04393EPSS
Exploits8Affected Software1
htbridge
htbridge
added 2012/01/11 12:0 a.m.34 views

Multiple vulnerabilities in OpenEMR

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OpenEMR, which can be exploited to perform local file inclusion and arbitrary command execution attacks. 1 Multiple Local File Inclusion vulnerabilities in OpenEMR: CVE-2012-0991 1.1 Input passed via the "formnam...

7.1CVSS7.4AI score0.11261EPSS
Exploits2Affected Software1
htbridge
htbridge
added 2011/05/25 12:0 a.m.34 views

Multiple Vulnerabilities in miniblog

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in miniblog which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in miniblog 1.1 The vulnerability exists due to input sanitation error i...

5.1CVSS6.5AI score
Exploits0Affected Software1
htbridge
htbridge
added 2011/05/17 12:0 a.m.34 views

Cross-site Scripting (XSS) Vulnerability in Happy Chat

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Happy Chat which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Happy Chat The vulnerability exists due to input sanitation error in the "nick" parameter in...

4.3CVSS6AI score
Exploits0Affected Software1
htbridge
htbridge
added 2011/04/19 12:0 a.m.34 views

SQL Injection Vulnerability in Shutter

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Shutter which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerability in Shutter The vulnerability exists due to input sanitation errors in the "albumID" parameter in index.html. A remote attacker...

7.5CVSS8.5AI score
Exploits0Affected Software1
htbridge
htbridge
added 2011/01/18 12:0 a.m.34 views

Multiple Vulnerabilities in Redaxscript

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Redaxscript which could be exploited to perform SQL injection attacks and gain access to sensitive information. 1 SQL injection vulnerabilities in Redaxscript The vulnerability exists due to input sanitation erro...

7.5CVSS8.8AI score
Exploits0Affected Software1
htbridge
htbridge
added 2010/12/07 12:0 a.m.34 views

Multiple Vulnerabilities in Hycus CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Hycus CMS which could be exploited to perform SQL injection attacks, gain access to sensitive information and compromise vulnerable system. 1 SQL injection vulnerabilities in Hycus CMS: CVE-2010-4612 The...

7.6CVSS7.9AI score0.06051EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2010/11/16 12:0 a.m.34 views

Multiple Vulnerabilities in DynPG

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in DynPG which could be exploited to perform SQL injection attacks, disclose potentially sensitive information and compromise vulnerable system. 1 Installation path disclosure weakness in in DynPG: CVE-2010-4401 The...

7.6CVSS7.7AI score0.0561EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2010/11/02 12:0 a.m.34 views

Installation Path Disclosure Weakness in CLANSPHERE

High-Tech Bridge SA Security Research Lab has discovered a weakness in CLANSPHERE which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in CLANSPHERE The weakness exists due to application reveals the full path to installation...

5CVSS6.9AI score
Exploits0Affected Software1
htbridge
htbridge
added 2010/10/05 12:0 a.m.34 views

SQL Injection Vulnerability in DeluxeBB

High-Tech Bridge SA Security Research Lab has discovered vulnerability in DeluxeBB which could be exploited to execute arbitrary SQL commands in applications database. 1 SQL injection vulnerability in DeluxeBB: CVE-2010-4151 An input validation error exists in the "xthedateformat" parameter in...

7.5CVSS8AI score0.01181EPSS
Exploits1Affected Software1
htbridge
htbridge
added 2010/09/27 12:0 a.m.34 views

Directory Traversal Vulnerability in AnyConnect

High-Tech Bridge SA Security Research Lab has discovered vulnerability in AnyConnect which could be exploited to execute arbitrary code on vulnerable system. 1 Directory Traversal Vulnerability in AnyConnect: CVE-2010-4148 The vulnerability exists due to insufficient sanitation of the downloaded...

7.6CVSS7.8AI score0.01761EPSS
Exploits1Affected Software1
htbridge
htbridge
added 2010/09/20 12:0 a.m.34 views

Cross-site Scripting (XSS) Vulnerabilities in Docebo

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Docebo which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Docebo 1.1 The vulnerability exists due to input sanitation error in the "upsignature" paramete...

4.3CVSS6.3AI score
Exploits0Affected Software1
htbridge
htbridge
added 2010/06/07 12:0 a.m.34 views

Cross-site Scripting (XSS) Vulnerabilities in odCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in odCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in odCMS 1.1 The vulnerability exists due to input sanitation error in the "content" parameter in...

4.3CVSS6.3AI score
Exploits0Affected Software1
htbridge
htbridge
added 2010/04/19 12:0 a.m.34 views

Cross-site Scripting Vulnerability in Acuity CMS

High-Tech Bridge SA Security Research Lab has discovered a vulnerability in Acuity CMS which could be exploited to perform cross-site scripting XSS attacks. 1 Cross-site scripting vulnerability in Acuity CMS Input sanitation error was found in the "page" parameter in /admin/pages/addpage.asp. A...

2.6CVSS6.1AI score
Exploits0Affected Software1
htbridge
htbridge
added 2014/10/15 12:0 a.m.33 views

Arbitrary File Upload in HelpDEZk

High-Tech Bridge Security Research Lab discovered vulnerability in HelpDEZk, which can be exploited to compromise vulnerable web site. 1 Unrestricted Upload of File with Dangerous Type in HelpDEZk: CVE-2014-8337 The vulnerability exists due to absence of validation of file extensions when uploadi...

10CVSS9.4AI score0.04798EPSS
Exploits4Affected Software1
htbridge
htbridge
added 2014/05/14 12:0 a.m.33 views

Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite

High-Tech Bridge Security Research Lab discovered XSS vulnerability in Storesprite, which can be exploited to perform Cross-Site Scripting attacks. 1 Reflected Cross-Site Scripting XSS in Storesprite: CVE-2014-3737 The vulnerability exists due to insufficient sanitisation of user-supplied data in...

4.3CVSS5.6AI score0.02097EPSS
Exploits1Affected Software1
htbridge
htbridge
added 2014/04/16 12:0 a.m.33 views

Сross-Site Request Forgery (CSRF) in TAO

High-Tech Bridge Security Research Lab discovered vulnerability in TAO, which can be exploited to gain complete administrative control over the vulnerable application. 1 Сross-Site Request Forgery CSRF in TAO: CVE-2014-2989 The vulnerability exists due to insufficient verification of the HTTP...

5.1CVSS7AI score0.012EPSS
Exploits1Affected Software1
htbridge
htbridge
added 2013/10/09 12:0 a.m.33 views

SQL Injection in appRain

High-Tech Bridge Security Research Lab discovered vulnerability in appRain, which can be exploited to perform SQL Injection attacks. 1 Blind SQL Injection in appRain: CVE-2013-6058 The vulnerability is caused by insufficient validation of user-supplied data appended to "/blog-by-cat/" URL. Remote...

7.5CVSS2.2AI score0.0248EPSS
Exploits7Affected Software1
htbridge
htbridge
added 2013/07/24 12:0 a.m.33 views

Cross-Site Scripting (XSS) in Twilight CMS

High-Tech Bridge Security Research Lab discovered vulnerability in Twilight CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Twilight CMS: CVE-2013-4899 The vulnerability exists due to insufficient filtration of user-supplied data appended to...

4.3CVSS5.8AI score0.01193EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2013/07/24 12:0 a.m.33 views

Path Traversal in DeWeS Web Server (Twilight CMS)

High-Tech Bridge Security Research Lab discovered path traversal vulnerability in DeWeS web server that is supplied in package with Twilight CMS Windows version, which can be exploited to read arbitrary files on vulnerable system. 1 Path Traversal in DeWeS Web Server: CVE-2013-4900 The...

5CVSS6.7AI score0.04111EPSS
Exploits5Affected Software1
Total number of security vulnerabilities559