Multiple NULL Pointer Dereference Vulnerabilities in Corel Quattro Pro X6

High-Tech Bridge Security Research Lab discovered two null pointer dereference vulnerabilities in Corel Quattro Pro. Opening of a malicious QPW Quattro Pro Spreadsheet document causes immediate application crash, resulting in a loss of all unsaved current application data of the user. 1 Multiple...

Multiple vulnerabilities in LEPTON

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LEPTON, which can be exploited to perform Local File Inclusion, Cross Site Scripting and SQL Injection attacks. 1 Local File Inclusion in LEPTON: CVE-2012-0998 Input passed via the "language" POST parameter to...

Cross-site Scripting (XSS) Vulnerabilities in XOOPS

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in XOOPS which could be exploited to perform cross-site scripting and script insertion attacks. 1 Cross-site scripting XSS vulnerabilities in XOOPS: CVE-2011-4565 The vulnerability exists due to input sanitation error in the...

Cross-site Scripting (XSS) Vulnerability in Happy Chat

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Happy Chat which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Happy Chat The vulnerability exists due to input sanitation error in the "nick" parameter in...

Multiple Vulnerabilities in LoudBlog

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LoudBlog which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in LoudBlog The vulnerability exists due to input sanitation error in the "id"...

Multiple Vulnerabilities in PHPDug

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in PHPDug which could be exploited to perform cross-site scripting, cross-site request forgery attacks. 1 Cross-site scripting vulnerabilities in PHPDug 1.1 The vulnerability exists due to input sanitation error in...

Cross-site Scripting (XSS) Vulnerability in Question and Answer Forum

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Question and Answer Forum WordPress plugin which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Question and Answer Forum The vulnerability exists due to input...

Multiple Vulnerabilities in Eclime

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Eclime which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in Eclime: CVE-2010-4852 The vulnerability exists due to input sanitation error ...

Directory Traversal Vulnerability in 3D FTP Client

High-Tech Bridge SA Security Research Lab has discovered vulnerability in 3D FTP Client which could be exploited to execute arbitrary code on vulnerable system. 1 Directory Traversal Vulnerability in 3D FTP Client: CVE-2010-3102 The vulnerability exists due to insufficient sanitation of the...

Cross-site Scripting (XSS) Vulnerabilities in Grafik CMS

High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in Grafik CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Grafik CMS: CVE-2010-2615 The vulnerability exists due to input sanitation error in the...

SQL injection Vulnerabilities in WebDB

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in WebDB which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerabilities in WebDB 1.1 The vulnerability exists due to input sanitation errors in the multiple parameters in loisweb/index.as...

Multiple Vulnerabilities in LightNEasy CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LightNEasy CMS which could be exploited to perform script insertion, cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in LightNEasy CMS 1.1 The vulnerability...

Cross-site Scripting Vulnerability in Acuity CMS

High-Tech Bridge SA Security Research Lab has discovered a vulnerability in Acuity CMS which could be exploited to perform cross-site scripting XSS attacks. 1 Cross-site scripting vulnerability in Acuity CMS Input sanitation error was found in the "page" parameter in /admin/pages/addpage.asp. A...

Remote Buffer Overflow Vulnerability in Samsung Kies

High-Tech Bridge Security Research Lab has discovered buffer overflow vulnerability in Samsung Kies, which can be exploited to execute arbitrary code on vulnerable system. 1 Buffer overflow in Samsung Kies: CVE-2012-6429 The vulnerability exists due to insufficient sanitisation of input data in t...

Nero MediaHome Multiple Remote DoS Vulnerabilities

High-Tech Bridge Security Research Lab has discovered multiple DoS vulnerabilities in Nero Media Home server, which could be exploited by a malicious person to crash the server remotely. 1 Off-by-one errors in Nero MediaHome server: CVE-2012-5876 1.1 The vulnerability exists due to an off-by-one...

Cross-Site Scripting (XSS) in Jease

High-Tech Bridge Security Research Lab discovered vulnerability in Jease, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Jease: CVE-2012-4052 Input passed via the "author", "subject" and "comment" POST parameters when creating a new comment is no...

XSS in OneOrZero AIMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in OneOrZero AIMS, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in OneOrZero AIMS: CVE-2012-0989 Input appended to the URL after index.php is not properly sanitised...

Multiple vulnerabilities in Tine 2.0

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Tine 2.0, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Tine 2.0 1.1 Input passed via the "lang" GET parameter to /library/idnaconvert/example.php i...

Cross-site Scripting (XSS) Vulnerabilities in eShop for Wordpress

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in eShop for Wordpress which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in eShop for Wordpress 1.1 The vulnerability exists due to input sanitation error i...

SQL Injection Vulnerability in SuperCali PHP Event Calendar

High-Tech Bridge SA Security Research Lab has discovered vulnerability in SuperCali PHP Event Calendar which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerability in SuperCali PHP Event Calendar The vulnerability exists due to input sanitation errors in the "categoryi...

Multiple Vulnerabilities in Ajax Category Dropdown

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Ajax Category Dropdown WordPress plugin which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in Ajax Category Dropdown The vulnerability...

Cross-site Request Forgery (CSRF) in KaiBB

High-Tech Bridge SA Security Research Lab has discovered vulnerability in KaiBB which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in KaiBB The vulnerability exists due to insufficient validation of the request origin in admin/core/account.ph...

Cross-site Request Forgery (CSRF) in whCMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in whCMS which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in whCMS The vulnerability exists due to insufficient validation of the request origin in admin/index.php. A...

Cross-site Scripting (XSS) Vulnerability in ImpressCMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in ImpressCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in ImpressCMS: CVE-2010-4616 The vulnerability exists due to input sanitation error in the...

Directory Traversal Vulnerability in FilterFTP

High-Tech Bridge SA Security Research Lab has discovered vulnerability in FilterFTP which could be exploited to execute arbitrary code on vulnerable system. 1 Directory Traversal Vulnerability in FilterFTP: CVE-2010-4790 The vulnerability exists due to insufficient sanitation of the downloaded...

Cross-site Scripting (XSS) Vulnerabilities in Expression CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Expression CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Expression CMS 1.1 The vulnerability exists due to input sanitation error in the...

Multiple SQL injection vulnerabilities in e107

High-Tech Bridge SA Security Research Lab has discovered three SQL injection vulnerabilities in e107 which could lead to execution of arbitrary SQL commands in applications database. 1 SQL injection vulnerabilities in e107 1.1 An input validation error exists in the URL in /e107admin/wmessage.php...

Cross-site Scripting (XSS) Vulnerability in Prado Portal

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Prado Portal which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Prado Portal: CVE-2010-4958 The vulnerability exists due to input sanitation error in the "page"...

Multiple Vulnerabilities in BXR

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BXR which could be exploited to perform cross-site scripting, cross-site request forgery and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in BXR 1.1 The vulnerability exists due to input...

Multiple Vulnerabilities in CuteSITE CMS

High-Tech Bridge SA Security Research Lab has discovered three vulnerabilities in CuteSITE CMS which could be exploited to perform cross-site scripting and cross-site request forgery attacks and execute arbitrary SQL commands in applications database. 1 Cross-site scripting XSS vulnerability in...

Cross-Site Scripting (XSS) in Jamroom

High-Tech Bridge Security Research Lab discovered vulnerability in Jamroom, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Jamroom: CVE-2013-6804 The vulnerability exists due to insufficient sanitisation of user-supplied data in "searchstring" HT...

FireFly Media Server Multiple Remote DoS Vulnerabilities

High-Tech Bridge Security Research Lab has discovered multiple remote denial of service DoS vulnerabilities in FireFly Media Server, which could be exploited by a malicious person to crash a remote server. 1 Multiple NULL pointer dereference vulnerabilities in FireFly Media Server: CVE-2012-5875...

Multiple vulnerabilities in Samsung Kies

High-Tech Bridge Security Research Lab has discovered multiple vulnerabilities in Samsung Kies synchronization utility that allows remote attacker to compromise affected system, execute and modify arbitrary files, modify arbitrary directories and modify System Registry with privileges of the...

Multiple Vulnerabilities in LotusCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LotusCMS which can be exploited to perform cross-site scripting and cross-site request forgery attacks and gain access to sensitive information. 1 Cross-site scripting XSS vulnerabilities in LotusCMS 1.1 The...

Information Disclosure Vulnerability in Arctic Fox CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in Arctic Fox CMS which could be exploited to disclose potentially sensitive information. 1 Information disclosure vulnerability in Arctic Fox CMS The vulnerability exists due to insufficient handling of error messages in th...

Multiple Vulnerabilities in SweetRice CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SweetRice CMS which could be exploited to perform cross-site scripting and SQL injection attacks and change administrators password. 1 Cross-site scripting XSS vulnerability in SweetRice CMS The vulnerability...

Multiple Vulnerabilities in Pixie

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pixie which could be exploited to perform cross-site scripting, script insertions and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in Pixie The vulnerability exists due to input...

Cross-site Scripting (XSS) Vulnerabilities in CruxCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CruxCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in CruxCMS: CVE-2008-0700 The vulnerability exists due to input sanitation error in the "search"...

Cross-site Scripting (XSS) in DynamiXgate Affiliate Store Builder

High-Tech Bridge SA Security Research Lab has discovered vulnerability in DynamiXgate Affiliate Store Builder which could be exploited to perform cross-site scripting XSS attacks. 1 Cross-site scripting vulnerability in DynamiXgate Affiliate Store Builder The vulnerability exists due to...

SQL Injection in Dokeos

High-Tech Bridge Security Research Lab discovered vulnerability in Dokeos, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in Dokeos: CVE-2013-6341 The vulnerability exists due to insufficient validation of "language" HTTP GET parameter passed to "/index.php" script. A...

TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities

High-Tech Bridge Security Research Lab has discovered 2 remote DoS vulnerabilities in TVMOBiLi Media server, which could be exploited to crash remote server with malicious HTTP requests. 1 Improper Handling of Length Parameter Inconsistency in TVMOBiLi: CVE-2012-5451 1.1 The vulnerability exists...

Multiple vulnerabilities in OBM

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OBM, which can be exploited to perform cross-site scripting, local file inclusion and SQL injection attacks and gain access to sensitive information. 1 Local File Inclusion in OBM 1.1 Input passed via the "module...

IDrive Online Backup ActiveX control Insecure Method

High-Tech Bridge SA Security Research Lab has discovered vulnerability in IDrive Online Backup ActiveX control, which can be exploited to overwrite arbitrary files. 1 Insecure method in IDrive Online Backup ActiveX Control The vulnerability is caused due to the UniBasicPack.UniTextBox...

Multiple Vulnerabilities in ThreeDify Designer ActiveX Control

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ThreeDify Designer ActiveX Control which could be exploited to compromise vulnerable system. 1 Buffer overflow vulnerabilities in ThreeDify Designer ActiveX Control 1.1 Boundary error exists in the "cmdExport"...

Cross-site Scripting Vulnerabilities in N-13 News

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in N-13 News, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting vulnerabilities in N-13 News 1.1 Input passed via the GET "id" parameter to index.php is not properly sanitised...

Cross-site Scripting (XSS) Vulnerabilities in phpScheduleIt

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in phpScheduleIt which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in phpScheduleIt 1.1 The vulnerability exists due to input sanitation errors in URL in th...

Cross-site Scripting (XSS) Vulnerability in WP-Ajax-Recent-Posts

High-Tech Bridge SA Security Research Lab has discovered vulnerability in WP-Ajax-Recent-Posts which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in WP-Ajax-Recent-Posts The vulnerability exists due to input sanitation error in the "number"...

Multiple Vulnerabilities in UseBB

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in UseBB which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerabilities in UseBB 1.1 The vulnerability exists due to insufficient validation of the request...

Multiple Vulnerabilities in CosmoShop

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CosmoShop which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in CosmoShop 1.1 The vulnerability exists due to input sanitatio...

Cross-site Scripting (XSS) Vulnerabilities in Photopad

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Photopad which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Photopad: CVE-2011-1063 1.1 The vulnerability exists due to input sanitation errors in the...