SQL Injection in Huge IT Slider WordPress Plugin

High-Tech Bridge Security Research Lab discovered an SQL injection vulnerability in Huge IT Slider WordPress Plugin. This vulnerability can be exploited by website administrators as well as anonymous attackers to inject and execute arbitrary SQL queries within the application’s database. 1 SQL...

Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Easing Slider WordPress plugin, which can be exploited against administrators of WordPress with the vulnerable plugin to perform Cross-Site Scripting attacks. Successful exploitation of the vulnerabilities may allow an...

Multiple Vulnerabilities in my little forum

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in my little forum, which can be exploited to perform SQL Injection and Cross-Site Scripting XSS attacks. The SQL injection vulnerabilities have medium risk assigned as they can be exploited under administrator account or...

Two XSS Vulnerabilities in SupportCenter Plus

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in a web-based customer support software SupportCenter Plus. These vulnerabilities can be exploited to perform Cross-Site Scripting attacks against authenticated users of the vulnerable software. 1 Cross-Site Scripting XSS ...

Local PHP File Inclusion in FluxBB

High-Tech Bridge Security Research Lab discovered vulnerability in FluxBB, which can be exploited to compromise vulnerable system. 1 Local PHP File Inclusion in FluxBB: CVE-2014-9574 The vulnerability exists due to absence of filtration of the "installlang" HTTP GET parameter before including PHP...

Self-XSS in Microsoft Dynamics CRM 2013 SP1

High-Tech Bridge Security Research Lab discovered a DOM-based self-XSS vulnerability in Microsoft Dynamics CRM 2013 SP1, which can be exploited to perform Cross-Site Scripting attacks against authenticated users. The vulnerability exists due to insufficient filtration of user-supplied input passe...

Two XSS vulnerabilities in Simple Security WordPress Plugin

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Simple Security WordPress plugin, which can be exploited to perform Cross-Site Scripting attacks against administrators of WP websites with the vulnerable plugin. 1 Two Cross-Site Scripting XSS Vulnerabilities in Simple...

Heap Buffer Overflow in PHP

High-Tech Bridge Security Research Lab discovered a remote heap buffer overflow vulnerability in PHP, which can be exploited to cause a denial of service or execute arbitrary code on the target system. 1 Heap Buffer Overflow in PHP: CVE-2014-9705 The vulnerability resides within the...

Multiple vulnerabilities in MantisBT

High-Tech Bridge Security Research Lab has discovered multiple vulnerabilities in MantisBT, which can be exploited to perform Cross-Site Scripting XSS and SQL injection attacks. Improper access control vulnerability discloses database's credentials login and password in plaintext. 1 Cross-Site...

Cross-Site Scripting (XSS) in Revive Adserver

High-Tech Bridge Security Research Lab discovered an XSS vulnerability in Revive Adserver formerly known as OpenX Source, which can be exploited to perform Cross-Site Scripting attacks against authenticated users and administrators of the vulnerable application leading to total compromise of the...

Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension

High-Tech Bridge Security Research Lab discovered vulnerability in Simple Email Form Joomla Extension, which can be exploited to perform Cross-Site Scripting XSS attacks against visitors and administrators of Joomla websites with installed plugin. 1 Reflected Cross-Site Scripting XSS in Simple...

Сross-Site Request Forgery (CSRF) in xEpan

High-Tech Bridge Security Research Lab discovered vulnerability in xEpan, which can be exploited to compromise vulnerable web site. 1 Сross-Site Request Forgery CSRF in xEpan: CVE-2014-8429 The vulnerability exists due to insufficient validation of the HTTP request origin when creating new user...

Arbitrary File Upload in HelpDEZk

High-Tech Bridge Security Research Lab discovered vulnerability in HelpDEZk, which can be exploited to compromise vulnerable web site. 1 Unrestricted Upload of File with Dangerous Type in HelpDEZk: CVE-2014-8337 The vulnerability exists due to absence of validation of file extensions when uploadi...

Multiple vulnerabilities in EspoCRM

High-Tech Bridge Security Research Lab discovered multiple high-risk vulnerabilities in EspoCRM, which can be exploited by remote attacker to execute arbitrary PHP code on a vulnerable system, reinstall the application from scratch, and compromise the entire system as the result. EspoCRM is also...

Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin

High-Tech Bridge Security Research Lab discovered three XSS vulnerabilities in WP Google Maps WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrators of vulnerable WP website. 1 Multiple XSS in WP Google Maps WordPress plugin: CVE-2014-7182 1.1...

Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in MaxButtons WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against logged-in administrator. 1 Reflected Cross-Site Scripting XSS in MaxButtons wordpress plugin: CVE-2014-7181 Input passed via t...

Two XSS in Contact Form DB WordPress plugin

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Contact Form DB WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrator of a WordPress website with vulnerable plugin installed. 1 Two Cross-Site Scripting XSS...

Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in EWWW Image Optimizer WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrator of a WordPress website with vulnerable plugin. 1 Reflected Cross-Site Scripting XSS in EWWW Image...

Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in Google Calendar Events WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrator of a WordPress website with vulnerable plugin. 1 Reflected Cross-Site Scripting XSS in Google Calend...

Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin

High-Tech Bridge Security Research Lab discovered three vulnerabilities in Photo Gallery WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Photo Gallery WordPress plugin: CVE-2014-6315 1.1 Input passed via the "callback" HTTP GET...

Two SQL Injections in All In One WP Security WordPress plugin

High-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin, which can be exploited to perform SQL Injection attacks. Both vulnerabilities require administrative privileges, however can be also exploited by non-authenticated...

Reflected Cross-Site Scripting (XSS) in MODX Revolution

High-Tech Bridge Security Research Lab discovered vulnerability in MODX Revolution, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in MODX Revolution: CVE-2014-5451 The vulnerability exists due to insufficient sanitization of input data...

Reflected Cross-Site Scripting (XSS) in BlackCat CMS

High-Tech Bridge Security Research Lab discovered vulnerability in BlackCat CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in BlackCat CMS: CVE-2014-5259 The vulnerability exists due to insufficient sanitization of the "msg" HTTP GET...

Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms

High-Tech Bridge Security Research Lab discovered two vulnerabilities in Forma Lms, which can be exploited to perform Cross-Site Scripting XSS attacks against vulnerable website. 1 Reflected Cross-Site Scripting XSS in Forma Lms: CVE-2014-5257 1.1 The vulnerability exists due to insufficient...

Path Traversal in webEdition

High-Tech Bridge Security Research Lab discovered vulnerability in webEdition, which can be exploited to read arbitrary files on the target system. 1 Path Traversal in webEdition: CVE-2014-5258 The vulnerability exists due to insufficient sanitization of the "file" HTTP GET parameter in...

SQL Injection Vulnerability in ArticleFR

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in ArticleFR, which can be exploited to perform SQL Injection attacks and gain complete control over vulnerable website. 1 SQL Injection in ArticleFR: CVE-2014-5097 The vulnerability exists due to insufficient...

Reflected Cross-Site Scripting (XSS) in Jamroom

High-Tech Bridge Security Research Lab discovered vulnerability in Jamroom, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in Jamroom: CVE-2014-5098 The vulnerability exists due to insufficient sanitization of user-supplied data after the...

Reflected Cross-Site Scripting (XSS) in Textpattern

High-Tech Bridge Security Research Lab discovered XSS vulnerability in Textpattern, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application. 1 Reflected Cross-Site Scripting XSS in Textpattern: CVE-2014-4737 The vulnerability exists due to insufficie...

SQL Injection in Е2

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in Е2, which can be exploited to perform SQL injection attacks and gain control over the vulnerable application. 1 SQL Injection in Е2: CVE-2014-4736 The vlnerability exists due to insufficient sanitization of input dat...

Reflected Cross-Site Scripting (XSS) in MyWebSQL

High-Tech Bridge Security Research Lab discovered vulnerability in MyWebSQL, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in MyWebSQL: CVE-2014-4735 The vulnerability is caused by insufficient sanitization of the "table" HTTP GET paramet...

Reflected Cross-Site Scripting (XSS) in e107

High-Tech Bridge Security Research Lab discovered vulnerability in e107, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in e107: CVE-2014-4734 The vulnerability exists due to insufficient sanitization of "type" HTTP GET parameter passed to...

Improper Access Control in ArticleFR

High-Tech Bridge Security Research Lab discovered vulnerability in ArticleFR, which can be exploited to execute arbitrary UPDATE SQL statements, alter information stored in database and gain complete control over the web site. 1 Improper Access Control in ArticleFR: CVE-2014-4170 The vulnerabilit...

Unrestricted Upload of File with Dangerous Type in BoltWire

High-Tech Bridge Security Research Lab discovered vulnerability in BoltWire, which can be exploited to execute arbitrary PHP code on the target system and gain complete control over vulnerable web application. 1 Unrestricted Upload of File with Dangerous Type in BoltWire: CVE-2014-4169 The...

Cross-Site Request Forgery (CSRF) in Kanboard

High-Tech Bridge Security Research Lab discovered vulnerability in Kanboard, which can be exploited to perform Сross-Site Request Forgery CSRF attacks and gain complete control over the vulnerable application. 1. Сross-Site Request Forgery CSRF in Kanboard: CVE-2014-3920 The vulnerability exists...

SQL Injection in Dolphin | HTB23216

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in Dolphin, which can be exploited to perform SQL injection attacks and obtain sensitive information from the application database. 1 SQL Injection in Dolphin: CVE-2014-3810 The vulnerability exists due to insufficient...

Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite

High-Tech Bridge Security Research Lab discovered XSS vulnerability in Storesprite, which can be exploited to perform Cross-Site Scripting attacks. 1 Reflected Cross-Site Scripting XSS in Storesprite: CVE-2014-3737 The vulnerability exists due to insufficient sanitisation of user-supplied data in...

Multiple vulnerabilities in Sharetronix

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Sharetronix, which can be exploited to perform SQL injection and Сross-Site Request Forgery CSRF attacks against vulnerable application. A remote hacker can gain full control over the application. 1 SQL Injection in...

Multiple SQL Injection Vulnerabilities in web2Project

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in web2Project, which can be exploited to perform SQL Injection attacks and gain complete access to vulnerable website. 1 SQL Injection in web2Project: CVE-2014-3119 1.1 The vulnerability exists due to insufficient...

CSRF and Remote Code Execution in EGroupware

High-Tech Bridge Security Research Lab discovered CSRF and Remote Code Execution vulnerabilities in EGroupware, which can be exploited by remote attacker to gain full control over the application and compromise vulnerable system. 1 Сross-Site Request Forgery CSRF in EGroupware: CVE-2014-2987 The...

Сross-Site Request Forgery (CSRF) in TAO

High-Tech Bridge Security Research Lab discovered vulnerability in TAO, which can be exploited to gain complete administrative control over the vulnerable application. 1 Сross-Site Request Forgery CSRF in TAO: CVE-2014-2989 The vulnerability exists due to insufficient verification of the HTTP...

Cross-Site Scripting (XSS) in Offiria

High-Tech Bridge Security Research Lab discovered vulnerability in Offiria, which can be exploited to perform Cross-Site Scripting XSS attacks against users of vulnerable application. 1 Reflected Cross-Site Scripting XSS in Offiria: CVE-2014-2689 The vulnerability exists due to insufficient...

SQL Injection in mAdserve

High-Tech Bridge Security Research Lab discovered multiple SQL injection vulnerabilities in mAdserve, which can be exploited to execute arbitrary SQL commands in application’s database and compromise vulnerable website. 1 SQL Injection in mAdserve: CVE-2014-2654 1.1 The vulnerability exists due t...

SQL Injection in Orbit Open Ad Server

High-Tech Bridge Security Research Lab discovered vulnerability in Orbit Open Ad Server, which can be exploited to perform SQL Injection attacks, alter SQL requests to database of vulnerable application and potentially gain control over the vulnerable website. 1 SQL Injection in Orbit Open Ad...

Сross-Site Request Forgery (CSRF) in XCloner Standalone

High-Tech Bridge Security Research Lab discovered vulnerability in XCloner Standalone, which can be exploited to perform Сross-Site Request Forgery CSRF attacks and gain complete control over the website. 1. Сross-Site Request Forgery CSRF in XCloner Standalone: CVE-2014-2579 1.1 The vulnerabilit...

Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in XCloner Wordpress plugin, which can be exploited to perform a CSRF attack and gain access to a backed-up copy of vulnerable website. Сross-Site Request Forgery CSRF in XCloner Wordpress Plugin: CVE-2014-2340 The vulnerability exis...

Cross-Site Scripting (XSS) in CMSimple

High-Tech Bridge Security Research Lab discovered vulnerability in CMSimple, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in CMSimple: CVE-2014-2219 The vulnerability exists due to insufficient sanitisation of user-supplied data in "d"...

Cross-Site Scripting (XSS) in Open Classifieds

High-Tech Bridge Security Research Lab discovered vulnerability in Open Classifieds, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Open Classifieds: CVE-2014-2024 The vulnerability exists due to insufficient sanitisation of user-supplied data...

Multiple Vulnerabilities in OpenDocMan

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenDocMan, which can be exploited to perform SQL Injection and gain administrative access to the application. 1 SQL Injection in OpenDocMan: CVE-2014-1945 The vulnerability exists due to insufficient validation of...

Cross-Site Scripting (XSS) in Ilch CMS

High-Tech Bridge Security Research Lab discovered vulnerability in Ilch CMS, which can be exploited to perform Cross-Site Scripting XSS attacks against users and administrators of vulnerable application. 1 Cross-Site Scripting XSS in Ilch CMS: CVE-2014-1944 The vulnerability exists due to...

Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in VideoWhisper Live Streaming Integration, which can be exploited to execute arbitrary code on the target system, gain access to potentially sensitive data, perform Cross-Site Scripting XSS attacks against users of...