559 matches found
Multiple Vulnerabilities in KrisonAV CMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in KrisonAV CMS, which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-Site Scripting XSS vulnerability in KrisonAV CMS: CVE-2013-2712 The vulnerability exists due to...
Multiple XSS in Hero Framework
High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Hero Framework, which can be exploited to perform cross-site scripting attacks against vulnerable application. 1 Multiple XSS in Hero Framework: CVE-2013-2649 1.1 The vulnerability exists due to insufficient sanitisation...
SQL Injection Vulnerability in Symphony
High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in Symphony, which can be exploited to alter SQL requests to database of the vulnerable application. 1 SQL Injection in Symphony: CVE-2013-2559 The vulnerability exists due to insufficient filtration of "sort" HTTP GET...
Path Traversal in AWS XMS
High-Tech Bridge Security Research Lab discovered path traversal vulnerability in AWS XMS, which can be exploited to read contents of arbitrary files. 1 Path Traversal in AWS XMS: CVE-2013-2474 The vulnerability exists due to insufficient filtration of "what" HTTP GET parameter passed to...
PHP Code Injection in FUDforum
High-Tech Bridge Security Research Lab discovered vulnerability in FUDforum, which can be exploited to execute arbitrary PHP code on the target system. 1 PHP Code Injection in FUDforum: CVE-2013-2267 The vulnerability exists due to insufficient validation of HTTP POST parameters "regexstr",...
OS Command Injection in CosCms
High-Tech Bridge Security Research Lab discovered vulnerability in CosCms, which can be exploited to execute arbitrary OS commands on web server where the vulnerable application is hosted. 1 OS Command Injection in CosCms: CVE-2013-1668 Vulnerability exists due to insufficient validation of...
Multiple Vulnerabilities in Piwigo
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Piwigo, which can be exploited to perform Сross-Site Request Forgery and Path Traversal attacks. 1 Сross-Site Request Forgery CSRF in Piwigo: CVE-2013-1468 The vulnerability exists due to insufficient verificatio...
Cross-Site Scripting (XSS) in Geeklog
High-Tech Bridge Security Research Lab discovered vulnerability in Geeklog that can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Geeklog: CVE-2013-1470 The vulnerability exists due to insufficient filtration of user-supplied data in "calendartype" HTTP...
Multiple Cross-Site Scripting (XSS) in glFusion
High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in glFusion, which can be exploited to perform Cross-Site Scripting attacks. glFusion has a "badbehaviour" plugin installed by default that verifies HTTP Referer, aimed to protect against spambots. The plugin also make...
Multiple Cross-Site Scripting (XSS) vulnerabilities in GetSimple CMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in GetSimple CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. The application has XSS filter, however it can be bypassed as demonstrated below. 1 Cross-Site Scripting XSS in GetSimple CMS:...
SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin
High-Tech Bridge Security Research Lab discovered vulnerability in Wysija Newsletters WordPress plugin, which can be exploited to perform SQL Injection attacks. 1 SQL Injections in Wysija Newsletters WordPress plugin: CVE-2013-1408 The vulnerabilities exist due to insufficient filtration of...
Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin
High-Tech Bridge Security Research Lab discovered vulnerability in CommentLuv WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in CommentLuv wordpress plugin: CVE-2013-1409 The vulnerability exists due to insufficient filtration of...
Multiple XSS vulnerabilities in Events Manager WordPress plugin
High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in Events Manager WordPress plugin, which can be exploited to perform Cross-Site Scripting attacks. 1 Multiple XSS vulnerabilities in Events Manager WordPress plugin: CVE-2013-1407 1.1 The vulnerability exists due to...
Cross-Site Scripting (XSS) vulnerability in gpEasy
High-Tech Bridge Security Research Lab discovered vulnerability in gpEasy, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in gpEasy: CVE-2013-0807 The vulnerability exists due to insufficient sanitisation of user-supplied data in "section" HTTP GET...
Multiple Vulnerabilities in jforum
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in jforum, which can be exploited to perform Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attacks. 1 Multiple Cross-Site scripting XSS vulnerabilities in jforum: CVE-2012-6445 1.1 The vulnerability exists d...
Remote Buffer Overflow Vulnerability in Samsung Kies
High-Tech Bridge Security Research Lab has discovered buffer overflow vulnerability in Samsung Kies, which can be exploited to execute arbitrary code on vulnerable system. 1 Buffer overflow in Samsung Kies: CVE-2012-6429 The vulnerability exists due to insufficient sanitisation of input data in t...
Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart
High-Tech Bridge Security Research Lab discovered XSS vulnerability in Quick.Cms and Quick.Cart - two products developed by OpenSolution team, which can be exploited to perform cross-site scripting attacks. 1. Cross-Site Scripting XSS vulnerability in Quick.Cms and Quick.Cart: CVE-2012-6430 The...
SQL Injection Vulnerability in ImageCMS
High-Tech Bridge Security Research Lab discovered vulnerability in ImageCMS, which can be exploited to perform SQL injection attacks. 1 SQL injection vulnerability in ImageCMS: CVE-2012-6290 The vulnerability exists due to insufficient filtration of the "q" HTTP GET parameter passed to...
Multiple SQL Injection Vulnerabilities in Elite Bulletin Board
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Elite Bulletin Board, which can be exploited to perform SQL injection attacks. 1 Multiple SQL injection vulnerabilities in Elite Bulletin Board: CVE-2012-5874 The vulnerabilities exist due to insufficient sanitation of...
Novell GroupWise Multiple Remote Code Execution Vulnerabilities
High-Tech Bridge Security Research Lab discovered multiple untrusted pointer dereference vulnerabilities in Novell GroupWise, which could be exploited to compromise a remote system. 1 Untrusted Pointer Dereference in Novell GroupWise: CVE-2013-0804 1.1 The vulnerability exists due to an untrusted...
Nero MediaHome Multiple Remote DoS Vulnerabilities
High-Tech Bridge Security Research Lab has discovered multiple DoS vulnerabilities in Nero Media Home server, which could be exploited by a malicious person to crash the server remotely. 1 Off-by-one errors in Nero MediaHome server: CVE-2012-5876 1.1 The vulnerability exists due to an off-by-one...
FireFly Media Server Multiple Remote DoS Vulnerabilities
High-Tech Bridge Security Research Lab has discovered multiple remote denial of service DoS vulnerabilities in FireFly Media Server, which could be exploited by a malicious person to crash a remote server. 1 Multiple NULL pointer dereference vulnerabilities in FireFly Media Server: CVE-2012-5875...
McAfee Virtual Technician ActiveX Control Insecure Method
High-Tech Bridge Security Research Lab discovered vulnerability in McAfee Virtual Technician ActiveX control, which can be exploited by remote malicious person to overwrite arbitrary files with garbage data on a vulnerable system. 1 Insecure method in McAfee Virtual Technician ActiveX control:...
Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework (SPF)
High-Tech Bridge Security Research Lab discovered multiple command execution vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine remotely. Similar vulnerabilities were discovered...
Multiple vulnerabilities in Achievo
High-Tech Bridge Security Research Lab discovered two vulnerabilities in Achievo, which can be exploited to perform SQL injection and cross-site scripting XSS attacks. 1 SQL Injection vulnerability in Achievo: CVE-2012-5865 The vulnerability was discovered in the "dispatch.php" script while...
Multiple SQL Injection vulnerabilities in ClipBucket
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in ClipBucket, which can be exploited to perform SQL Injection attacks. 1 Multiple SQL Injections in ClipBucket: CVE-2012-5849 1.1 The vulnerability exists due to improper sanitation of input in multiple parameters within...
Multiple vulnerabilities in dotProject
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in dotProject, which can be exploited to perform SQL injection and cross-site scripting XSS attacks. 1 SQL Injection in dotProject: CVE-2012-5701 High-Tech Bridge Security Research Lab has discovered multiple SQL injection...
Multiple vulnerabilities in BabyGekko
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in BabyGekko, which can be exploited to include local PHP files, perform SQL Injection and Cross-Site Scripting XSS attacks. 1 Multiple SQL Injections in BabyGekko: CVE-2012-5698 Two SQL injections exist in BabyGekko...
Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine. The research was inspired by the vulnerability found by Jon Passki http://osvdb.org/85873. Even if the...
Cross-Site Request Forgery (CSRF) in CMS Made Simple
High-Tech Bridge Security Research Lab discovered vulnerability in CMS Made Simple, which can be exploited to perform cross-site request forgery CSRF attacks. 1. Сross-Site Request Forgery CSRF in CMS Made Simple: CVE-2012-5450 The application allows authorized administrator to perform certain...
TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities
High-Tech Bridge Security Research Lab has discovered 2 remote DoS vulnerabilities in TVMOBiLi Media server, which could be exploited to crash remote server with malicious HTTP requests. 1 Improper Handling of Length Parameter Inconsistency in TVMOBiLi: CVE-2012-5451 1.1 The vulnerability exists...
SQL Injection Vulnerability in OrangeHRM
High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in OrangeHRM, which could be exploited to alter SQL requests to application's database. 1 SQL Injection Vulnerability in Orange HRM: CVE-2012-5367 The vulnerability was discovered in the "/symfony/web/index.php" script...
Multiple vulnerabilities in Banana Dance
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Banana Dance, which can be exploited to gain access to sensitive information, perform SQL injection attacks and compromise vulnerable system. 1 PHP File Inclusion in Banana Dance: CVE-2012-5242 Input passed via the "nam...
Multiple vulnerabilities in AContent
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in AContent, which can be exploited to bypass authentication and to perform Cross-Site Scripting XSS and SQL Injection attacks. 1 SQL Injection in AContent: CVE-2012-5167 1.1 The vulnerability exists due to insufficient...
Multiple vulnerabilities in OpenX
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to perform Cross-Site Scripting XSS and SQL Injection attacks. 1 Cross-Site Scripting XSS in OpenX: CVE-2012-4989 Input passed via the "parent" GET parameter to /www/admin/plugin-index.php ...
Untrusted Pointer Dereference Vulnerability in Corel WordPerfect X6
High-Tech Bridge Security Research Lab discovered an untrusted pointer dereference vulnerability in Corel WordPerfect. Opening of a malicious WPD WordPerfect Document causes immediate application crash, resulting in a loss of all unsaved current application data of the user. 1 Untrusted Pointer...
Multiple vulnerabilities in Template CMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Template CMS, which can be exploited to perform Cross-Site Scripting XSS and Сross-Site Request Forgery CSRF attacks. 1 Cross-Site Scripting XSS in Template CMS: CVE-2012-4901 Input passed via the "themeseditor" POST...
Multiple vulnerabilities in Subrion CMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Subrion CMS, which can be exploited to perform Cross-Site Scripting XSS, SQL Injection and Сross-Site Request Forgery CSRF attacks. 1 SQL Injection in Subrion CMS: CVE-2012-4772 Input passed via the "planid" POST...
Multiple NULL Pointer Dereference Vulnerabilities in Corel Quattro Pro X6
High-Tech Bridge Security Research Lab discovered two null pointer dereference vulnerabilities in Corel Quattro Pro. Opening of a malicious QPW Quattro Pro Spreadsheet document causes immediate application crash, resulting in a loss of all unsaved current application data of the user. 1 Multiple...
Multiple vulnerabilities in TCExam
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in TCExam, which can be exploited to perform Cross-Site Scripting XSS and SQL injection attacks. 1 SQL Injection in TCExam: CVE-2012-4601 1.1 Input passed via the "usergroups" POST parameter to /admin/code/tceedittest.php ...
Cross-Site Scripting (XSS) Vulnerabilities in Flogr
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Flogr, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS Vulnerabilities in Flogr: CVE-2012-4336 Input appended to the URL after /index.php is not properly sanitised before...
Cross-Site Scripting (XSS) in Phorum
High-Tech Bridge Security Research Lab discovered vulnerability in Phorum, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Phorum: CVE-2012-4234 Input passed via the "group" GET parameter to /control.php is not properly sanitised before being...
Privilege Escalation Vulnerability in Microsoft Windows
High-Tech Bridge Security Research Lab has discovered a vulnerability in Microsoft Windows which could be exploited to escalate privileges under certain conditions. The vulnerability exists due to the “IKE and AuthIP IPsec Keying Modules” system service, which tries to load the “wlbsctrl.dll” DLL...
Multiple vulnerabilities in jCore
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in jCore, which can be exploited to perform Cross-Site Scripting XSS and SQL Injection attacks. 1 SQL Injection in jCore: CVE-2012-4232 1.1 Input passed via the "memberloginid" COOKIE parameter to /admin/index.php is not...
Multiple Vulnerabilities in LibreOffice
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LibreOffice which could be exploited to perform denial of service DoS attacks. 1 Multiple vulnerabilities in LibreOffice: CVE-2012-4233 1.1 NULL pointer dereference error was found in the vcllo.dll while processi...
Cross-Site Scripting (XSS) in Jease
High-Tech Bridge Security Research Lab discovered vulnerability in Jease, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Jease: CVE-2012-4052 Input passed via the "author", "subject" and "comment" POST parameters when creating a new comment is no...
Multiple vulnerabilities in PBBoard
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in PBBoard, which can be exploited to perform SQL injection attacks, change password of arbitrary user and create arbitrary files in folder of the vulnerable application. 1 Multiple SQL Injections in PBBoard: CVE-2012-4034...
Multiple Vulnerabilities in phpList
High-Tech Bridge Security Research Lab has discovered multiple vulnerabilities in phpList, which can be exploited to perform Cross-Site Scripting XSS and SQL Injection attacks against the vulnerable application. 1 Cross-Site Scripting XSS in phpList: CVE-2012-3952 Input passed via the "unconfirme...
Cross-Site Scripting (XSS) in Redaxo
High-Tech Bridge Security Research Lab has discovered vulnerability in Redaxo, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Redaxo: CVE-2012-3869 1.1 Input passed via the "subpage" GET parameter to /redaxo/index.php when "page" is set to "user"...
Multiple vulnerabilities in Samsung Kies
High-Tech Bridge Security Research Lab has discovered multiple vulnerabilities in Samsung Kies synchronization utility that allows remote attacker to compromise affected system, execute and modify arbitrary files, modify arbitrary directories and modify System Registry with privileges of the...