High-Tech Bridge SA

441 exploits Active since Apr 2010
CVE-2010-5317 EXPLOITDB WORKING POC
SweetRice CMS <0.6.7.1 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action.
CVE-2013-3515 EXPLOITDB text WORKING POC
OpenX < 2.8.10 - Cross-Site Scripting via Package or Group Parameter
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
CVE-2013-1468 EXPLOITDB text WORKING POC
Piwigo < 2.4.7 - Cross-Site Request Forgery via LocalFiles Editor Plugin
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.
CVE-2012-5243 EXPLOITDB text WORKING POC
Banana Dance <B.2.6 - Info Disclosure
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
CVE-2012-5242 EXPLOITDB text WORKING POC
Banana Dance <B.2.6 - Path Traversal
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
CVE-2015-3986 EXPLOITDB text WORKING POC
TheCartPress eCommerce Shopping Cart < 1.3.9 - Cross-Site Request Forgery via tcp_box_path Parameter
Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
CVE-2015-3301 EXPLOITDB text WORKING POC
TheCartPress <1.3.9.3 - Path Traversal
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
CVE-2015-3300 EXPLOITDB text WORKING POC
TheCartPress eCommerce Shopping Cart < 1.3.9 - Cross-Site Scripting via Multiple Input Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php.
CVE-2014-2579 EXPLOITDB text WRITEUP
XCloner < 3.5 - Cross-Site Request Forgery via Administrator Password Change or Database Backup
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.
CVE-2013-5692 EXPLOITDB text WRITEUP
X2Engine X2CRM < 3.5 - Authenticated Path Traversal via Translation Manager File Parameter
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
CVE-2013-5640 EXPLOITDB text WRITEUP
Gnew 2013.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors.
CVE-2013-5639 EXPLOITDB text WRITEUP
Gnew < 2013.1 - Path Traversal via gnew_language Cookie
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.
CVE-2012-5876 EXPLOITDB text WORKING POC
Nero MediaHome < 4.5.8.0 - Denial of Service via Long HTTP Request or Referer Header
Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow.
CVE-2012-4901 EXPLOITDB text WORKING POC
Template CMS < 2.1.1 - Cross-Site Scripting via themes_editor Parameter
Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php.
CVE-2012-2208 EXPLOITDB text WRITEUP
Piwigo < 2.3.3 - Remote File Inclusion via Upgrade Language Parameter
Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2012-1935 EXPLOITDB text WRITEUP
Newscoop 3.5.x < 3.5.5 and 4.x < 4 RC4 - Cross-Site Scripting via Back Parameter or Token/Email Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php.
CVE-2012-1934 EXPLOITDB text WRITEUP
Newscoop - SQL Injection via f_country_code Parameter
SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter.
CVE-2012-1933 EXPLOITDB text WRITEUP
Newscoop 3.5.x < 3.5.5 and 4 < RC4 - Remote Code Execution via GLOBALS[g_campsiteDir] Parameter
Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php.
CVE-2015-4118 EXPLOITDB text WRITEUP
ISPConfig < 3.0.5.4 - Authenticated SQL Injection via server Parameter
SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2.
CVE-2015-2294 EXPLOITDB text WRITEUP
pfSense < 2.2.1 - Cross-Site Scripting via Multiple WebGUI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit action to services_unbound_acls.php; or (6) filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries_destinationipaddress, (10) filterlogentries_interfaces, (11) filterlogentries_destinationport, (12) filterlogentries_protocolflags, or (13) filterlogentries_qty parameter to diag_logs_filter.php.
CVE-2013-2712 EXPLOITDB text WRITEUP
KrisonAV CMS < 3.0.2 - Cross-Site Scripting via Content Parameter
Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
CVE-2010-4612 EXPLOITDB text WORKING POC
Hycus CMS 1.0.3 - SQL Injection via user_name, usr_email, useremail, or q Parameter
Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information.
CVE-2010-4610 EXPLOITDB text WORKING POC
Html-edit CMS 3.1.8 - Cross-Site Scripting via Error Parameter
Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2010-4609 EXPLOITDB text WORKING POC
Html-edit CMS 3.1.8 - SQL Injection via nuser Parameter
SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.
CVE-2010-4607 EXPLOITDB text WRITEUP
Habari 0.6.5 - Cross-Site Scripting via additem_form and status_data Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.