High-Tech Bridge SA

441 exploits Active since Apr 2010
EIP-2026-109483 EXPLOITDB text WORKING POC
miniblog 1.0 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-109481 EXPLOITDB text WORKING POC
MiniBB 2.5 - SQL Injection
EIP-2026-109411 EXPLOITDB text WORKING POC
MemHT Portal 4.0.1 - Persistent Cross-Site Scripting
CVE-2015-8356 EXPLOITDB HIGH text WORKING POC
Bitrix mcart.xls <6.5.2 - SQL Injection
Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.
CVSS 8.0
EIP-2026-109364 EXPLOITDB text WRITEUP
MBoard 1.3 - 'url' Open Redirection
EIP-2026-109218 EXPLOITDB text WORKING POC
LotusCMS 3.0.3 - Multiple Vulnerabilities
CVE-2014-0793 EXPLOITDB text WORKING POC
Stackideas Komento < 1.7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.
EIP-2026-109148 EXPLOITDB text WRITEUP
Limny 2.1 - 'q' Cross-Site Scripting
EIP-2026-109130 EXPLOITDB text WORKING POC
LightNEasy 3.2.2 - Multiple Vulnerabilities
EIP-2026-109095 EXPLOITDB text WRITEUP
LEPTON 1.1.3 - Cross-Site Scripting
EIP-2026-109066 EXPLOITDB text WORKING POC
Lantern CMS - '11-login.asp' Cross-Site Scripting
CVE-2013-2713 EXPLOITDB text WRITEUP
KrisonAV CMS <3.0.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.
CVE-2012-0988 EXPLOITDB text WORKING POC
KnowledgeTree 3.7.0.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) login.php, (2) admin.php, or (3) preferences.php.
CVE-2013-3729 EXPLOITDB text WORKING POC
Kasseler-cms < 2 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.
EIP-2026-108966 EXPLOITDB text WORKING POC
Kandidat CMS 1.4.2 - Persistent Cross-Site Scripting
CVE-2012-3805 EXPLOITDB text WORKING POC
Kajona < 3.4.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information.
EIP-2026-108958 EXPLOITDB text WRITEUP
kaibb 1.0.1 - Multiple Vulnerabilities
CVE-2014-0794 EXPLOITDB text WRITEUP
Joomla Com Jvcomment - XSS
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
CVE-2013-3081 EXPLOITDB text WORKING POC
Jojo <1.2.2 - SQL Injection
SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/.
CVE-2010-5048 EXPLOITDB html WORKING POC
JoomlaTune JComments <2.1.0.0 - XSS
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php.
CVE-2013-3082 EXPLOITDB text WORKING POC
Jojo <1.2.2 - XSS
Cross-site scripting (XSS) vulnerability in plugins/jojo_core/forgot_password.php in Jojo before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter to forgot-password/.
EIP-2026-108022 EXPLOITDB text WORKING POC
iTop 2.2.1 - Cross-Site Request Forgery
CVE-2010-2463 EXPLOITDB text WORKING POC
Jamroom < 4.1.8 - XSS
Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action.
EIP-2026-108029 EXPLOITDB text WORKING POC
JAF CMS 4.0 rc2 - Multiple Vulnerabilities
CVE-2015-4119 EXPLOITDB text WRITEUP
Ispconfig < 3.0.5.4 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php.