High-Tech Bridge SA

441 exploits Active since Apr 2010
CVE-2011-1670 EXPLOITDB text WORKING POC
InTerra Blog Machine <1.84 - XSS
Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit.
CVE-2011-1670 EXPLOITDB text WORKING POC
InTerra Blog Machine <1.84 - XSS
Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit.
CVE-2013-6839 EXPLOITDB text WORKING POC
Instantsoft Instantcms < 1.10.3 - SQL Injection
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].
EIP-2026-107845 EXPLOITDB text WORKING POC
Injader CMS - Multiple Vulnerabilities
EIP-2026-107812 EXPLOITDB text WRITEUP
ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injections
EIP-2026-107807 EXPLOITDB text WORKING POC
ImpressCMS 1.2.x - 'quicksearch_ContentContent' HTML Injection
CVE-2012-6290 EXPLOITDB text WRITEUP
Imagecms < 4.0.0 - SQL Injection
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
CVE-2014-1944 EXPLOITDB text WRITEUP
Ilch CMS <=2.0 - XSS
Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.
EIP-2026-107728 EXPLOITDB text WORKING POC
IceBB 1.0-rc10 - Multiple Vulnerabilities
CVE-2010-4613 EXPLOITDB text WORKING POC
Hycus Cms - Path Traversal
Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php.
CVE-2010-4963 EXPLOITDB text WORKING POC
Hulihan BXR 0.6.8 - SQL Injection
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
EIP-2026-107672 EXPLOITDB text WORKING POC
Hulihan Applications Amethyst 0.1.5 - Multiple HTML Injection Vulnerabilities
CVE-2010-4611 EXPLOITDB text WORKING POC
Html-edit Cms - Information Disclosure
Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message.
CVE-2013-7139 EXPLOITDB text WRITEUP
Horizon QCMS <4.0 - SQL Injection
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
EIP-2026-107474 EXPLOITDB html WORKING POC
Grafik CMS - '/admin.php' SQL Injection / Cross-Site Scripting
CVE-2010-2038 EXPLOITDB text WORKING POC
Gpeasy Cms - XSS
Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2013-0807 EXPLOITDB text WORKING POC
gpEasy CMS <3.5.2 - XSS
Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.
EIP-2026-107456 EXPLOITDB text WORKING POC
Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2013-7349 EXPLOITDB text WRITEUP
Gnew 2013.1 - SQL Injection
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates.
EIP-2026-107435 EXPLOITDB text WRITEUP
GLPi 0.90.2 - SQL Injection
CVE-2013-5696 EXPLOITDB text WORKING POC
Glpi < 0.84.1 - CSRF
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
CVE-2013-1466 EXPLOITDB text WORKING POC
Glfusion < 1.2.2.pl3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.
CVE-2010-5052 EXPLOITDB text WORKING POC
GetSimple CMS 2.01 - XSS
Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter.
CVE-2010-4863 EXPLOITDB html WORKING POC
GetSimple CMS 2.01 - XSS
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter.
EIP-2026-107375 EXPLOITDB text WORKING POC
Gekko Web Builder 9.0 - 'index.php' Cross-Site Scripting