High-Tech Bridge SA

441 exploits Active since Apr 2010
CVE-2011-1670 EXPLOITDB text WORKING POC
InTerra Blog Machine 1.84 - Cross-Site Scripting via Subject Parameter
Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit.
CVE-2011-1670 EXPLOITDB text WORKING POC
InTerra Blog Machine 1.84 - Cross-Site Scripting via Subject Parameter
Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit.
CVE-2013-6839 EXPLOITDB text WORKING POC
InstantCMS < 1.10.3 - SQL Injection via OrderBy Parameter
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].
EIP-2026-107845 EXPLOITDB text WORKING POC
Injader CMS - Multiple Vulnerabilities
EIP-2026-107812 EXPLOITDB text WRITEUP
ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injections
EIP-2026-107807 EXPLOITDB text WORKING POC
ImpressCMS 1.2.x - 'quicksearch_ContentContent' HTML Injection
CVE-2012-6290 EXPLOITDB text WRITEUP
ImageCMS < 4.2 - Authenticated SQL Injection via Admin Search Parameter
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
CVE-2014-1944 EXPLOITDB text WRITEUP
ilch_cms < 2.0 - Cross-Site Scripting via Guestbook Text Parameter
Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.
EIP-2026-107728 EXPLOITDB text WORKING POC
IceBB 1.0-rc10 - Multiple Vulnerabilities
CVE-2010-4613 EXPLOITDB text WORKING POC
Hycus CMS 1.0.3 - Path Traversal via Site Parameter
Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php.
CVE-2010-4963 EXPLOITDB text WORKING POC
Hulihan BXR 0.6.8 - SQL Injection via order_by Parameter
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
EIP-2026-107672 EXPLOITDB text WORKING POC
Hulihan Applications Amethyst 0.1.5 - Multiple HTML Injection Vulnerabilities
CVE-2010-4611 EXPLOITDB text WORKING POC
html-edit CMS 3.1.8 - Exposure of Sensitive Information via Direct Request to Core Files
Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message.
CVE-2013-7139 EXPLOITDB text WRITEUP
Horizon Quick Content Management System <= 4.0 - SQL Injection via Download Category Parameter
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
EIP-2026-107474 EXPLOITDB html WORKING POC
Grafik CMS - '/admin.php' SQL Injection / Cross-Site Scripting
CVE-2010-2038 EXPLOITDB text WORKING POC
gpEasy CMS 1.6.2 - Authenticated Stored Cross-Site Scripting via gpcontent Parameter
Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2013-0807 EXPLOITDB text WORKING POC
gpEasy CMS < 3.5.2 - Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.
EIP-2026-107456 EXPLOITDB text WORKING POC
Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2013-7349 EXPLOITDB text WRITEUP
Gnew 2013.1 - SQL Injection via news_id, thread_id, or user_email Parameter
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates.
EIP-2026-107435 EXPLOITDB text WRITEUP
GLPi 0.90.2 - SQL Injection
CVE-2013-5696 EXPLOITDB text WORKING POC
GLPI < 0.84.2 - Cross-Site Request Forgery and SQL Injection via Install Script
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
CVE-2013-1466 EXPLOITDB text WORKING POC
glFusion < 1.2.2.pl4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.
CVE-2010-5052 EXPLOITDB text WORKING POC
GetSimple CMS 2.01 - Cross-Site Scripting via val[] Parameter
Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter.
CVE-2010-4863 EXPLOITDB html WORKING POC
GetSimple CMS 2.01 - Stored Cross-Site Scripting via Post-Title Parameter
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter.
EIP-2026-107375 EXPLOITDB text WORKING POC
Gekko Web Builder 9.0 - 'index.php' Cross-Site Scripting