High-Tech Bridge SA

441 exploits Active since Apr 2010
EIP-2026-107260 EXPLOITDB html WORKING POC
Frog CMS 0.9.5 - Multiple Vulnerabilities
EIP-2026-107222 EXPLOITDB text WORKING POC
Free Simple CMS 1.0 - Multiple Vulnerabilities
EIP-2026-107210 EXPLOITDB text WORKING POC
Free Help Desk 1.1b - Multiple Input Validation Vulnerabilities
CVE-2015-7984 EXPLOITDB text WORKING POC
Horde <5.2.8-5.2.11 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
EIP-2026-107586 EXPLOITDB text WORKING POC
HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2010-4608 EXPLOITDB text WRITEUP
Habari - Information Disclosure
Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message.
EIP-2026-107549 EXPLOITDB text WRITEUP
Habari 0.6.5 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-106820 EXPLOITDB text WORKING POC
Eleanor CMS - Cross-Site Scripting / Multiple SQL Injections
CVE-2014-2987 EXPLOITDB text WORKING POC
Egroupware < 1.6.001 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988.
EIP-2026-106792 EXPLOITDB text WORKING POC
eFront 3.6.x - Multiple Cross-Site Scripting / SQL Injections
EIP-2026-106771 EXPLOITDB text WORKING POC
Edit-X PHP CMS - 'search_text' Cross-Site Scripting
CVE-2010-4852 EXPLOITDB text WORKING POC
Eclime 1.1.2b - XSS
Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action.
CVE-2010-5046 EXPLOITDB text WORKING POC
ecoCMS - XSS
Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter.
EIP-2026-107138 EXPLOITDB text WORKING POC
Flatpress 0.1010.1 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-107076 EXPLOITDB text WORKING POC
FestOS 2.3 - 'contents' Cross-Site Scripting
EIP-2026-107072 EXPLOITDB text WORKING POC
Feng Office 1.7.3.3 - Cross-Site Request Forgery
EIP-2026-107047 EXPLOITDB text WORKING POC
FanUpdate 3.0 - 'pageTitle' Cross-Site Scripting
EIP-2026-107020 EXPLOITDB text WORKING POC
F3Site 2011 alfa 1 - Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-106975 EXPLOITDB text WORKING POC
Extcalendar 2.0b2 - 'cal_search.php' SQL Injection
CVE-2013-3294 EXPLOITDB text WORKING POC
Exponent CMS <2.2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
EIP-2026-106733 EXPLOITDB text WORKING POC
EasyPublish CMS 23.04.2010 - URI Cross-Site Scripting
EIP-2026-106922 EXPLOITDB text WORKING POC
etomite 1.1 - Multiple Vulnerabilities
EIP-2026-106898 EXPLOITDB text WORKING POC
epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-106895 EXPLOITDB text WRITEUP
eoCMS 0.9.04 - Multiple Vulnerabilities
CVE-2010-4185 EXPLOITDB text WORKING POC
Energine < 2.3.8 - SQL Injection
SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie.