High-Tech Bridge SA

441 exploits Active since Apr 2010
EIP-2026-106878 EXPLOITDB text WRITEUP
energine 2.3.8 - Multiple Vulnerabilities
CVE-2010-4781 EXPLOITDB text WRITEUP
Enano CMS <1.1.8-1.1.7pl2 - Info Disclosure
index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.
EIP-2026-106848 EXPLOITDB text WORKING POC
Elxis CMS 2009.2 - SQL Injection
EIP-2026-106846 EXPLOITDB text WORKING POC
Elxis 2009.2 rev2631 - SQL Injection
CVE-2012-5874 EXPLOITDB text WORKING POC
Elite Bulletin Board < 2.1.22 - SQL Injection via PATH_INFO
Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.
CVE-2012-1039 EXPLOITDB text WORKING POC
Dotclear < 2.4.2 - Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
EIP-2026-106684 EXPLOITDB text WRITEUP
E2 Photo Gallery 0.9 - 'index.php' Cross-Site Scripting
EIP-2026-106666 EXPLOITDB text WORKING POC
e107 CMS 0.7.19 - Cross-Site Request Forgery
EIP-2026-106658 EXPLOITDB text WORKING POC
e107 0.7.x - '/e107_admin/banner.php' SQL Injection
EIP-2026-106655 EXPLOITDB text WORKING POC
e107 0.7.23 - SQL Injection
EIP-2026-106654 EXPLOITDB text WORKING POC
e107 0.7.23 - Multiple SQL Injections
EIP-2026-106614 EXPLOITDB text WORKING POC
DZCP (deV!L_z Clanportal) 1.5.4 - Local File Inclusion
CVE-2010-4401 EXPLOITDB text WORKING POC
DynPG CMS 4.2.0 - Sensitive Information Exposure via languages.inc.php Direct Request
languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
EIP-2026-106599 EXPLOITDB html WORKING POC
DSite CMS 4.81 - 'modmenu.php' Cross-Site Scripting
CVE-2012-1039 EXPLOITDB text WORKING POC
Dotclear < 2.4.2 - Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
CVE-2012-1039 EXPLOITDB text WORKING POC
Dotclear < 2.4.2 - Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
CVE-2012-1039 EXPLOITDB html WORKING POC
Dotclear < 2.4.2 - Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
CVE-2014-1459 EXPLOITDB text WORKING POC
doorGets CMS <= 5.2 - Authenticated SQL Injection via _position_down_id Parameter
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVE-2011-4802 EXPLOITDB text WRITEUP
Dolibarr < 3.1.0 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
CVE-2011-4802 EXPLOITDB text WRITEUP
Dolibarr < 3.1.0 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
CVE-2011-4802 EXPLOITDB text WRITEUP
Dolibarr < 3.1.0 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
CVE-2011-4814 EXPLOITDB text WORKING POC
Dolibarr < 3.1.0 - Cross-Site Scripting via PATH_INFO and optioncss Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php.
CVE-2013-6341 EXPLOITDB text WRITEUP
Dokeos < 2.2 - SQL Injection via Language Parameter
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
EIP-2026-106484 EXPLOITDB html WORKING POC
Docebo 3.6 - 'description' Cross-Site Scripting
CVE-2010-4850 EXPLOITDB html WORKING POC
Diferior 8.03 - Stored Cross-Site Scripting via Post Content or Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php.