High-Tech Bridge SA

441 exploits Active since Apr 2010
EIP-2026-106437 EXPLOITDB text WORKING POC
Diem 5.1.2 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2010-3024 EXPLOITDB html WORKING POC
DiamondList 0.1.6 - Cross-Site Request Forgery in User Update Function
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
CVE-2010-3023 EXPLOITDB text WORKING POC
DiamondList 0.1.6 - Cross-Site Scripting via Category Description and Site Title Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml.
CVE-2010-3023 EXPLOITDB text WORKING POC
DiamondList 0.1.6 - Cross-Site Scripting via Category Description and Site Title Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml.
CVE-2011-5318 EXPLOITDB text WORKING POC
diafan.cms < 5.0 - Cross-Site Request Forgery via Admin Actions
Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/.
CVE-2012-0990 EXPLOITDB text WORKING POC
DClassifieds 0.1 final - Cross-Site Request Forgery via Admin Settings Update
Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters.
EIP-2026-106373 EXPLOITDB text WORKING POC
DBHcms 1.1.4 - 'dbhcms_user/SearchString' SQL Injection
EIP-2026-106366 EXPLOITDB text WORKING POC
Dating Pro Genie 2015.7 - Cross-Site Request Forgery
EIP-2026-106348 EXPLOITDB text WORKING POC
dalbum 1.43 - Multiple Vulnerabilities
EIP-2026-106347 EXPLOITDB text WRITEUP
Dalbum 1.43 - 'editini.php' Cross-Site Scripting
CVE-2012-1001 EXPLOITDB MEDIUM text WORKING POC
Chyrp < 2.1.2 - Cross-Site Scripting via Content or Body Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
CVSS 6.1
CVE-2010-5025 EXPLOITDB text WRITEUP
CuteSITE CMS 1.2.3 and 1.5.0 - Cross-Site Scripting via fld_path Parameter
Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fld_path parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-5024 EXPLOITDB text WORKING POC
CuteSITE CMS <1.5.0 - SQL Injection
SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the user_id parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-106274 EXPLOITDB text WORKING POC
CubeCart 6.0.10 - Multiple Vulnerabilities
CVE-2013-4789 EXPLOITDB text WRITEUP
Cotonti Siena < 0.9.14 - SQL Injection via RSS Module c Parameter
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
CVE-2013-1668 EXPLOITDB text WORKING POC
CosCMS < 1.822 - Authenticated OS Command Injection via Uploaded File Name
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
EIP-2026-106140 EXPLOITDB text WORKING POC
Contenido CMS 4.8.12 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-106139 EXPLOITDB text WORKING POC
Contenido CMS 4.8.12 - Cross-Site Scripting
EIP-2026-106114 EXPLOITDB text WORKING POC
CompuCMS - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
EIP-2026-106094 EXPLOITDB text WORKING POC
CompactCMS 1.4.1 - SQL Injection
EIP-2026-106091 EXPLOITDB text WORKING POC
CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities (1)
EIP-2026-106059 EXPLOITDB text WORKING POC
Collabtive 0.6.5 - Multiple Remote Input Validation Vulnerabilities
EIP-2026-106029 EXPLOITDB text WORKING POC
CMSQLite - SQL Injection
EIP-2026-106015 EXPLOITDB html WORKING POC
CMSimple 3.3 - Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-106009 EXPLOITDB text WORKING POC
CMScout 2.09 - Cross-Site Request Forgery