High-Tech Bridge SA

441 exploits Active since Apr 2010
EIP-2026-105999 EXPLOITDB text WORKING POC
CMS Source - Multiple Input Validation Vulnerabilities
CVE-2012-5849 EXPLOITDB text WORKING POC
Clip-bucket Clipbucket < 2.6 - SQL Injection
Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php.
EIP-2026-105897 EXPLOITDB text WORKING POC
Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-105871 EXPLOITDB text WRITEUP
ClanSphere 2010.0 Final - Multiple Vulnerabilities
CVE-2012-1001 EXPLOITDB MEDIUM text WORKING POC
Chyrp <2.1.2, <2.5 Beta 2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
CVSS 6.1
CVE-2011-5214 EXPLOITDB text WORKING POC
Browsercrm < 5.100.01 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
CVE-2013-6787 EXPLOITDB text WRITEUP
Chamilo Lms < 1.9.6 - SQL Injection
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
CVE-2015-6545 EXPLOITDB text WORKING POC
Webgroupmedia Cerb < 7.0.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
EIP-2026-105698 EXPLOITDB text WORKING POC
Cambio 0.5a - Cross-Site Request Forgery
EIP-2026-105697 EXPLOITDB text WORKING POC
Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injections
EIP-2026-105667 EXPLOITDB html WORKING POC
BXR 0.6.8 - Cross-Site Request Forgery
CVE-2013-7137 EXPLOITDB CRITICAL text WRITEUP
Burden <1.8.1 - Auth Bypass
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
CVSS 9.8
EIP-2026-105641 EXPLOITDB text WORKING POC
BugFree 2.1.3 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2011-5214 EXPLOITDB text WORKING POC
Browsercrm < 5.100.01 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
CVE-2011-5213 EXPLOITDB text WRITEUP
Browsercrm < 5.100.01 - SQL Injection
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
CVE-2011-5214 EXPLOITDB text WRITEUP
Browsercrm < 5.100.01 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
CVE-2011-5213 EXPLOITDB text WRITEUP
Browsercrm < 5.100.01 - SQL Injection
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
CVE-2011-5214 EXPLOITDB text WORKING POC
Browsercrm < 5.100.01 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
EIP-2026-105573 EXPLOITDB text WORKING POC
BoastMachine 3.1 - 'key' Cross-Site Scripting
CVE-2010-4870 EXPLOITDB text WORKING POC
BloofoxCMS 0.3.5 - SQL Injection
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
EIP-2026-105544 EXPLOITDB text WORKING POC
BloofoxCMS 0.3.5 - Information Disclosure
EIP-2026-105527 EXPLOITDB text WORKING POC
BlogBird Platform - Multiple Cross-Site Scripting Vulnerabilities
CVE-2010-4750 EXPLOITDB text WORKING POC
BLOG:CMS <4.2.1.e - CSRF
Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.
EIP-2026-105526 EXPLOITDB text WORKING POC
Blog:CMS 4.2.1 e - Multiple HTML Injections / Cross-Site Scripting
CVE-2015-8357 EXPLOITDB text WRITEUP
Bitrix <1.0.4 - Path Traversal
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.