High-Tech Bridge SA

441 exploits Active since Apr 2010
EIP-2026-105999 EXPLOITDB text WORKING POC
CMS Source - Multiple Input Validation Vulnerabilities
CVE-2012-5849 EXPLOITDB text WORKING POC
ClipBucket < 2.6 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php.
EIP-2026-105897 EXPLOITDB text WORKING POC
Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-105871 EXPLOITDB text WRITEUP
ClanSphere 2010.0 Final - Multiple Vulnerabilities
CVE-2012-1001 EXPLOITDB MEDIUM text WORKING POC
Chyrp < 2.1.2 - Cross-Site Scripting via Content or Body Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
CVSS 6.1
CVE-2011-5214 EXPLOITDB text WORKING POC
BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
CVE-2013-6787 EXPLOITDB text WRITEUP
Chamilo LMS < 1.9.6 - Authenticated SQL Injection via Password Parameter
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
CVE-2015-6545 EXPLOITDB text WORKING POC
Cerb < 7.0.3 - Cross-Site Request Forgery via ajax.php saveWorkerPeek Action
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
EIP-2026-105698 EXPLOITDB text WORKING POC
Cambio 0.5a - Cross-Site Request Forgery
EIP-2026-105697 EXPLOITDB text WORKING POC
Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injections
EIP-2026-105667 EXPLOITDB html WORKING POC
BXR 0.6.8 - Cross-Site Request Forgery
CVE-2013-7137 EXPLOITDB CRITICAL text WRITEUP
burden < 1.8.1 - Unauthenticated Authentication Bypass via Remember Me Cookie
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
CVSS 9.8
EIP-2026-105641 EXPLOITDB text WORKING POC
BugFree 2.1.3 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2011-5214 EXPLOITDB text WORKING POC
BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
CVE-2011-5213 EXPLOITDB text WRITEUP
BrowserCRM < 5.100.01 - SQL Injection via login[username] or parent_id or contact_id Parameter
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
CVE-2011-5214 EXPLOITDB text WRITEUP
BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
CVE-2011-5213 EXPLOITDB text WRITEUP
BrowserCRM < 5.100.01 - SQL Injection via login[username] or parent_id or contact_id Parameter
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
CVE-2011-5214 EXPLOITDB text WORKING POC
BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
EIP-2026-105573 EXPLOITDB text WORKING POC
BoastMachine 3.1 - 'key' Cross-Site Scripting
CVE-2010-4870 EXPLOITDB text WORKING POC
BloofoxCMS 0.3.5 - SQL Injection via Gender Parameter
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
EIP-2026-105544 EXPLOITDB text WORKING POC
BloofoxCMS 0.3.5 - Information Disclosure
EIP-2026-105527 EXPLOITDB text WORKING POC
BlogBird Platform - Multiple Cross-Site Scripting Vulnerabilities
CVE-2010-4750 EXPLOITDB text WORKING POC
BLOG:CMS 4.2.1.e - Cross-Site Request Forgery in admin/libs/ADMIN.php
Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.
EIP-2026-105526 EXPLOITDB text WORKING POC
Blog:CMS 4.2.1 e - Multiple HTML Injections / Cross-Site Scripting
CVE-2015-8357 EXPLOITDB text WRITEUP
bitrix.xscan < 1.0.3 - Authenticated Path Traversal via File Parameter
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.