High-Tech Bridge SA

441 exploits Active since Apr 2010
CVE-2012-0997 EXPLOITDB text WORKING POC
11in1 1.2.1 - Cross-Site Request Forgery in admin/index.php
Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action.
EIP-2026-105014 EXPLOITDB html WORKING POC
Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injections
CVE-2010-2003 EXPLOITDB text WORKING POC
Advanced Poll 2.08 - Cross-Site Scripting via mysql_host Parameter
Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter.
CVE-2012-0996 EXPLOITDB text WRITEUP
11in1 1.2.1 - Path Traversal via Class Parameter
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
EIP-2026-104917 EXPLOITDB text WORKING POC
AContent 1.0 - Cross-Site Scripting / HTML Injection
CVE-2012-5865 EXPLOITDB text WRITEUP
Achievo 1.4.5 - Authenticated SQL Injection via Activity ID Parameter
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
EIP-2026-104906 EXPLOITDB text WORKING POC
AChecker 1.0 - 'URI' Cross-Site Scripting
CVE-2010-4152 EXPLOITDB text WORKING POC
4site CMS < 2.6 - SQL Injection via Catalog Index cat Parameter
SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646.
CVE-2010-5029 EXPLOITDB text WORKING POC
ecomat_cms 5.0 - SQL Injection via Index.php Show Parameter
SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the show parameter in a web action.
CVE-2015-3898 EXPLOITDB MEDIUM text WRITEUP
Bonita BPM Portal <6.5.3 - Open Redirect
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
CVSS 6.1
EIP-2026-100781 EXPLOITDB text WORKING POC
Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injections
EIP-2026-100750 EXPLOITDB text WORKING POC
BackupPC 3.x - 'index.cgi' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-100396 EXPLOITDB text WORKING POC
Lois Software WebDB 2.0A Script - Multiple SQL Injections
EIP-2026-100361 EXPLOITDB text WORKING POC
Iatek PortalApp 3.3/4.0 - 'login.asp' Multiple Cross-Site Scripting Vulnerabilities
CVE-2010-4922 EXPLOITDB text WORKING POC
Allinta CMS 22.07.2010 - SQL Injection
Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow remote attackers to execute arbitrary SQL commands via the i parameter in an edit action to (1) contentAE.asp or (2) templatesAE.asp.
EIP-2026-100283 EXPLOITDB text WORKING POC
DT Centrepiece 4.5 - Cross-Site Scripting / Security Bypass