High-Tech Bridge SA

441 exploits Active since Apr 2010
EIP-2026-113401 EXPLOITDB text WORKING POC
whCMS 0.115 - Cross-Site Request Forgery
EIP-2026-113330 EXPLOITDB text WORKING POC
Webmedia Explorer 6.13.1 - Persistent Cross-Site Scripting
EIP-2026-113348 EXPLOITDB text WORKING POC
Website Baker 2.8.1 - Multiple SQL Injections
EIP-2026-113367 EXPLOITDB text WORKING POC
webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-113275 EXPLOITDB text WORKING POC
webERP 4.3.8 - '/reportwriter/FormMaker.php?ReportID' SQL Injection
EIP-2026-113276 EXPLOITDB text WRITEUP
webERP 4.3.8 - '/reportwriter/ReportMaker.php?reportid' SQL Injection
EIP-2026-113243 EXPLOITDB text WORKING POC
WebAsyst Shop-Script - Cross-Site Scripting / HTML Injection
CVE-2014-5258 EXPLOITDB text WRITEUP
webEdition CMS < 6.3.8.0 - Authenticated Path Traversal via showTempFile.php file Parameter
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
EIP-2026-113277 EXPLOITDB text WORKING POC
webERP 4.3.8 - Multiple Script URI Cross-Site Scripting Vulnerabilities
EIP-2026-112947 EXPLOITDB text WORKING POC
Valarsoft WebMatic 3.0.5 - Multiple HTML Injection Vulnerabilities
CVE-2012-3350 EXPLOITDB text WRITEUP
Webmatic 3.1.1 - SQL Injection via Referer HTTP Header
SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
CVE-2014-3119 EXPLOITDB HIGH text WRITEUP
web2project < 3.1 - Authenticated SQL Injection via Search String or Update Key Parameter
Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php.
CVSS 8.8
EIP-2026-113061 EXPLOITDB text WORKING POC
ViArt Shop 4.0.5 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-113118 EXPLOITDB text WRITEUP
viscacha 0.8.1 - Multiple Vulnerabilities
CVE-2011-0504 EXPLOITDB text WORKING POC
vam_shop 1.6-1.6.1 - Cross-Site Scripting via status, search, or STORE_NAME Parameter
Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php.
CVE-2013-5091 EXPLOITDB text WRITEUP
vtiger CRM < 5.4.0 - Authenticated SQL Injection via onlyforuser Parameter
SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.
EIP-2026-113035 EXPLOITDB html WORKING POC
VCalendar 1.1.5 - Cross-Site Request Forgery
CVE-2015-4117 EXPLOITDB HIGH text WORKING POC
Vesta Control Panel < 0.9.8-14 - Authenticated Remote Code Execution via Backup Parameter
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
CVSS 8.8
EIP-2026-112698 EXPLOITDB text WORKING POC
Tine 2.0 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-112783 EXPLOITDB text WORKING POC
Traq 2.2 - Multiple SQL Injections / Cross-Site Scripting
EIP-2026-112896 EXPLOITDB text WORKING POC
UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2011-4336 EXPLOITDB MEDIUM text WORKING POC
Tiki Wiki CMS/Groupware < 7.0 - Cross-Site Scripting via AJAX Parameter
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
CVSS 6.1
CVE-2012-4902 EXPLOITDB text WORKING POC
Template CMS < 2.1.1 - Cross-Site Request Forgery via Admin User Creation or Theme Editor
Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.
EIP-2026-112571 EXPLOITDB text WORKING POC
TCMS - Multiple Input Validation Vulnerabilities
CVE-2013-2754 EXPLOITDB text WORKING POC
umi.cms < 2.9 - Cross-Site Request Forgery via Admin User Addition
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.