High-Tech Bridge SA

441 exploits Active since Apr 2010
EIP-2026-112896 EXPLOITDB text WORKING POC
UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-112921 EXPLOITDB text WORKING POC
UseBB 1.0.11 - 'admin.php' Local File Inclusion
EIP-2026-112535 EXPLOITDB text WRITEUP
SyntaxCMS - 'rows_per_page' SQL Injection
EIP-2026-112528 EXPLOITDB html WORKING POC
SyndeoCMS 2.9 - Multiple HTML Injection Vulnerabilities
CVE-2011-4833 EXPLOITDB text WORKING POC
SugarCRM 6.1-6.1.6 6.2-6.2.3 6.3-6.3.0RC2 6.4-6.4.0beta - SQL Injection via Leads Module Parameters
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
CVE-2010-5318 EXPLOITDB text WORKING POC
SweetRice CMS < 0.6.7.1 - Unauthenticated Password Reset via Email Parameter
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.
CVE-2012-5452 EXPLOITDB text WORKING POC
Subrion CMS 2.2.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.
EIP-2026-112527 EXPLOITDB text WORKING POC
SyndeoCMS 2.8.02 - Multiple Vulnerabilities (2)
EIP-2026-112356 EXPLOITDB text WORKING POC
Sourcefabric Campsite - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-112393 EXPLOITDB text WORKING POC
Spitfire 1.0.3x - 'cms_username' Cross-Site Scripting
EIP-2026-112308 EXPLOITDB text WRITEUP
SocialEngine 4.8.9 - SQL Injection
CVE-2011-5074 EXPLOITDB text WORKING POC
Support Incident Tracker < 3.65 - Cross-Site Request Forgery via User Profile Edit
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.
EIP-2026-112263 EXPLOITDB html WORKING POC
sNews 1.7 - 'snews.php' Cross-Site Scripting / HTML Injection
EIP-2026-112266 EXPLOITDB html WORKING POC
sNews CMS - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-111989 EXPLOITDB text WORKING POC
Seo Panel 2.2.0 - SQL Injection
EIP-2026-111836 EXPLOITDB text WORKING POC
RunCMS 2.2.2 - Multiple Vulnerabilities
EIP-2026-111835 EXPLOITDB text WRITEUP
RunCMS 2.2.2 - 'register.php' SQL Injection
CVE-2010-1997 EXPLOITDB html WORKING POC
Saurus CMS 4.7.0 - Authenticated Stored Cross-Site Scripting via pealkiri Parameter
Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter.
EIP-2026-111889 EXPLOITDB text WORKING POC
Santafox 2.0.2 - 'search' Cross-Site Scripting
CVE-2015-8770 EXPLOITDB HIGH text WRITEUP
Roundcube Webmail < 1.0.8 and 1.1.x < 1.1.4 - Authenticated Path Traversal via _skin Parameter
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php.
CVSS 7.5
EIP-2026-111825 EXPLOITDB text WORKING POC
Rumba XML 2.4 - 'index.php' Multiple HTML Injection Vulnerabilities
CVE-2011-5313 EXPLOITDB text WRITEUP
Redaxscript 0.3.2 - SQL Injection via Password Reset Parameters
Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program.
EIP-2026-111843 EXPLOITDB text WORKING POC
Ruubikcms 1.0.3 - 'index.php' Cross-Site Scripting
EIP-2026-111738 EXPLOITDB text WORKING POC
reos 2.0.5 - Multiple Vulnerabilities
EIP-2026-111764 EXPLOITDB text WORKING POC
REvolution 10.02 - Cross-Site Request Forgery