High-Tech Bridge SA

441 exploits Active since Apr 2010
CVE-2015-8770 EXPLOITDB HIGH text WRITEUP
Roundcube Webmail < 1.0.8 and 1.1.x < 1.1.4 - Authenticated Path Traversal via _skin Parameter
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php.
CVSS 7.5
CVE-2011-5313 EXPLOITDB text WRITEUP
Redaxscript 0.3.2 - SQL Injection via Password Reset Parameters
Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program.
EIP-2026-111738 EXPLOITDB text WORKING POC
reos 2.0.5 - Multiple Vulnerabilities
EIP-2026-111764 EXPLOITDB text WORKING POC
REvolution 10.02 - Cross-Site Request Forgery
CVE-2010-5051 EXPLOITDB text WORKING POC
razorcms 1.0 - Cross-Site Scripting via Content Parameter in Edit Action
Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php.
EIP-2026-111774 EXPLOITDB text WRITEUP
Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injections
EIP-2026-111482 EXPLOITDB text WRITEUP
Preation Eden Platform 27.7.2010 - Multiple HTML Injection Vulnerabilities
EIP-2026-111400 EXPLOITDB text WORKING POC
poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-111461 EXPLOITDB text WORKING POC
Prado Portal 1.2 - 'page' Cross-Site Scripting
CVE-2012-2452 EXPLOITDB MEDIUM text WORKING POC
pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
CVSS 6.1
EIP-2026-111382 EXPLOITDB text WRITEUP
Podcast Generator 1.3 - Multiple Vulnerabilities
EIP-2026-111353 EXPLOITDB text WORKING POC
Pluck CMS 4.6.3 - 'cont1' HTML Injection
EIP-2026-111367 EXPLOITDB text WORKING POC
PluXml 5.0.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
CVE-2012-2452 EXPLOITDB MEDIUM text WRITEUP
pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
CVSS 6.1
CVE-2012-2227 EXPLOITDB text WRITEUP
PluXml < 5.1.5 - Path Traversal via default_lang Parameter
Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.
EIP-2026-111308 EXPLOITDB text WORKING POC
Pixie CMS 1.0.4 - '/admin/index.php' SQL Injection
EIP-2026-111330 EXPLOITDB text WORKING POC
Pligg CMS 1.0.4 - 'search.php' Cross-Site Scripting
CVE-2012-2436 EXPLOITDB text WORKING POC
Pligg CMS < 1.2.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module.
EIP-2026-111305 EXPLOITDB html WORKING POC
Pixie 1.0.4 - HTML Injection / Cross-Site Scripting
EIP-2026-111348 EXPLOITDB text WORKING POC
Plogger 1.0 RC1 - 'gallery_name' Cross-Site Scripting
EIP-2026-111467 EXPLOITDB text WORKING POC
Pragyan CMS 3.0 Beta - Multiple Cross-Site Scripting Vulnerabilities
CVE-2013-1469 EXPLOITDB text WORKING POC
Piwigo < 2.4.7 - Path Traversal via Install.php DL Parameter
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
EIP-2026-111236 EXPLOITDB text WORKING POC
PHPWCMS 1.4.5 - 'PHPwcms.php' Cross-Site Scripting
CVE-2011-0772 EXPLOITDB text WORKING POC
PivotX < 2.2.2 - Cross-Site Scripting via Color or Src Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
CVE-2011-0772 EXPLOITDB text WORKING POC
PivotX < 2.2.2 - Cross-Site Scripting via Color or Src Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.