High-Tech Bridge SA

441 exploits Active since Apr 2010
CVE-2011-0772 EXPLOITDB text WORKING POC
Pivotx - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
EIP-2026-111348 EXPLOITDB text WORKING POC
Plogger 1.0 RC1 - 'gallery_name' Cross-Site Scripting
CVE-2012-3953 EXPLOITDB text WORKING POC
Phplist < 2.10.18 - SQL Injection
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
CVE-2012-3952 EXPLOITDB text WORKING POC
Phplist < 2.10.18 - XSS
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
EIP-2026-111099 EXPLOITDB text WORKING POC
PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-111114 EXPLOITDB text WORKING POC
phpList 2.10.x - 'email' Cross-Site Scripting
EIP-2026-111039 EXPLOITDB text WORKING POC
PHPDug 2.0.0 - Multiple Vulnerabilities
EIP-2026-111067 EXPLOITDB text WORKING POC
phpGraphy 0.9.13b - 'theme_dir' Cross-Site Scripting
EIP-2026-111068 EXPLOITDB text WORKING POC
phpGraphy 0.9.13b - Multiple Vulnerabilities
EIP-2026-110920 EXPLOITDB text WORKING POC
PhpAlbum.net 0.4.1-14_fix06 - 'var3' Remote Command Execution
EIP-2026-111021 EXPLOITDB text WORKING POC
phpcollab 2.5 - Multiple Vulnerabilities
EIP-2026-111037 EXPLOITDB text WORKING POC
PHPDug 2.0 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-111193 EXPLOITDB text WRITEUP
phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-111207 EXPLOITDB text WORKING POC
PHPShop CMS 3.4 - Multiple Cross-Site Scripting / SQL Injections
EIP-2026-111172 EXPLOITDB text WORKING POC
phpMySport 1.4 - SQL Injection / Authentication Bypass / Full Path Disclosure
EIP-2026-111123 EXPLOITDB text WRITEUP
phpLiterAdmin 1.0 RC1 - Authentication Bypass
EIP-2026-110732 EXPLOITDB text WORKING POC
PHP MicroCMS 1.0.1 - Cross-Site Request Forgery / Cross-Site Scripting
EIP-2026-110731 EXPLOITDB text WORKING POC
PHP MicroCMS 1.0.1 - 'page_text' Cross-Site Scripting
EIP-2026-110687 EXPLOITDB text WRITEUP
PHP Directory Listing Script 3.1 - 'index.php' Cross-Site Scripting
EIP-2026-110694 EXPLOITDB text WRITEUP
PHP F1 Max's Photo Album - 'showimage.php' Cross-Site Scripting
CVE-2015-2295 EXPLOITDB text WRITEUP
Netgate Pfsense < 2.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
CVE-2011-0407 EXPLOITDB text WORKING POC
Phenotype-cms Phenotype Cms - SQL Injection
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information.
EIP-2026-110620 EXPLOITDB text WORKING POC
Photopad 1.2 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-110658 EXPLOITDB text WORKING POC
PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2012-1665 EXPLOITDB html WORKING POC
Oscmax < 2.5.0 - SQL Injection
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.