High-Tech Bridge SA

441 exploits Active since Apr 2010
CVE-2011-0772 EXPLOITDB text WORKING POC
PivotX < 2.2.2 - Cross-Site Scripting via Color or Src Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
EIP-2026-111348 EXPLOITDB text WORKING POC
Plogger 1.0 RC1 - 'gallery_name' Cross-Site Scripting
CVE-2012-3953 EXPLOITDB text WORKING POC
phplist < 2.10.19 - Authenticated SQL Injection via Edit Attributes Delete Parameter
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
CVE-2012-3952 EXPLOITDB text WORKING POC
phplist < 2.10.19 - Cross-Site Scripting via Unconfirmed Parameter
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
EIP-2026-111099 EXPLOITDB text WORKING POC
PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-111114 EXPLOITDB text WORKING POC
phpList 2.10.x - 'email' Cross-Site Scripting
EIP-2026-111039 EXPLOITDB text WORKING POC
PHPDug 2.0.0 - Multiple Vulnerabilities
EIP-2026-111067 EXPLOITDB text WORKING POC
phpGraphy 0.9.13b - 'theme_dir' Cross-Site Scripting
EIP-2026-111068 EXPLOITDB text WORKING POC
phpGraphy 0.9.13b - Multiple Vulnerabilities
EIP-2026-110920 EXPLOITDB text WORKING POC
PhpAlbum.net 0.4.1-14_fix06 - 'var3' Remote Command Execution
EIP-2026-111021 EXPLOITDB text WORKING POC
phpcollab 2.5 - Multiple Vulnerabilities
EIP-2026-111037 EXPLOITDB text WORKING POC
PHPDug 2.0 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-111193 EXPLOITDB text WRITEUP
phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-111207 EXPLOITDB text WORKING POC
PHPShop CMS 3.4 - Multiple Cross-Site Scripting / SQL Injections
EIP-2026-111172 EXPLOITDB text WORKING POC
phpMySport 1.4 - SQL Injection / Authentication Bypass / Full Path Disclosure
EIP-2026-111123 EXPLOITDB text WRITEUP
phpLiterAdmin 1.0 RC1 - Authentication Bypass
EIP-2026-110732 EXPLOITDB text WORKING POC
PHP MicroCMS 1.0.1 - Cross-Site Request Forgery / Cross-Site Scripting
EIP-2026-110731 EXPLOITDB text WORKING POC
PHP MicroCMS 1.0.1 - 'page_text' Cross-Site Scripting
EIP-2026-110687 EXPLOITDB text WRITEUP
PHP Directory Listing Script 3.1 - 'index.php' Cross-Site Scripting
EIP-2026-110694 EXPLOITDB text WRITEUP
PHP F1 Max's Photo Album - 'showimage.php' Cross-Site Scripting
CVE-2015-2295 EXPLOITDB text WRITEUP
pfSense < 2.2 - Cross-Site Request Forgery via system_firmware_restorefullbackup.php deletefile Parameter
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
CVE-2011-0407 EXPLOITDB text WORKING POC
Phenotype CMS 3.0 - SQL Injection via Crafted URI
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information.
EIP-2026-110620 EXPLOITDB text WORKING POC
Photopad 1.2 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-110658 EXPLOITDB text WORKING POC
PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2012-1665 EXPLOITDB html WORKING POC
osCMax < 2.5.1 - SQL Injection via Admin Panel Parameters
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.