High-Tech Bridge SA - Security Researcher - Exploit Intelligence Platform

EIP-2026-109965 EXPLOITDB text WORKING POC

Novaboard 1.1.4 - Local File Inclusion

View Code

EIP-2026-109970 EXPLOITDB text WORKING POC

NPDS REvolution 10.02 - 'admin.php' Cross-Site Request Forgery

View Code

EIP-2026-109971 EXPLOITDB text WRITEUP

NPDS REvolution 10.02 - 'download.php' Cross-Site Scripting

View Code

EIP-2026-109972 EXPLOITDB text WORKING POC

NPDS REvolution 10.02 - 'download.php' SQL Injection

View Code

EIP-2026-109973 EXPLOITDB text WORKING POC

NPDS REvolution 10.02 - 'topic' Cross-Site Scripting

View Code

EIP-2026-110039 EXPLOITDB text WRITEUP

OneCMS 2.6.1 - 'cat' Cross-Site Scripting

View Code

EIP-2026-110040 EXPLOITDB html WORKING POC

OneCMS 2.6.1 - 'search' SQL Injection

View Code

EIP-2026-110041 EXPLOITDB html WORKING POC

OneCMS 2.6.1 - 'short1' Cross-Site Scripting

View Code

CVE-2012-0989 EXPLOITDB text WRITEUP

OneOrZero AIMS 2.8.0 Trial Edition build231211 - Cross-Site Scripting via PATH_INFO to index.php

Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

View Code

EIP-2026-110209 EXPLOITDB html WORKING POC

Onyx - Multiple Cross-Site Scripting Vulnerabilities

View Code

CVE-2010-3030 EXPLOITDB html WORKING POC

Tomaz Muraus Open Blog 1.2.1 - CSRF

Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View Code

CVE-2014-2317 EXPLOITDB text WRITEUP

OpenDocMan <1.2.7.2 - SQL Injection

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.

View Code

CVE-2012-0991 EXPLOITDB text WORKING POC

OpenEMR 4.1.0 - Authenticated Path Traversal via Formname Parameter

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.

View Code

CVE-2012-0992 EXPLOITDB text WORKING POC

OpenEMR 4.1.0 - Authenticated Remote Code Execution via Fax Dispatch File Parameter

interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter.

View Code

CVE-2012-0991 EXPLOITDB text WORKING POC

OpenEMR 4.1.0 - Authenticated Path Traversal via Formname Parameter

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.

View Code

CVE-2012-0991 EXPLOITDB text WRITEUP

OpenEMR 4.1.0 - Authenticated Path Traversal via Formname Parameter

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.

View Code

CVE-2013-7376 EXPLOITDB text WORKING POC

OpenX 2.8.10 - Cross-Site Request Forgery via Plugin Preferences and Settings

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.

View Code

CVE-2011-5259 EXPLOITDB text WORKING POC

OrangeHRM < 2.6.11.2 - SQL Injection via CentralController id Parameter

SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2011-5258 EXPLOITDB text WRITEUP

OrangeHRM < 2.6.11.2 - Cross-Site Scripting via uniqcode, isAdmin, or PATH_INFO

Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.

View Code

CVE-2012-1506 EXPLOITDB text WORKING POC

OrangeHRM < 2.7 - Authenticated SQL Injection via hspSummaryId Parameter

SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information.

View Code

CVE-2012-1507 EXPLOITDB text WORKING POC

OrangeHRM < 2.7 - Cross-Site Scripting via newHspStatus, sortOrder1, or uri Parameter

Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.

View Code

CVE-2012-1507 EXPLOITDB text WRITEUP

OrangeHRM < 2.7 - Cross-Site Scripting via newHspStatus, sortOrder1, or uri Parameter

Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.

View Code

CVE-2012-1507 EXPLOITDB text WRITEUP

OrangeHRM < 2.7 - Cross-Site Scripting via newHspStatus, sortOrder1, or uri Parameter

Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.

View Code

CVE-2014-2540 EXPLOITDB text WORKING POC

OrbitScripts Orbit Open Ad Server <1.1.1 - SQL Injection

SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.

View Code

CVE-2012-0974 EXPLOITDB text WORKING POC

OSClass < 2.3.5 - Cross-Site Scripting via Search Parameters

Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php.

View Code