High-Tech Bridge SA

441 exploits Active since Apr 2010
EIP-2026-109965 EXPLOITDB text WORKING POC
Novaboard 1.1.4 - Local File Inclusion
EIP-2026-109970 EXPLOITDB text WORKING POC
NPDS REvolution 10.02 - 'admin.php' Cross-Site Request Forgery
EIP-2026-109971 EXPLOITDB text WRITEUP
NPDS REvolution 10.02 - 'download.php' Cross-Site Scripting
EIP-2026-109972 EXPLOITDB text WORKING POC
NPDS REvolution 10.02 - 'download.php' SQL Injection
EIP-2026-109973 EXPLOITDB text WORKING POC
NPDS REvolution 10.02 - 'topic' Cross-Site Scripting
EIP-2026-110039 EXPLOITDB text WRITEUP
OneCMS 2.6.1 - 'cat' Cross-Site Scripting
EIP-2026-110040 EXPLOITDB html WORKING POC
OneCMS 2.6.1 - 'search' SQL Injection
EIP-2026-110041 EXPLOITDB html WORKING POC
OneCMS 2.6.1 - 'short1' Cross-Site Scripting
CVE-2012-0989 EXPLOITDB text WRITEUP
OneOrZero AIMS 2.8.0 - XSS
Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
EIP-2026-110209 EXPLOITDB html WORKING POC
Onyx - Multiple Cross-Site Scripting Vulnerabilities
CVE-2010-3030 EXPLOITDB html WORKING POC
Tomaz Muraus Open Blog 1.2.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2014-2317 EXPLOITDB text WRITEUP
OpenDocMan <1.2.7.2 - SQL Injection
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-0991 EXPLOITDB text WORKING POC
OpenEMR 4.1.0 - Path Traversal
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
CVE-2012-0992 EXPLOITDB text WORKING POC
OpenEMR 4.1.0 - Command Injection
interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter.
CVE-2012-0991 EXPLOITDB text WORKING POC
OpenEMR 4.1.0 - Path Traversal
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
CVE-2012-0991 EXPLOITDB text WRITEUP
OpenEMR 4.1.0 - Path Traversal
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
CVE-2013-7376 EXPLOITDB text WORKING POC
OpenX 2.8.10 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
CVE-2011-5259 EXPLOITDB text WORKING POC
Orangehrm < 2.6.11 - SQL Injection
SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-5258 EXPLOITDB text WRITEUP
Orangehrm < 2.6.11 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
CVE-2012-1506 EXPLOITDB text WORKING POC
Orangehrm < 2.6.12.1 - SQL Injection
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information.
CVE-2012-1507 EXPLOITDB text WORKING POC
Orangehrm < 2.6.12.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.
CVE-2012-1507 EXPLOITDB text WRITEUP
Orangehrm < 2.6.12.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.
CVE-2012-1507 EXPLOITDB text WRITEUP
Orangehrm < 2.6.12.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.
CVE-2014-2540 EXPLOITDB text WORKING POC
OrbitScripts Orbit Open Ad Server <1.1.1 - SQL Injection
SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.
CVE-2012-0974 EXPLOITDB text WORKING POC
OSClass <2.3.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php.