High-Tech Bridge Security Research Lab

113 exploits Active since Jul 2012
EIP-2026-108022 EXPLOITDB text WORKING POC
iTop 2.2.1 - Cross-Site Request Forgery
CVE-2015-4119 EXPLOITDB text WRITEUP
ISPConfig < 3.0.5.4 - Cross-Site Request Forgery via Admin User Creation
Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php.
CVE-2013-6839 EXPLOITDB text WORKING POC
InstantCMS < 1.10.3 - SQL Injection via OrderBy Parameter
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].
CVE-2012-6290 EXPLOITDB text WRITEUP
ImageCMS < 4.2 - Authenticated SQL Injection via Admin Search Parameter
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
CVE-2013-7139 EXPLOITDB text WRITEUP
Horizon Quick Content Management System <= 4.0 - SQL Injection via Download Category Parameter
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
CVE-2013-5696 EXPLOITDB text WORKING POC
GLPI < 0.84.2 - Cross-Site Request Forgery and SQL Injection via Install Script
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
CVE-2015-7984 EXPLOITDB text WORKING POC
Horde Groupware < 5.2.11 - Cross-Site Request Forgery via Admin Shell Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
CVE-2013-7349 EXPLOITDB text WRITEUP
Gnew 2013.1 - SQL Injection via news_id, thread_id, or user_email Parameter
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates.
EIP-2026-107435 EXPLOITDB text WRITEUP
GLPi 0.90.2 - SQL Injection
CVE-2013-1466 EXPLOITDB text WORKING POC
glFusion < 1.2.2.pl4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.
CVE-2013-3294 EXPLOITDB text WORKING POC
Exponent CMS <2.2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
CVE-2014-1631 EXPLOITDB HIGH text WRITEUP
Eventum < 2.3.5 - Unauthenticated Application Reinstallation via Direct Setup Request
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
CVSS 7.5
CVE-2012-5874 EXPLOITDB text WORKING POC
Elite Bulletin Board < 2.1.22 - SQL Injection via PATH_INFO
Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.
CVE-2014-2987 EXPLOITDB text WORKING POC
EGroupware < 1.6.001 and < 1.8006 - Cross-Site Request Forgery via Admin User Creation or Settings Modification
Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988.
EIP-2026-106366 EXPLOITDB text WORKING POC
Dating Pro Genie 2015.7 - Cross-Site Request Forgery
CVE-2014-1459 EXPLOITDB text WORKING POC
doorGets CMS <= 5.2 - Authenticated SQL Injection via _position_down_id Parameter
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVE-2013-6341 EXPLOITDB text WRITEUP
Dokeos < 2.2 - SQL Injection via Language Parameter
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
CVE-2012-5849 EXPLOITDB text WORKING POC
ClipBucket < 2.6 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php.
EIP-2026-106274 EXPLOITDB text WORKING POC
CubeCart 6.0.10 - Multiple Vulnerabilities
CVE-2013-4789 EXPLOITDB text WRITEUP
Cotonti Siena < 0.9.14 - SQL Injection via RSS Module c Parameter
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
CVE-2013-1668 EXPLOITDB text WORKING POC
CosCMS < 1.822 - Authenticated OS Command Injection via Uploaded File Name
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
CVE-2015-8358 EXPLOITDB text WORKING POC
bitrix.mpbuilder < 1.0.11 - Authenticated Path Traversal via Work Array Parameter
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.
CVE-2013-6787 EXPLOITDB text WRITEUP
Chamilo LMS < 1.9.6 - Authenticated SQL Injection via Password Parameter
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
CVE-2015-6545 EXPLOITDB text WORKING POC
Cerb < 7.0.3 - Cross-Site Request Forgery via ajax.php saveWorkerPeek Action
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
CVE-2013-7137 EXPLOITDB CRITICAL text WRITEUP
burden < 1.8.1 - Unauthenticated Authentication Bypass via Remember Me Cookie
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
CVSS 9.8