High-Tech Bridge Security Research Lab

113 exploits Active since Jul 2012
CVE-2015-8357 EXPLOITDB text WRITEUP
bitrix.xscan < 1.0.3 - Authenticated Path Traversal via File Parameter
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.
CVE-2013-4880 EXPLOITDB text WORKING POC
BigTree CMS < 4.0 - Cross-Site Scripting via Module Parameter
Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.
CVE-2014-4170 EXPLOITDB CRITICAL text WRITEUP
ArticleFR 11.06.2014 - Privilege Escalation
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.
CVSS 9.8
CVE-2012-5244 EXPLOITDB text WORKING POC
Banana Dance < b.2.6 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
CVE-2012-5700 EXPLOITDB text WORKING POC
Baby Gekko < 1.2.2 - Cross-Site Scripting via Admin ID or Login Credentials
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some of these details are obtained from third party information.
CVE-2013-2945 EXPLOITDB text WRITEUP
b2evolution < 4.1.7 - Authenticated SQL Injection via show_statuses[] Parameter
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
CVE-2013-2474 EXPLOITDB HIGH text WORKING POC
AWS XMS 2.5 - Path Traversal via 'what' Parameter
Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter.
CVSS 7.5
CVE-2014-1401 EXPLOITDB text WRITEUP
AuraCMS <= 2.3 - Authenticated SQL Injection via Search Parameter or HTTP Headers
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.
CVE-2012-5453 EXPLOITDB text WORKING POC
ATutor AContent <1.2 - SQL Injection
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
CVE-2013-6058 EXPLOITDB text WRITEUP
appRain CMF < 3.0.2 - SQL Injection via PATH_INFO to blog-by-cat/
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.
CVE-2012-5865 EXPLOITDB text WRITEUP
Achievo 1.4.5 - Authenticated SQL Injection via Activity ID Parameter
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
CVE-2013-0804 EXPLOITDB html WORKING POC
Novell GroupWise <8.0.3-2012 - RCE/DoS
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.
CVE-2015-3898 EXPLOITDB MEDIUM text WRITEUP
Bonita BPM Portal <6.5.3 - Open Redirect
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
CVSS 6.1