High-Tech Bridge

43 exploits Active since Jun 2012
CVE-2013-7219 EXPLOITDB text WRITEUP
Joomla! com_sexypolling <1.0.9 - SQL Injection
SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.
CVE-2012-4231 EXPLOITDB text WRITEUP
jcore < 1.0 - Cross-Site Scripting via Admin Index Path Parameter
Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.
CVE-2013-4624 EXPLOITDB text WRITEUP
Jahia xCM 6.6.1.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action.
CVE-2013-4624 EXPLOITDB text WORKING POC
Jahia xCM 6.6.1.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action.
CVE-2014-4736 EXPLOITDB html WORKING POC
blogengine e2 < 2.4 - SQL Injection via note-id Parameter
SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.
CVE-2013-2267 EXPLOITDB HIGH text WORKING POC
FUDforum 3.0.4 - Remote Code Execution via PHP Code Injection
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
CVSS 7.2
EIP-2026-107359 EXPLOITDB text WORKING POC
Geeklog - Cross-Site Scripting
CVE-2014-1631 EXPLOITDB HIGH text WRITEUP
Eventum < 2.3.5 - Unauthenticated Application Reinstallation via Direct Setup Request
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
CVSS 7.5
CVE-2012-4336 EXPLOITDB text WORKING POC
flogr < 2.5.6 - Cross-Site Scripting via PATH_INFO or Arbitrary Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter.
CVE-2014-1631 EXPLOITDB HIGH text WRITEUP
Eventum < 2.3.5 - Unauthenticated Application Reinstallation via Direct Setup Request
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
CVSS 7.5
CVE-2013-7097 EXPLOITDB text WRITEUP
7mediaws eduTrac < 1.1.2 - Path Traversal via Installer Overview showmask Parameter
Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.
CVE-2012-5701 EXPLOITDB text WORKING POC
dotproject < 2.1.7 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVE-2012-5702 EXPLOITDB text WORKING POC
dotproject < 2.1.7 - Cross-Site Scripting via Callback, Field, or Company Name Parameters
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886.
CVE-2014-5097 EXPLOITDB text WORKING POC
ArticleFR < 3.0.4 - SQL Injection via rate.php id Parameter
Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.
CVE-2013-0804 EXPLOITDB html WORKING POC
Novell GroupWise <8.0.3-2012 - RCE/DoS
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.
CVE-2013-2649 EXPLOITDB text WORKING POC
Hero Framework - '/users/forgot_password?error' Cross-Site Scripting
CVE-2013-2649 EXPLOITDB text WRITEUP
Hero Framework - '/users/forgot_password?error' Cross-Site Scripting
CVE-2012-5878 EXPLOITDB CRITICAL html WORKING POC
Bulb Security Smartphone Pentest Framework 0.1.2-0.1.4 - Remote Code Execution via Shell Metacharacters
Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.
CVSS 9.8