Arbitrary File Content Disclosure in Atutor

Vulnerability Type: Path Traversal [CWE-22] Risk Level: Medium CVSSv3 Base Score: 5.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

SQL Injection in GLPI

Vulnerability Type: SQL Injection [CWE-89] Risk Level: High CVSSv3 Base Score: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

RCE via CSRF in phpMyFAQ

Public Disclosure: April 20, 2016 Vulnerability Type: Cross-Site Request Forgery [CWE-352] Risk Level: High CVSSv3 Base Score: 8.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

SQL Injection in SocialEngine

Injection [CWE-89] Risk Level: High CVSSv3 Base Score: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L] Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Multiple Vulnerabilities in CubeCart

/S:C/C:N/I:N/A:L] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security

Remote Code Execution via CSRF in iTop

Vulnerability Type: Cross-Site Request Forgery [CWE-352] Risk Level: High CVSSv3 Base Score: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Admin Password Reset & RCE via CSRF in Dating Pro

Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered multiple Cross-Site Request Forgery (CSRF) vulnerabilities

SQL Injection and RCE in WebsiteBaker

Public Disclosure: March 18, 2016 Vulnerability Type: SQL Injection [CWE-89] Risk Level: Critical CVSSv3 Base Score: 10 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

RCE via CSRF in osCommerce

: PHP File Inclusion [CWE-98] Risk Level: Medium CVSSv3 Base Score: 5.8 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L] Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

SSO Authentication Bypass and Website Takeover in DOKEOS

Authentication [CWE-287] Risk Level: High CVSSv3 Base Score: 7.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L] Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

SQL Injection in webSPELL

: February 17, 2016 Vulnerability Type: SQL Injection [CWE-89] Risk Level: Medium CVSSv3 Base Score: 6.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

SQL Injection in TestLink

Disclosure: February 17, 2016 Vulnerability Type: SQL Injection [CWE-89] Risk Level: High CVSSv3 Base Score: 7.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

RCE via CSRF in osCmax

Type: PHP File Inclusion [CWE-98] Risk Level: Medium CVSSv3 Base Score: 5.8 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L] Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Remote Code Execution in Exponent

Disclosure: February 3, 2016 Vulnerability Type: Code Injection [CWE-94] CVE Reference: CVE-2016-2242 Risk Level: Critical CVSSv3 Base Score: 10 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Remote Code Execution in Roundcube

: January 13, 2016 Vulnerability Type: Path Traversal [CWE-22] CVE Reference: CVE-2015-8770 Risk Level: Medium CVSSv3 Base Score: 5.3 [CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module

Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2015-8356 Risk Level: Medium CVSSv3 Base Score: 6.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L] Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

RCE in Zen Cart via Arbitrary File Inclusion

Vulnerability Type: PHP File Inclusion [CWE-98] CVE Reference: CVE-2015-8352 Risk Level: Critical CVSSv3 Base Score: 9.0 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com

SQL Injection in orion.extfeedbackform Bitrix Module

, 2015 Public Disclosure: December 16, 2015 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2015-8355 Risk Level: Medium CVSSv3 Base Score: 6.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research

Path Traversal via CSRF in bitrix.xscan Bitrix Module

Disclosure: December 9, 2015 Vulnerability Type: Path Traversal [CWE-22] CVE Reference: CVE-2015-8357 Risk Level: Medium CVSSv3 Base Score: 4.2 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

PHP File Inclusion in bitrix.mpbuilder Bitrix Module

Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered vulnerability in bitrix.mpbuilder Bitrix module, which can be exploited to include

Reflected Cross-Site Scripting (XSS) in SourceBans

Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2015-8349 Risk Level: Medium CVSSv3 Base Score: 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Remote File Inclusion in Gwolle Guestbook WordPress Plugin

Public Disclosure: November 4, 2015 Vulnerability Type: PHP File Inclusion [CWE-98] CVE Reference: CVE-2015-8351 Risk Level: Critical CVSSv3 Base Score: 9.0 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab

RCE and SQL injection via CSRF in Horde Groupware

Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered three Cross-Site Request Forgery (CSRF) vulnerabilities in a popular collaboration

Cross-Site Request Forgery on Oxwall

22, 2015 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2015-5534 Risk Level: High CVSSv3 Base Score: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L] Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Reflected Cross-Site Scripting (XSS) in SourceBans

Type: Cross-Site Scripting [CWE-79] Risk Level: Medium CVSSv3 Base Score: 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Cross-Site Request Forgery in Cerb

2, 2015 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2015-6545 Risk Level: Medium CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com

SQL Injection in Count Per Day WordPress Plugin

: July 22, 2015 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2015-5533 Risk Level: Medium CVSSv2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin

Public Disclosure: July 22, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2015-5532 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Path Traversal in BlackCat CMS

1, 2015 Vulnerability Type: Path Traversal [CWE-22] CVE Reference: CVE-2015-5079 Risk Level: High CVSSv2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:С/I:N/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

OS Command Injection in Vesta Control Panel

: June 17, 2015 Vulnerability Type: OS Command Injection [CWE-78] CVE Reference: CVE-2015-4117 Risk Level: Critical CVSSv2 Base Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Reflected Cross-Site Scripting (XSS) in SearchBlox

17, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2015-3422 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Multiple Vulnerabilities in ISPConfig

and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered two vulnerabilities in a popular hosting

Arbitrary File Disclosure and Open Redirect in Bonita BPM

and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab two vulnerabilities in Bonita BPM Portal (Bonita's web

Use-After-Free in PHP

Vulnerability Type: Use After Free [CWE-416] Risk Level: Medium CVSSv2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Local PHP File Inclusion in ResourceSpace

, 2015 Vulnerability Type: PHP File Inclusion [CWE-98] CVE Reference: CVE-2015-3648 Risk Level: High CVSSv2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Stored XSS in WP Photo Album Plus WordPress Plugin

Public Disclosure: May 20, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2015-3647 Risk Level: Medium CVSSv2 Base Score: 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Arbitrary Variable Overwrite in eShop WordPress Plugin

Type: Code Injection [CWE-94] CVE Reference: CVE-2015-3421 Risk Level: Medium CVSSv2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Multiple Vulnerabilities in TheCartPress WordPress plugin

/A:N), 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N), 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High

Arbitrary file deletion and multiple XSS vulnerabilities in pfSense

and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in web interface

SQL Injection in Huge IT Slider WordPress Plugin

Disclosure: March 12, 2015 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2015-2062 Risk Level: Medium CVSSv2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com

Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin

Public Disclosure: February 11, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2015-1436 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Multiple Vulnerabilities in my little forum

Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in my

Self-XSS in Microsoft Dynamics CRM 2013 SP1

: December 29, 2014 Public Disclosure: January 7, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Cross-Site Scripting (XSS) in Revive Adserver

Public Disclosure: December 17, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-8793 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Сross-Site Request Forgery (CSRF) in xEpan

Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2014-8429 Risk Level: Medium CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Solution Status: Not Fixed Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension

, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-8539 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms

: November 5, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-5257 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com

Arbitrary File Upload in HelpDEZk

: Unrestricted Upload of File with Dangerous Type [CWE-434] CVE Reference: CVE-2014-8337 Risk Level: Critical CVSSv2 Base Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Multiple vulnerabilities in EspoCRM

(AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech

Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin

, 2014 Public Disclosure: October 15, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-7182 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

Public Disclosure: October 15, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-7181 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin

, 2014 Public Disclosure: October 8, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-7138 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin

, 2014 Public Disclosure: October 8, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-6243 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Two XSS in Contact Form DB WordPress plugin

, 2014 Public Disclosure: October 8, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-7139 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin

: September 10, 2014 Public Disclosure: October 1, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-6315 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab

Reflected Cross-Site Scripting (XSS) in Textpattern

: October 1, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-4737 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com

Two SQL Injections in All In One WP Security WordPress plugin

Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin

Path Traversal in webEdition

Patch: September 4, 2014 Public Disclosure: September 17, 2014 Vulnerability Type: Path Traversal [CWE-22] CVE Reference: CVE-2014-5258 Risk Level: Medium CVSSv2 Base Score: 4 (AV:N/AC:L/Au:S/C:P/I:N/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research

Reflected Cross-Site Scripting (XSS) in MODX Revolution

: September 17, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-5451 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Reflected Cross-Site Scripting (XSS) in BlackCat CMS

: September 3, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-5259 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com

Reflected Cross-Site Scripting (XSS) in MyWebSQL

: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-4735 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

SQL Injection Vulnerability in ArticleFR

Injection [CWE-89] CVE Reference: CVE-2014-5097 Risk Level: High CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Reflected Cross-Site Scripting (XSS) in Jamroom

13, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-5098 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Improper Access Control in ArticleFR

Type: Improper Access Control [CWE-284] CVE Reference: CVE-2014-4170 Risk Level: High CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

SQL Injection in Е2

Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2014-4736 Risk Level: High CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Reflected Cross-Site Scripting (XSS) in e107

Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-4734 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Cross-Site Request Forgery (CSRF) in Kanboard

, 2014 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2014-3920 Risk Level: Medium CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite

Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-3737 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

SQL Injection in Dolphin

Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2014-3810 Risk Level: Medium CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Multiple SQL Injection Vulnerabilities in web2Project

, 2014 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2014-3119 Risk Level: High CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Multiple vulnerabilities in Sharetronix

Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Sharetronix, which can be exploited

Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel

, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-1855 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

CSRF and Remote Code Execution in EGroupware

Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered CSRF

Cross-Site Scripting (XSS) in Offiria

: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-2689 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

SQL Injection in mAdserve

[CWE-89] CVE Reference: CVE-2014-2654 Risk Level: Medium CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Сross-Site Request Forgery (CSRF) in XCloner Standalone

-Site Request Forgery [CWE-352] CVE Reference: CVE-2014-2579 Risk Level: High CVSSv2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

SQL Injection in Orbit Open Ad Server

Disclosure: April 9, 2014 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2014-2540 Risk Level: High CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin

: April 2, 2014 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2014-2340 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Cross-Site Scripting (XSS) in CMSimple

Disclosure: March 19, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-2219 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com

Cross-Site Scripting (XSS) in Open Classifieds

Public Disclosure: March 12, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-2024 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Cross-Site Scripting (XSS) in Ilch CMS

-Site Scripting [CWE-79] CVE Reference: CVE-2014-1944 Risk Level: Medium CVSSv2 Base Score: 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Multiple Vulnerabilities in OpenDocMan

Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered multiple vulnerabilities

Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin

, CVE-2014-1907, CVE-2014-1908 Risk Level: Critical CVSSv2 Base Scores: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C), 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N), 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N), 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab

SQL Injection in AdRotate

: February 20, 2014 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2014-1854 Risk Level: High CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Multiple SQL Injection Vulnerabilities in AuraCMS

Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2014-1401 Risk Level: Medium CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

SQL Injection in doorGets CMS

, 2014 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2014-1459 Risk Level: Medium CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Multiple Vulnerabilities in Eventum

Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered vulnerability in Eventum, which

SQL Injection in JV Comment Joomla Extension

Disclosure: January 23, 2014 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2014-0794 Risk Level: Medium CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com

SQL Injection in Sexy Polling Joomla Extension

Disclosure: January 16, 2014 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2013-7219 Risk Level: High CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Multiple Vulnerabilities in Horizon QCMS

Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Horizon QCMS, which can be exploited

Improper Authentication in Burden

, 2014 Vulnerability Type: Improper Authentication [CWE-287] CVE Reference: CVE-2013-7137 Risk Level: High CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Path Traversal in eduTrac

, 2013 Public Disclosure: January 2, 2014 Vulnerability Type: Path Traversal [CWE-22] CVE Reference: CVE-2013-7097 Risk Level: Medium CVSSv2 Base Score: 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https

Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin

, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2013-6991 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin

, 2013 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2013-6992 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Not Fixed Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin

, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2013-6993 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

User Identity Spoofing in Bitrix Site Manager

Disclosure: December 11, 2013 Vulnerability Type: Insufficient Verification of Data Authenticity [CWE-345] CVE Reference: CVE-2013-6788 Risk Level: Medium CVSSv2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab

XSS and Full Path Disclosure in MijoSearch Joomla Extension

Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered 2 vulnerabilities in MijoSearch Joomla Extension, which can

SQL Injection in InstantCMS

: December 11, 2013 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2013-6839 Risk Level: High CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory

Cross-Site Scripting (XSS) in Jamroom

Disclosure: December 4, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2013-6804 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com

Multiple Cross-Site Scripting (XSS) in Claroline

Disclosure: November 27, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2013-6267 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com

  1   2   >