all things security
Showing 1 - 25 of 578 RSS Feed

Files from High-Tech Bridge SA

Real NameHigh-Tech Bridge SA
Email addressadvisory at htbridge.com
Websitewww.htbridge.com
First Active2010-04-20
Last Active2016-08-03
View User Profile

Personal Background

High-Tech Bridge SA (htbridge.com) provides businesses and organizations with world-class information security services. High-Tech Bridge Security Research Lab (unit of High-Tech Bridge's R&D Department) regularly releases HTB Advisories that are aimed to to help various software vendors to improve security of their products. High-Tech Bridge's auditors also try to share their knowledge with the industry by publishing White Papers on information security and ethical hacking topics.


Atutor 2.2.1 Path Traversal
Posted Aug 3, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Atutor version 2.2.1 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
MD5 | cef97f6bde5af2aca4bede9eeb7915fc
GLPI 0.90.2 SQL Injection
Posted Apr 29, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

GLPI version 0.90.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2c2bc727021894555545066d1c21025e
phpMyFAQ 2.8.26 / 2.9.0-RC2 Cross Site Request Forgery
Posted Apr 20, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

phpMyFAQ versions 2.8.26 and 2.9.0-RC2 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 0dd835fedf6d6a04fd34217e817d4b7b
Webligo SocialEngine 4.8.9 SQL Injection
Posted Apr 6, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Webligo SocialEngine version 4.8.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 273969e133af2908c5ae1a14d36b3414
CubeCart 6.0.10 CSRF / XSS / SQL Injection
Posted Mar 30, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

CubeCart version 6.0.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | c0a53759e447c5ec0c2b9f8895bf8ea2
WebsiteBaker CMS 2.8.3-SP5 SQL Injection
Posted Mar 19, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

WebsiteBaker CMS version 2.8.3-SP5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 69330a6fe7667f02104599b1144bfadc
Dating Pro Genie 2015.7 Cross Site Request Forgery
Posted Mar 19, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

High-Tech Bridge Security Research Lab discovered multiple cross site request forgery (CSRF) vulnerabilities in a popular dating social network Dating Pro. A remote unauthenticated attacker can perform CSRF attacks to change administrator's credentials and execute arbitrary system commands. Successful exploitation of the vulnerability may allow attacker to gain complete control over the vulnerable website, all its users and databases. suffers from a cross site request forgery vulnerability.

tags | exploit, remote, arbitrary, vulnerability, csrf
MD5 | 6225a52c8bb3be14cee831fc15751f60
iTop 2.2.1 Cross Site Request Forgery
Posted Mar 19, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

High-Tech Bridge Security Research Lab discovered a remote code execution vulnerability in iTop that is exploitable via cross site request forgery flaw that is also present in the application. The vulnerability exists due to absence of validation of HTTP request origin in "/env-production/itop-config/config.php" script, as well as lack of user-input sanitization received via "new_config" HTTP POST parameter.

tags | exploit, remote, web, php, code execution, csrf
MD5 | 6c1e08a78adbc88647d34f2bddd3520a
WeBid 1.1.2P2 SQL Injection
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

WeBid version 1.1.2P2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b7ce6c8ac29d6858e2d7389151ac3cff
webSPELL 4.2.4 Cross Site Request Forgery / SQL Injection
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

webSPELL version 4.2.4 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | abe5bea61e0a53a1872d59135dbfdaa2
DOKEOS ce30 Authentication Bypass
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

DOKEOS version ce30 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | d36eb7fe534b82f3ca33b170e128302b
TestLink 1.9.14 SQL Injection
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

TestLink version 1.9.14 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | cb7059801cdd028bd43dc678378e521b
Osclass 3.5.9 SQL Injection
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Osclass version 3.5.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b6aef944d48314eb29c41ba306d9a3cf
osCmax 2.5.4 Code Execution / CSRF / Local File Inclusion
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

osCmax version 2.5.4 suffers from code execution, cross site request forgery, and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, code execution, file inclusion, csrf
MD5 | 150a9ff03e73955d8c914edc983b598a
osCommerce 2.3.4 Local File Inclusion / Cross Site Request Forgery
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

osCommerce version 2.3.4 suffers from cross site request forgery and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | 1ed0b74d5301a7f57ce8995a27e77f9e
Exponent 2.3.7 PHP Code Execution
Posted Feb 11, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Exponent version 2.3.7 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2016-2242
MD5 | 06282dadbf528761a212ebba8de2a28d
Roundcube 1.1.3 Path Traversal
Posted Jan 15, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Roundcube version 1.1.3 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2015-8770
MD5 | c49de94d63b2a9e8d24407a6813a9526
Bitrix mcart.xls 6.5.2 SQL Injection
Posted Jan 14, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Bitrix mcart.xls module versions 6.5.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-8356
MD5 | 28a4c1308a2e22d0b1d7a3032b15b225
Zen Cart 1.5.4 Local File Inclusion
Posted Dec 17, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Zen Cart version 1.5.4 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2015-8352
MD5 | 45b82388e05f7d07430cc61551c74a0e
orion.extfeedbackform Bitrix Module 2.1.2 CSRF / SQL Injection
Posted Dec 17, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

orion.extfeedbackform Bitrix module version 2.1.2 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2015-8355
MD5 | 63709eb27e174b82340d6dfa7352bfa3
bitrix.mpbuilder Bitrix 1.0.10 Local File Inclusion
Posted Dec 11, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

bitrix.mpbuilder Bitrix module version 1.0.10 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2015-8358
MD5 | dd8b8530e2ec88e60b4c5973869617fe
bitrix.scan Bitrix 1.0.3 Path Traversal
Posted Dec 11, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

bitrix.scan Bitrix module version 1.0.3 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2015-8357
MD5 | 26d7005e5b56c7298c398e6954fcf64a
WordPress Ultimate Member 1.3.28 Cross Site Scripting
Posted Dec 2, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Ultimate Member plugin version 1.3.28 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-8354
MD5 | 9973465cd6d2183c21059a2b79e649a6
WordPress Gwolle Guestbook 1.5.3 Remote File Inclusion
Posted Dec 2, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Gwolle Guestbook plugin version 1.5.3 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
advisories | CVE-2015-8351
MD5 | 6f8ab9682abfa782c30ec0bca8079757
WordPress Calls To Action 2.4.3 Cross Site Scripting
Posted Dec 2, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Calls to Action plugin version 2.4.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-8350
MD5 | 6f79a0726b368df2cfc2940e35b4d4d0
Page 1 of 24
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    16 Files
  • 24
    Oct 24th
    4 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close