Real Name | High-Tech Bridge SA |
---|---|
Email address | advisory at htbridge.com |
Website | www.htbridge.com |
First Active | 2010-04-20 |
Last Active | 2016-08-03 |
WordPress Role Scoper plugin version 1.3.66 suffers from a cross site scripting vulnerability.
d866c0ec123a8ab2510f8a5984126768307b9249a3f33cd386de677d9b02d160
Horde Groupware version 5.2.10 suffers from a cross site request forgery vulnerability.
c4fc067423fe364eb06a86f8f53f8d241025ebcaec8ec8d5e2dbc2baea883140
Oxwall version 1.7.4 suffers from a cross site request forgery vulnerability.
88ada6ac426249e6a52b83bd212e37b27d3c0891970c6b58a7203e704fd03a16
SourceBans version 1.4.11 suffers from a cross site scripting vulnerability.
8bf06e8406bad27f08f2a97b4717d95fd3058836c68b4f936b0f9829a5665589
iTop version 2.1.0-2127 suffers from a cross site scripting vulnerability.
f4b6534491d5293f2fea76c29c6b8aadee6b449a909842e6180df88d6e311a00
Cerb version 7.0.3 suffers from a cross site request forgery vulnerability.
c699a5692fdd4ddc1593268207023f7b4e79ce962b2ef31354be29390c9ad1a6
WordPress qTranslate plugin version 2.5.39 suffers from a cross site scripting vulnerability.
6b38b458046194ca8f416bd7697b504ba0c912914d24f7a36338e73ab0bef038
WordPress Paid Memberships Pro plugin version 1.8.4.2 suffers from a cross site scripting vulnerability.
410ccd42ad7f7fd44ee5b3408fbbe29164843761e90521e5e7335512139412ff
WordPress Count Per Day plugin version 3.4 suffers from a remote SQL injection vulnerability.
f687e1b0d3ad51322c1b0413cd02097173f02fb47e8b268312c45c39c2901d6d
BlackCat CMS version 1.1.1 suffers from a path traversal vulnerability.
eb9f1e40548399becf1773ae639850fb9aa7f0181124f0e7f395dcc0f08cb347
Vesta Control Panel version 0.9.8 suffers from an OS command injection vulnerability.
8afef03dc758fc7e9258cea86f2165628c4ee859debcb92aa2ea90cfb8973453
SearchBlox version 8.2 suffers from a cross site scripting vulnerability.
c50cf93766fdeb247be5b7f551e3e1f70a06620929967b43da8b53e840f1e73c
High-Tech Bridge Security Research Lab discovered use-after-free vulnerability in a popular programming language PHP, which can be exploited to cause crash and possibly execute arbitrary code on the target system. The vulnerability resides within the 'spl_heap_object_free_storage()' PHP function when trying to dereference already freed memory. A local attacker can cause segmentation fault or possibly execute arbitrary code on the target system with privileges of webserver.
97375f017fbc6339f20309d1873f364d4f4bb2e3171ae12a6883001f4efb66fc
ISPConfig version 3.0.5.4p6 suffers from cross site request forgery and remote SQL injection vulnerabilities.
7b20edde24f0f1fb2d963049457764c5312fb3b6037c0261c180f81ce8d63252
Bonita BPM version 6.5.1 suffers from open redirect and directory traversal vulnerabilities.
318aebbb7238bd95d83a383ed6cec374ab8164e93742363befdec484d42c0016
ResourceSpace version 7.1.6513 suffers from a local file inclusion vulnerability.
46b044d14179bda302739897595298f1156cad1c03bd441bd572c377ab5800bb
WordPress WP Photo Album Plus plugin version 6.1.2 suffers from a cross site scripting vulnerability.
dc87e9e9a57eaba329f327e233795a7d58028430aed823b369b88e95f8d7eada
High-Tech Bridge Security Research Lab discovered a security vulnerability in the eShop WordPress Plugin, which can be exploited by remote attackers to overwrite arbitrary PHP variables within the context of the vulnerable application. The vulnerability exists due to insufficient validation of user-supplied input in the "eshopcart" HTTP cookie. Successful exploitation of this vulnerability may potentially result in arbitrary PHP code execution.
b646ba90f83bf6fbf8ded5692dab800ca1dad5f780ce50ab36b9848e60d3f6b3
WordPress TheCartPress plugin version 1.3.9 suffers from local file inclusion, improper access control, and cross site scripting vulnerabilities.
c7864d1f9f6c456cfb191d7c8ce59288c2188a532e7d7d1111c6f0c87c396032
FreePBX version 12.0.43 suffers from multiple cross site scripting vulnerabilities.
d9d53b3b7599d87fc38d7ee9ff08ed12b0135076e823739c358307a8c50d03b8
pfSense version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
17f91d13806f834c29b1b913f8c480f5b36357931284cb1c6d8b791cd8c6f217
WordPress Huge IT Slider plugin version 2.6.8 suffers from multiple remote SQL injection vulnerabilities.
d487e0003c0e5ec316459bb410463f9de01f0c445589e9b20e975c3af91e9f9e
My Little Forum version 2.3.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
b05f17411f700d0b2f76037900c11e594d0b792dfad6ff722d528da0f71e7f65
WordPress Easing Slider plugin version 2.2.0.6 suffers from multiple cross site scripting vulnerabilities.
bc06449f398ab083af89f8a2218533627ea9bb9b6dcf584267e80dbdac8f9c42
MantisBT version 1.2.17 suffers from improper access control, cross site scripting, and remote SQL injection vulnerabilities.
66702fafa02a9dbc923285c073b3f395b675adad64da5dfa2394ca10e6440fd2