Real Name | High-Tech Bridge SA |
---|---|
Email address | advisory at htbridge.com |
Website | www.htbridge.com |
First Active | 2010-04-20 |
Last Active | 2016-08-03 |
CMS Made Simple version 1.11.2 suffers from a cross site request forgery vulnerability.
56b7ba7d70e2826a7429d5920fa59759fa5a8af3573cf4be2e6001b5dd4f93f6
OrangeHRM version 2.7.1-rc.1 suffers from cross site request forgery and remote SQL injection vulnerabilities.
439484ab92a26f93c029153c595de5755d66408db277b54f3d4df86561bf82d6
LibreOffice Suite version 3.5.5.3 suffers from multiple null pointer denial of service vulnerabilities. Multiple proof of concepts included.
e35f8a5b17053ef5bbb7453b17da615dd29fdbd2c8de140c6974ca04b33f0fb0
jCore version 1.0pre suffers from cross site scripting and remote SQL injection vulnerabilities.
6b5298a41aa2820b67dc3beb4a6b02db1aaee7603772138dd6228a587a308157
Subrion CMS version 2.2.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
a3cf7fcdf1b5f6d220a577633d480f22b716b77a1b6f6819efe7e82d7b6fc0dd
ATutor AContent versions 1.2 and below suffer from improper authentication, cross site scripting, and remote SQL injection vulnerabilities.
f884299c5d9976c978753e2b78b0f47541e45479ec64ddb6f85cd4a678ba506e
Samsung Kies version 2.3.2.12054_20 suffers from a null pointer dereference and multiple improper access control vulnerabilities.
3be5d1fc00baef95418066a6e177e3648f8af24d33460c51813fe80c0adeb108
This whitepaper is a thorough analysis of the Adobe Flash Player integer overflow vulnerability and documented in CVE-2012-1535.
e46a3e43ec3e9446bcf1fa801d93b9d52396891905bbbce417daada24526d84c
OpenX version 2.8.10 suffers from cross site scripting and remote SQL injection vulnerabilities.
d484cead504afbaaedbee4354a2ee6cdeaaafcec1c5ad0426bb8c95c12f4be46
High-Tech Bridge Security Research Lab has discovered a vulnerability in Microsoft Windows which could be exploited to escalate privileges under certain conditions. The vulnerability exists due to the "IKE and AuthIP IPsec Keying Modules" system service, which tries to load the wlbsctrl.dll DLL that is missing after default Windows installation. Proof of concept included.
59c748e21d43b8cf7dd9c2c3ce4ae6dbd13341240e0cfa60bbf3d2ee4d85b88e
Template CMS version 2.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
f8abf37639cf0553f4391d208e25723d53d985a4a7b9cc5ee591c7708a514809
TestLink version 1.9.3 suffers from a cross site request forgery vulnerability.
736b804ed14899a61e45af9653a9658234392141a3b1244d4491cc912560e8b1
Kayako Fusion version 4.40.1148 suffers from a cross site scripting vulnerability.
22c8939a4ff8f7653b41b96e3d5e28adb2daf84ed90611ca28c98c0000ba9ed9
Flogr version 2.5.6 suffers from a cross site scripting vulnerability.
121f75b7018579ac3d30797c9d6d69498ac7e2be3d261bd041823c624da988d0
Since its introduction in 2006, PyDbg has become an essential tool for security researchers and reverse engineers. It is mainly used to discover various software vulnerabilities and weaknesses, as well to analyze malware and perform computer forensics. The present publication is aimed to provide a reader with an introduction to the Python based debugger and deliver practical and real examples of this powerful security tool usage.
fe6ebddfdd8a95029596ddb6ff5ad30b306c35a3bb7552b5ec2d24ca4413b8b2
Phorum version 5.2.18 suffers from a cross site scripting vulnerability.
eacb48244f80206c5c20974e626a07b89b72ecd38320b50f7390d840e42bcd13
PrestaShop versions 1.4.7 and 1.4.8 suffer from a cross site scripting vulnerability.
94e63abd47975a241e1fd867909d2fecfd6d076014bc0a3efa593aeb09e59263
phpList version 2.10.18 suffers from cross site scripting and remote SQL injection vulnerabilities.
7c2f52b5334b8d1ae75b3fffb38e7c18fedbae4934a65a5cc1c9ab975dea72d9
PBBoard version 2.1.4 suffers from improper authentication, improper access control, and remote SQL injection vulnerabilities.
98c660124db3dfdff27f3497939655798807cd19db3c0489fbf39341a0590cb1
Redaxo version 4.4 suffers from a cross site scripting vulnerability.
44fcafd5bf41a508f40719e15f1cb1569a6d62987e638d5f77a211a346b98692
Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test they used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.
0663e2de1f39f4495717f0290d861ffdd11a1fe7f2edc6deba2d85db93bac5bd
Kajona version 3.4.1 suffers from multiple cross site scripting vulnerabilities.
d75c046fbf006dc94fb86ff631caec3c44a0b3c00a0d32c9e2e3703cc7e3ae60
This is a thorough analysis of the Microsoft XML core services uninitialized memory vulnerability as noted by CVE-2012-1889. It includes proof of concept data to trigger the issue and goes through the flow.
71478922d4d7dd398af9e4e90d1f859e3494d8ddf266086e502d50612e95667a
Webmatic version 3.1.1 suffers from a remote blind SQL injection vulnerability.
5df53c25fc086e653b42c737dfd26a462ef9860efd1b43b10ec8613e53d95ab9
Web@All version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
d25d5ad1ddb1de7212645fc16e7b47dc50410239fbb34e4de53c1aac5b358024