| Real Name | High-Tech Bridge SA |
|---|---|
| Email address | advisory at htbridge.com |
| Website | www.htbridge.com |
| First Active | 2010-04-20 |
| Last Active | 2016-08-03 |
CMS Made Simple version 1.11.2 suffers from a cross site request forgery vulnerability.
56b7ba7d70e2826a7429d5920fa59759fa5a8af3573cf4be2e6001b5dd4f93f6OrangeHRM version 2.7.1-rc.1 suffers from cross site request forgery and remote SQL injection vulnerabilities.
439484ab92a26f93c029153c595de5755d66408db277b54f3d4df86561bf82d6LibreOffice Suite version 3.5.5.3 suffers from multiple null pointer denial of service vulnerabilities. Multiple proof of concepts included.
e35f8a5b17053ef5bbb7453b17da615dd29fdbd2c8de140c6974ca04b33f0fb0jCore version 1.0pre suffers from cross site scripting and remote SQL injection vulnerabilities.
6b5298a41aa2820b67dc3beb4a6b02db1aaee7603772138dd6228a587a308157Subrion CMS version 2.2.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
a3cf7fcdf1b5f6d220a577633d480f22b716b77a1b6f6819efe7e82d7b6fc0ddATutor AContent versions 1.2 and below suffer from improper authentication, cross site scripting, and remote SQL injection vulnerabilities.
f884299c5d9976c978753e2b78b0f47541e45479ec64ddb6f85cd4a678ba506eSamsung Kies version 2.3.2.12054_20 suffers from a null pointer dereference and multiple improper access control vulnerabilities.
3be5d1fc00baef95418066a6e177e3648f8af24d33460c51813fe80c0adeb108This whitepaper is a thorough analysis of the Adobe Flash Player integer overflow vulnerability and documented in CVE-2012-1535.
e46a3e43ec3e9446bcf1fa801d93b9d52396891905bbbce417daada24526d84cOpenX version 2.8.10 suffers from cross site scripting and remote SQL injection vulnerabilities.
d484cead504afbaaedbee4354a2ee6cdeaaafcec1c5ad0426bb8c95c12f4be46High-Tech Bridge Security Research Lab has discovered a vulnerability in Microsoft Windows which could be exploited to escalate privileges under certain conditions. The vulnerability exists due to the "IKE and AuthIP IPsec Keying Modules" system service, which tries to load the wlbsctrl.dll DLL that is missing after default Windows installation. Proof of concept included.
59c748e21d43b8cf7dd9c2c3ce4ae6dbd13341240e0cfa60bbf3d2ee4d85b88eTemplate CMS version 2.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
f8abf37639cf0553f4391d208e25723d53d985a4a7b9cc5ee591c7708a514809TestLink version 1.9.3 suffers from a cross site request forgery vulnerability.
736b804ed14899a61e45af9653a9658234392141a3b1244d4491cc912560e8b1Kayako Fusion version 4.40.1148 suffers from a cross site scripting vulnerability.
22c8939a4ff8f7653b41b96e3d5e28adb2daf84ed90611ca28c98c0000ba9ed9Flogr version 2.5.6 suffers from a cross site scripting vulnerability.
121f75b7018579ac3d30797c9d6d69498ac7e2be3d261bd041823c624da988d0Since its introduction in 2006, PyDbg has become an essential tool for security researchers and reverse engineers. It is mainly used to discover various software vulnerabilities and weaknesses, as well to analyze malware and perform computer forensics. The present publication is aimed to provide a reader with an introduction to the Python based debugger and deliver practical and real examples of this powerful security tool usage.
fe6ebddfdd8a95029596ddb6ff5ad30b306c35a3bb7552b5ec2d24ca4413b8b2Phorum version 5.2.18 suffers from a cross site scripting vulnerability.
eacb48244f80206c5c20974e626a07b89b72ecd38320b50f7390d840e42bcd13PrestaShop versions 1.4.7 and 1.4.8 suffer from a cross site scripting vulnerability.
94e63abd47975a241e1fd867909d2fecfd6d076014bc0a3efa593aeb09e59263phpList version 2.10.18 suffers from cross site scripting and remote SQL injection vulnerabilities.
7c2f52b5334b8d1ae75b3fffb38e7c18fedbae4934a65a5cc1c9ab975dea72d9PBBoard version 2.1.4 suffers from improper authentication, improper access control, and remote SQL injection vulnerabilities.
98c660124db3dfdff27f3497939655798807cd19db3c0489fbf39341a0590cb1Redaxo version 4.4 suffers from a cross site scripting vulnerability.
44fcafd5bf41a508f40719e15f1cb1569a6d62987e638d5f77a211a346b98692Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test they used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.
0663e2de1f39f4495717f0290d861ffdd11a1fe7f2edc6deba2d85db93bac5bdKajona version 3.4.1 suffers from multiple cross site scripting vulnerabilities.
d75c046fbf006dc94fb86ff631caec3c44a0b3c00a0d32c9e2e3703cc7e3ae60This is a thorough analysis of the Microsoft XML core services uninitialized memory vulnerability as noted by CVE-2012-1889. It includes proof of concept data to trigger the issue and goes through the flow.
71478922d4d7dd398af9e4e90d1f859e3494d8ddf266086e502d50612e95667aWebmatic version 3.1.1 suffers from a remote blind SQL injection vulnerability.
5df53c25fc086e653b42c737dfd26a462ef9860efd1b43b10ec8613e53d95ab9Web@All version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
d25d5ad1ddb1de7212645fc16e7b47dc50410239fbb34e4de53c1aac5b358024
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed