Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

high-tech bridge sa vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3

CVE-2014-4170

A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.
Freereprintables Articlefr
7.5
CVSSv2

CVE-2013-6788

The Bitrix e-Store module prior to 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote malicious users to guess the cookie value and bypass authentication via a brute force attack.
Bitrix Bitrix E-store Module
6.1
CVSSv3

CVE-2015-3421

The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and previous versions does not validate variables in the "eshopcart" HTTP cookie, which allows remote malicious users to perform cross-site scripting (XSS) attacks, or a path disclosure att...
Eshop Project Eshop
4.3
CVSSv2

CVE-2012-4233

LibreOffice 3.5.x prior to 3.5.7.2 and 3.6.x prior to 3.6.1, and OpenOffice.org (OOo), allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon ...
Libreoffice LibreofficeLibreoffice Libreoffice 3.5Libreoffice Libreoffice 3.5.Libreoffice Libreoffice 3.5.0Libreoffice Libreoffice 3.5.1Libreoffice Libreoffice 3.5.2Libreoffice Libreoffice 3.5.3Libreoffice Libreoffice 3.5.4Libreoffice Libreoffice 3.5.5Libreoffice Libreoffice 3.5.5.1Libreoffice Libreoffice 3.5.5.2Libreoffice Libreoffice 3.5.5.3
4.3
CVSSv2

CVE-2012-1664

Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax prior to 2.5.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4)...
Oscmax Oscmax
4.3
CVSSv2

CVE-2011-5214

Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_cal...
Browsercrm BrowsercrmBrowsercrm Browsercrm 4.604.01Browsercrm Browsercrm 4.605.00Browsercrm Browsercrm 4.607.00Browsercrm Browsercrm 4.610.00Browsercrm Browsercrm 4.611.01Browsercrm Browsercrm 4.612.00Browsercrm Browsercrm 4.614.00Browsercrm Browsercrm 4.615.10Browsercrm Browsercrm 4.615.11Browsercrm Browsercrm 4.616.00Browsercrm Browsercrm 4.617.00
3.5
CVSSv2

CVE-2012-0991

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/pati...
Openemr Openemr 4.1.0
4.3
CVSSv2

CVE-2012-1507

Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM prior to 2.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, o...
Orangehrm OrangehrmOrangehrm Orangehrm 2.6Orangehrm Orangehrm 2.6.0Orangehrm Orangehrm 2.6.0.1Orangehrm Orangehrm 2.6.1Orangehrm Orangehrm 2.6.2Orangehrm Orangehrm 2.6.3Orangehrm Orangehrm 2.6.4Orangehrm Orangehrm 2.6.5Orangehrm Orangehrm 2.6.6Orangehrm Orangehrm 2.6.7Orangehrm Orangehrm 2.6.8
6.5
CVSSv2

CVE-2011-4802

Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4...
Dolibarr Dolibarr Erp/crmDolibarr Dolibarr Erp/crm 2.5.0Dolibarr Dolibarr Erp/crm 2.6.0Dolibarr Dolibarr Erp/crm 2.6.1Dolibarr Dolibarr Erp/crm 2.7.0Dolibarr Dolibarr Erp/crm 2.7.1Dolibarr Dolibarr Erp/crm 2.8.0Dolibarr Dolibarr Erp/crm 2.8.1Dolibarr Dolibarr Erp/crm 2.9.0Dolibarr Dolibarr Erp/crm 3.0.0Dolibarr Dolibarr Erp/crm 3.0.1
4.3
CVSSv2

CVE-2012-1835

Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) befor...
Timely All-in-one Event Calendar 1.4Timely All-in-one Event Calendar 1.5
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-25292uxperCVE-2024-13771CVE-2025-2267hiddenpearlsstored XSStj-actionscamaleon-cmsCVE-2023-33300CVE-2025-24201spoofCVE-2025-2103buffer overflow
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook