high-tech bridge sa vulnerabilities and exploits

NA
CVE-2014-4170

High-Tech Bridge Security Research Lab discovered vulnerability in ArticleFR, which can be exploited to execute arbitrary UPDATE SQL statements, alter information stored in the database, and gain complete control over the web site....

7.5
CVSSv2
CVE-2013-6788

The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack....

4.3
CVSSv2
CVE-2015-3421

The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted...

7.5
CVSSv2
CVE-2012-2227

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter....

Pluxml
7.5
CVSSv2
CVE-2011-5313

Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program....

Redaxscript
7.5
CVSSv2
CVE-2011-1047

Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by...

VasthtmlForum Server
NA
CVE-2012-2452

pragmaMx version 1.12.1 suffers from a cross site scripting vulnerability....

NA
CVE-2013-1420

GetSimple CMS version 3.1.2 suffers from multiple cross site scripting vulnerabilities....

NA
CVE-2013-2649

Hero Framework CVE-2013-2649 Multiple Cross-Site Scripting Vulnerabilities...

4.3
CVSSv2
CVE-2012-1001

Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php....

Chyrp