Vulmon Recent Vulnerabilities Discussions Trends About Contact

high-tech bridge sa vulnerabilities and exploits

NA
CVE-2014-4170
High-Tech Bridge Security Research Lab discovered vulnerability in ArticleFR, which can be exploited to execute arbitrary UPDATE SQL statements, alter information stored in the database, and gain complete control over the web site....
7.5
CVSSv2
CVE-2013-6788
The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack....
BitrixBitrix E-store Module
4.3
CVSSv2
CVE-2015-3421
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted...
Eshop ProjectEshop
7.5
CVSSv2
CVE-2012-2227
Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter....
Pluxml
NA
CVE-2012-2452
pragmaMx version 1.12.1 suffers from a cross site scripting vulnerability....
7.5
CVSSv2
CVE-2011-5313
Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program....
Redaxscript
NA
CVE-2013-2649
Hero Framework CVE-2013-2649 Multiple Cross-Site Scripting Vulnerabilities...
7.5
CVSSv2
CVE-2011-1047
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by...
VasthtmlForum Server
4.3
CVSSv2
CVE-2013-1420
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to...
Get-simpleGetsimple Cms
4.3
CVSSv2
CVE-2012-2209
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme...
Piwigo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-16024CVE-2019-19781CVE-2020-0609CVE-2019-5146validationCSRFXPath injectionCVE-2019-20423CVE-2019-20430