htbridge.com vulnerabilities and exploits

NA
CVE-2013-3638

Multiple vulnerabilities in Boonex Dolphin version 7.1.2 could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks and an authenticated, remote attacker to conduct SQL injection attacks on a targeted system. The vulnerabilities are due to...

NA
CVE-2012-38051

Kajona version 3.4.1 suffers from multiple cross site scripting vulnerabilities....

7.5
CVSSv2
CVE-2013-6341

SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php....

Dokeos
6
CVSSv2
CVE-2013-6787

SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the...

ChamiloChamilo Lms
4
CVSSv2
CVE-2014-5258

Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter....

WebeditionWebedition Cms
6.8
CVSSv2
CVE-2012-0997

Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action....

11in1
4.3
CVSSv2
CVE-2015-1436

Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to...

NA
CVE-2015-14361

WordPress Easing Slider plugin version 2.2.0.6 suffers from multiple cross site scripting vulnerabilities....

5
CVSSv2
CVE-2012-0996

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php....

11in1
4.3
CVSSv2
CVE-2013-4600

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to...