Documents Associated to Vulnerable Version

New User, Welcome! Login

Vulnerable Version

Related POC for JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities

#
#
# Title:                  Exploit for JCE Joomla Extension (Auto Shell  
Uploader) V0.1 - PHP Version
# Vendor:                 http://www.joomlacontenteditor.net
# Vulnerable Version:     JCE 2.0.10 (prior versions also may be affected)
# Exploitation:           Remote with browser
# Original Advisory:      http://www.bugreport.ir/index_78.htm
# Vendor supplied patch:   
http://www.joomlacontenteditor.net/news/item/jce-2011-released
# CVSS2 Base Score:       (AV:N/AC:L/Au:N/C:P/I:P/A:P) --> 7.5

XSS vulnerability in Frog CMS

Vulnerability ID: HTB22682
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_frog_cms.html
Product: Frog CMS
Vendor: Philippe Archambault ( http://www.madebyfrog.com/ ) 
Vulnerable Version: 0.9.5 and probably prior versions
Vendor Notification: 09 November 2010 
Vulnerability Type: Stored XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

XSS vulnerability in Open blog

Vulnerability ID: HTB22497
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog.html
Product: Open Blog
Vendor: Tomaž Muraus ( http://www.open-blog.info/ ) 
Vulnerable Version: 1.2.1 and Probably Prior Versions
Vendor Notification: 22 July 2010 
Vulnerability Type: Stored XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

SQL injection vulnerability in Entrans

Vulnerability ID: HTB22608
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_entrans_1.html
Product: Entrans
Vendor: Khader Abbeb N ( http://sourceforge.net/projects/entrans/ ) 
Vulnerable Version: 0.3.2 and Probably Prior Versions
Vendor Notification: 13 September 2010 
Vulnerability Type: SQL Injection
Status: Fixed by Vendor
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

SQL injection in Hycus CMS

Vulnerability ID: HTB22739
Reference: http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms_1.html
Product: Hycus CMS
Vendor: Hycus Web Development Team ( http://www.hycus.com/ ) 
Vulnerable Version: 1.0.3
Vendor Notification: 07 December 2010 
Vulnerability Type: SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

Re: XSS vulnerability in Eden Platform

: Product: Eden Platform
: Vendor: Preation ( http://www.preation.com/ ) 
: Vulnerable Version: Current at 27.07.2010 and Probably Prior Versions
: Risk level: Medium 

The vendor web page has a free trial feature, with no obvious version. 
Your version of 01.07.2010 appears to be something you designated, perhaps 
based on the date you notified the vendor.

Application Logic Error in DT Centrepiece

Vulnerability ID: HTB22523
Reference: http://www.htbridge.ch/advisory/application_logic_error_in_dt_centrepiece_1.html
Product: DT Centrepiece
Vendor: DT Services ( http://www.dt.net.nz/ ) 
Vulnerable Version: 4.5 and Probably Prior Versions
Vendor Notification: 22 July 2010 
Vulnerability Type: Application Logic Error  in the Authentication Mechanism
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

Web Wiz Forums Directory traversal

#      AmnPardaz Security Research Team
#
# Title: Web Wiz Forums(TM)
# Vendor: http://www.webwizguide.com/
# Bug: Directory traversal
# Vulnerable Version: 9.07
# Exploit: Available
# Fix Available: No! Fast Solution is available.
###################################################################################

XSRF (CSRF) in Open blog

Vulnerability ID: HTB22496
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_open_blog.html
Product: Open Blog
Vendor: Tomaž Muraus ( http://www.open-blog.info/ ) 
Vulnerable Version: 1.2.1 and Probably Prior Versions
Vendor Notification: 22 July 2010 
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

SQL injection vulnerability in BXR

Vulnerability ID: HTB22506
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_bxr.html
Product: BXR
Vendor: Hulihan Applications ( http://hulihanapplications.com/projects/bxr ) 
Vulnerable Version: 0.6.8 and Probably Prior Versions
Vendor Notification: 22 July 2010 
Vulnerability Type: SQL Injection
Status: Fixed by Vendor
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

XSS vulnerability in Zikula Application Framework

Vulnerability ID: HTB22349
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html
Product: Zikula Application Framework 
Vendor: Zikula Software Foundation
Vulnerable Version: 1.2.2 and Probably Prior Versions
Vendor Notification: 13 April 2010 
Vulnerability Type: XSS (Сross Site Sсriрting)
Status: Fixed by Vendor
Risk level: Medium 
Credit: High-Tech Bridge SA (http://www.htbridge.ch/)

SQL injection in DBHcms

Vulnerability ID: HTB22651
Reference: http://www.htbridge.ch/advisory/sql_injection_in_dbhcms.html
Product: DBHcms 
Vendor: drbenhur.com ( http://www.drbenhur.com/ ) 
Vulnerable Version: 1.1.4 and probably prior versions
Vendor Notification: 13 October 2010 
Vulnerability Type: SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

HTB22797: Path disclousure in BLOG:CMS

Vulnerability ID: HTB22797
Reference: http://www.htbridge.ch/advisory/path_disclousure_in_blogcms.html
Product: BLOG:CMS
Vendor: Radek Hulán ( http://blogcms.com/ ) 
Vulnerable Version: 4.2.1.f and probably prior versions
Vendor Notification: 13 January 2011 
Vulnerability Type: Path disclousure
Status: Not Fixed
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

XSS vulnerability in JComments, Joomla

Vulnerability ID: HTB22368
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_jcomments_joomla.html
Product: JComments
Vendor: JoomlaTune .com
Vulnerable Version: 2.1.0.0  [07/08/2009] and Probably Prior Versions
Vendor Notification: 04 May 2010 
Vulnerability Type: XSS (Cross Site Scripting)
Status: Fixed by Vendor
Risk level: Medium 
Credit: High-Tech Bridge SA (http://www.htbridge.ch/)

XSS vulnerability in Ronny CMS

Vulnerability ID: HTB22623
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_ronny_cms_1.html
Product: Ronny CMS
Vendor: TO4KA Programming Team ( http://ronny-cms.ru/ ) 
Vulnerable Version: 1.1 r935 and probably prior versions
Vendor Notification: 29 September 2010 
Vulnerability Type: Stored XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

1024CMS Blind SQL Injection Vulnerability

#
#        AmnPardaz Security Research Team
#
# Title:                1024CMS Blind SQL Injection Vulnerability
# Vendor:               http://www.1024cms.org/
# Vulnerable Version:   2.1.1 (Latest version till now)
# Exploitation:         Remote with browser
# Fix:                  N/A
###################################################################################

####################

XSS vulnerability in Rumba CMS

Vulnerability ID: HTB22592
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_rumba_cms_1.html
Product: Rumba CMS
Vendor: Rumba Netware Ltd. ( http://rumbacms.com ) 
Vulnerable Version: 2.4 and Probably Prior Versions
Vendor Notification: 18 August 2010 
Vulnerability Type: Stored XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

SQL injection vulnerability in CMSQLite

Vulnerability ID: HTB22462
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_cmsqlite_1.html
Product: CMSQLite
Vendor: CMSQLite-Team
Vulnerable Version: 1.3 and Probably Prior Versions
Vendor Notification: 29 June 2010 
Vulnerability Type: SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

Path disclosure in GetSimple CMS

Vulnerability ID: HTB22730
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_getsimple_cms.html
Product: GetSimple CMS 
Vendor: http://get-simple.info/ ( http://get-simple.info/ ) 
Vulnerable Version: 2.03
Vendor Notification: 02 December 2010 
Vulnerability Type: Path disclosure
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

Path disclosure in HTML-EDIT CMS

Vulnerability ID: HTB22736
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_html_edit_cms.html
Product: HTML-EDIT CMS
Vendor: html-edit web services ( http://www.html-edit.org/ ) 
Vulnerable Version: 3.1.8
Vendor Notification: 02 December 2010 
Vulnerability Type: Path disclosure
Status: Fixed by Vendor
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

XSS vulnerability in ImpressCMS

Vulnerability ID: HTB22766
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_impresscms.html
Product: ImpressCMS
Vendor: The ImpressCMS Project ( http://www.impresscms.org ) 
Vulnerable Version: 1.2.3 Final and probably prior versions
Vendor Notification: 
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

SQL injection vulnerability in CompuCMS

Vulnerability ID: HTB22585
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_compucms_2.html
Product: CompuCMS
Vendor: CompuSoft A/S ( http://www.compusoft.dk/ ) 
Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions
Vendor Notification: 09 August 2010 
Vulnerability Type: SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

XSS vulnerability in Wolf CMS

Vulnerability ID: HTB22680
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_wolf_cms_2.html
Product: Wolf CMS
Vendor: Wolf CMS team ( http://www.wolfcms.org/ ) 
Vulnerable Version: 0.6.0b and probably prior versions
Vendor Notification: 09 November 2010 
Vulnerability Type: XSS (Cross Site Scripting)
Status: Fixed by Vendor
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

XSS vulnerability in BXR

Vulnerability ID: HTB22507
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_bxr_1.html
Product: BXR
Vendor: Hulihan Applications ( http://hulihanapplications.com/projects/bxr ) 
Vulnerable Version: 0.6.8 and Probably Prior Versions
Vendor Notification: 22 July 2010 
Vulnerability Type: XSS (Cross Site Scripting)
Status: Fixed by Vendor
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

XSS vulnerability in AContent

Vulnerability ID: HTB22597
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_acontent.html
Product: AContent
Vendor: Inclusive Design Institute ( http://www.atutor.ca/ ) 
Vulnerable Version: 1.0
Vendor Notification: 01 September 2010 
Vulnerability Type: Stored XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

XSRF (CSRF) in Zimplit

Vulnerability ID: HTB22605
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_zimplit.html
Product: Zimplit
Vendor: Zimplit Ltd. ( http://www.zimplit.com/ ) 
Vulnerable Version: 3.0 and Probably Prior Versions
Vendor Notification: 15 September 2010 
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

XSS vulnerability in CompuCMS

Vulnerability ID: HTB22583
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_compucms_2.html
Product: CompuCMS  
Vendor: CompuSoft A/S ( http://www.compusoft.dk/ ) 
Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions
Vendor Notification: 09 August 2010 
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

BBcode XSS in CLANSPHERE

Vulnerability ID: HTB22691
Reference: http://www.htbridge.ch/advisory/bbcode_xss_in_clansphere.html
Product: CLANSPHERE
Vendor: csphere.eu ( http://www.csphere.eu/ ) 
Vulnerable Version: 2010.0 Final
Vendor Notification: 02 November 2010 
Vulnerability Type: BBcode XSS
Status: Fixed by Vendor
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

XSS vulnerability in diafan.CMS

Vulnerability ID: HTB22775
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_diafan_cms.html
Product: diafan.CMS
Vendor: Diafan ( http://www.diafan.ru/ ) 
Vulnerable Version: 4.3 and probably prior versions
Vendor Notification: 28 December 2010 
Vulnerability Type: Stored XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

Directory Traversal Vulnerability in FTP Commander Deluxe

Vulnerability ID: HTB22513
Reference: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_ftp_commander_deluxe.html
Product: FTP Commander Deluxe
Vendor: InternetSoft Corporation ( http://www.internet-soft.com/ftpcomm.htm ) 
Vulnerable Version: 9.20 and Probably Prior Versions
Vendor Notification: 19 July 2010 
Vulnerability Type: Directory Traversal Vulnerability
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

Next Page>>

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!