San Francisco: +1 (415) 635 3784  |  Geneva: +41 (22) 723 2424   |  
ImmuniWeb®: Login | Register
ImmuniWeb® by High-Tech Bridge

Stay in touch

Enter your email and get the latest news and researches on cybersecurity, receive invitations to private security events and conferences.

High-Tech Bridge Security Advisories


552
Security Advisories
Released
351
Vendors
Released Patches
1057
Vulnerabilities
Fixed

Search

Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module Advisory ID: HTB23279
Last Change: January 13, 2016
CVE Reference: CVE-2015-8356
Vulnerable Version: 6.5.2
Risk Level: Medium

Remote Code Execution in Roundcube Advisory ID: HTB23283
Last Change: January 13, 2016
CVE Reference: CVE-2015-8770
Vulnerable Version: 1.1.3
Risk Level: Medium

SQL Injection in SocialEngine Advisory ID: HTB23286
Last Change: December 21, 2015
Vulnerable Version: 4.8.9
Risk Level: High

SQL Injection in orion.extfeedbackform Bitrix Module Advisory ID: HTB23280
Last Change: December 16, 2015
CVE Reference: CVE-2015-8355
Vulnerable Version: 2.1.2
Risk Level: Medium

RCE in Zen Cart via Arbitrary File Inclusion Advisory ID: HTB23282
Last Change: December 16, 2015
CVE Reference: CVE-2015-8352
Vulnerable Version: 1.5.4
Risk Level: Critical

Path Traversal via CSRF in bitrix.xscan Bitrix Module Advisory ID: HTB23278
Last Change: December 9, 2015
CVE Reference: CVE-2015-8357
Vulnerable Version: 1.0.3
Risk Level: Medium

PHP File Inclusion in bitrix.mpbuilder Bitrix Module Advisory ID: HTB23281
Last Change: December 9, 2015
CVE Reference: CVE-2015-8358
Vulnerable Version: 1.0.10
Risk Level: Critical

Reflected XSS in Role Scoper WordPress Plugin Advisory ID: HTB23276
Last Change: November 19, 2015
CVE Reference: CVE-2015-8353
Vulnerable Version: 1.3.66
Risk Level: Medium

Reflected XSS in Ultimate Member WordPress Plugin Advisory ID: HTB23277
Last Change: November 19, 2015
CVE Reference: CVE-2015-8354
Vulnerable Version: 1.3.28
Risk Level: Medium

RCE and SQL injection via CSRF in Horde Groupware Advisory ID: HTB23272
Last Change: November 18, 2015
CVE Reference: CVE-2015-7984
Vulnerable Version: 5.2.10
Risk Level: High