Stay in touch

Enter your email and get the latest news and researches on cybersecurity, receive invitations to private security events and conferences.

High-Tech Bridge Security Advisories

While testing and developing various vulnerability detection algorithms of ImmuniWeb®, we discovered hundreds of vulnerabilities in the most popular commercial and open source web applications and frameworks:


559
Security Advisories
Released
357
Vendors
Released Patches
1073
Vulnerabilities
Fixed
MS Sharepoint
Horde
DynamicsCRM
Bonitasoft
OSCommerce
Zencart
OpenX
osCmax
SugarCRM
Magento
OrangeHRM
Mantis
Wordpress
Joomla
MODX
Bitrix

Search

OS Command Injection in Vesta Control Panel Advisory ID: HTB23261
Last Change: June 17, 2015
CVE Reference: CVE-2015-4117
Vulnerable Version: 0.9.8
Risk Level: Critical
Arbitrary File Disclosure and Open Redirect in Bonita BPM Advisory ID: HTB23259
Last Change: June 10, 2015
CVE References: CVE-2015-3897
CVE-2015-3898
Vulnerable Version: 6.5.1 and probably prior
Risk Level: High
Multiple Vulnerabilities in ISPConfig Advisory ID: HTB23260
Last Change: June 10, 2015
CVE References: CVE-2015-4118
CVE-2015-4119
Vulnerable Version: 3.0.5.4p6
Risk Level: High
Use-After-Free in PHP Advisory ID: HTB23262
Last Change: June 10, 2015
CVE Reference: CVE-2015-4116
Vulnerable Version: 5.6.9
Risk Level: Medium
Local PHP File Inclusion in ResourceSpace Advisory ID: HTB23258
Last Change: June 3, 2015
CVE Reference: CVE-2015-3648
Vulnerable Version: 7.1.6513
Risk Level: High
Stored XSS in WP Photo Album Plus WordPress Plugin Advisory ID: HTB23257
Last Change: May 20, 2015
CVE Reference: CVE-2015-3647
Vulnerable Version: 6.1.2
Risk Level: Medium
Arbitrary Variable Overwrite in eShop WordPress Plugin Advisory ID: HTB23255
Last Change: May 6, 2015
CVE Reference: CVE-2015-3421
Vulnerable Version: 6.3.11
Risk Level: Medium
Multiple Vulnerabilities in TheCartPress WordPress plugin Advisory ID: HTB23254
Last Change: April 29, 2015
CVE References: CVE-2015-3301
CVE-2015-3300
CVE-2015-3302
Vulnerable Version: 1.3.9
Risk Level: High
Multiple Cross-Site Scripting (XSS) in FreePBX Advisory ID: HTB23253
Last Change: April 22, 2015
CVE Reference: CVE-2015-2690
Vulnerable Version: 12.0.43
Risk Level: Low
Arbitrary file deletion and multiple XSS vulnerabilities in pfSense Advisory ID: HTB23251
Last Change: March 25, 2015
CVE References: CVE-2015-2294
CVE-2015-2295
Vulnerable Version: 2.2
Risk Level: Medium