Clip-bucket

Clipbucket

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2013-10040

Exploit
  • EPSS 60.66%
  • Veröffentlicht 31.07.2025 14:53:55
  • Zuletzt bearbeitet 23.09.2025 23:36:04

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts...

10

CVE-2018-7664

Exploit
  • EPSS 0.72%
  • Veröffentlicht 05.03.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:30

An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.

10

CVE-2018-7665

Exploit
  • EPSS 71.11%
  • Veröffentlicht 05.03.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:30

An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.

9.8

CVE-2018-7666

Exploit
  • EPSS 0.25%
  • Veröffentlicht 05.03.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:30

An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter.

5.4

CVE-2015-4673

  • EPSS 0.19%
  • Veröffentlicht 06.04.2017 23:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or th...

6.1

CVE-2016-1000307

  • EPSS 0.22%
  • Veröffentlicht 06.04.2017 23:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, ...

6.1

CVE-2016-4848

  • EPSS 0.47%
  • Veröffentlicht 02.09.2016 01:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2012-5849

Exploit
  • EPSS 6.48%
  • Veröffentlicht 14.05.2015 14:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_f...

7.5

CVE-2015-2102

Exploit
  • EPSS 3.24%
  • Veröffentlicht 27.02.2015 15:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.

4.3

CVE-2014-4187

  • EPSS 0.23%
  • Veröffentlicht 17.06.2014 14:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field.