IDCVSSSummaryLast (major) updatePublished
CVE-2016-1000307 4.3
Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music,
12-04-2017 - 18:47 06-04-2017 - 23:59
CVE-2014-4187 4.3
Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field.
09-10-2018 - 19:47 17-06-2014 - 14:55
CVE-2012-5849 7.5
Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_f
15-05-2015 - 13:27 14-05-2015 - 14:59
CVE-2016-4848 4.3
Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
30-10-2018 - 16:27 02-09-2016 - 01:59
CVE-2018-7665 10.0
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.
27-03-2018 - 14:49 05-03-2018 - 07:29
CVE-2018-7666 7.5
An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter.
27-03-2018 - 14:49 05-03-2018 - 07:29
CVE-2018-7664 10.0
An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.
27-03-2018 - 14:48 05-03-2018 - 07:29
Back to Top Mark selected
Back to Top