Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kacper szurek vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2014-9311
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin prior to 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.
Shareaholic Shareaholic
1 EDB exploit
6.5
CVSSv2
CVE-2014-9312
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
10web Photo Gallery 1.2.5
1 EDB exploit
5
CVSSv2
CVE-2014-8801
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin prior to 1.7.15 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
Strangerstudios Paid Memberships Pro
1 EDB exploit
7.5
CVSSv2
CVE-2014-9254
bb_func_unsub.php in MiniBB 3.1 prior to 20141127 uses an incorrect regular expression, which allows remote malicious users to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
Minibb Minibb
1 EDB exploit
7.5
CVSSv2
CVE-2017-11346
Zoho ManageEngine Desktop Central before build 100092 allows remote malicious users to execute arbitrary code via vectors involving the upload of help desk videos.
Zohocorp Manageengine Desktop Central
1 EDB exploit
6.5
CVSSv2
CVE-2014-9308
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin prior to 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then a...
Wpeasycart Wp Easycart
2 EDB exploits
6.5
CVSSv2
CVE-2014-9258
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI prior to 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
Glpi-project Glpi
1 EDB exploit
NA
CVE-2014-92601
WordPress Download Manager plugin version 2.7.2 suffers from a privilege escalation vulnerability.
NA
CVE-2014-92611
Codoforum version 2.5.1 suffers from an arbitrary file download vulnerability.
6.5
CVSSv2
CVE-2014-9305
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin prior to 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-a...
Reality66 Cart66 Lite
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »