Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kacper szurek vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-9254
bb_func_unsub.php in MiniBB 3.1 prior to 20141127 uses an incorrect regular expression, which allows remote malicious users to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
Minibb Minibb
1 EDB exploit
NA
CVE-2014-8810
SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin prior to 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.
Wpsymposiumpro Wp Symposium
1 EDB exploit
NA
CVE-2014-9258
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI prior to 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
Glpi-project Glpi
1 EDB exploit
NA
CVE-2014-9305
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin prior to 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-a...
Reality66 Cart66 Lite
1 EDB exploit
NA
CVE-2014-8800
Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin prior to 1.5.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action.
Nextendweb Nextend Facebook Connect
1 EDB exploit
NA
CVE-2014-9173
SQL injection vulnerability in view.php in the Google Doc Embedder plugin prior to 2.5.15 for WordPress allows remote malicious users to execute arbitrary SQL commands via the gpid parameter.
Google Doc Embedder Project Google Doc Embedder
2 EDB exploits
NA
CVE-2014-8799
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin prior to 2.5.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
Dukapress Dukapress
1 EDB exploit
NA
CVE-2014-8801
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin prior to 1.7.15 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
Strangerstudios Paid Memberships Pro
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3