Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kacper szurek vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2014-9312
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
10web Photo Gallery 1.2.5
1 EDB exploit
7.5
CVSSv2
CVE-2017-11346
Zoho ManageEngine Desktop Central before build 100092 allows remote malicious users to execute arbitrary code via vectors involving the upload of help desk videos.
Zohocorp Manageengine Desktop Central
1 EDB exploit
5
CVSSv2
CVE-2014-8801
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin prior to 1.7.15 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
Strangerstudios Paid Memberships Pro
1 EDB exploit
7.5
CVSSv2
CVE-2014-9254
bb_func_unsub.php in MiniBB 3.1 prior to 20141127 uses an incorrect regular expression, which allows remote malicious users to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
Minibb Minibb
1 EDB exploit
3.5
CVSSv2
CVE-2014-9311
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin prior to 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.
Shareaholic Shareaholic
1 EDB exploit
5
CVSSv2
CVE-2014-8799
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin prior to 2.5.4 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
Dukapress Dukapress
1 EDB exploit
5
CVSSv2
CVE-2015-6512
SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote malicious users to execute arbitrary SQL commands via the time parameter to server/freichat.php.
Codelogic Freichat 9.6
1 EDB exploit
4.3
CVSSv2
CVE-2015-2218
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin prior to 2.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) item[name] or (2) item...
Magic Hills Wonderplugin Audio Player
1 EDB exploit
6.5
CVSSv2
CVE-2014-9258
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI prior to 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
Glpi-project Glpi
1 EDB exploit
5
CVSSv2
CVE-2017-11152
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to write arbitrary files via the path parameter.
Synology Photo Station 6.3-2967
Synology Photo Station
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »