Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kacper szurek vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2014-9312
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
10web Photo Gallery 1.2.5
1 EDB exploit
NA
CVE-2014-9254
bb_func_unsub.php in MiniBB 3.1 prior to 20141127 uses an incorrect regular expression, which allows remote malicious users to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
Minibb Minibb
1 EDB exploit
9.8
CVSSv3
CVE-2017-11346
Zoho ManageEngine Desktop Central before build 100092 allows remote malicious users to execute arbitrary code via vectors involving the upload of help desk videos.
Zohocorp Manageengine Desktop Central
1 EDB exploit
NA
CVE-2014-8801
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin prior to 1.7.15 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
Strangerstudios Paid Memberships Pro
1 EDB exploit
NA
CVE-2014-9311
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin prior to 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.
Shareaholic Shareaholic
1 EDB exploit
NA
CVE-2015-2199
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin prior to 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remot...
Wonderplugin Audio Player
1 EDB exploit
NA
CVE-2015-2218
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin prior to 2.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) item[name] or (2) item...
Magic Hills Wonderplugin Audio Player
1 EDB exploit
NA
CVE-2015-6512
SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote malicious users to execute arbitrary SQL commands via the time parameter to server/freichat.php.
Codelogic Freichat 9.6
1 EDB exploit
9.8
CVSSv3
CVE-2017-11153
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to gain administrator privileges via a crafted serialized payload.
Synology Photo Station 6.3-2967
Synology Photo Station
1 EDB exploit
7.2
CVSSv3
CVE-2017-11154
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to create arbitrary PHP scripts via the type parameter.
Synology Photo Station
Synology Photo Station 6.3-2967
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »