CVE Tools

clip-bucket

Web & CMS Pluginsoss-project

11

Cumulative CVEs

7

Monthly snapshots

#44

Peak rank

Top products

Latest CVEs

The 14 most recently published vulnerabilities affecting clip-bucket.

CVE-2013-10040ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE9.8Jul 31, 2025
CVE-2018-7666An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, an...9.8Mar 5, 2018
CVE-2018-7665An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPho...9.8Mar 5, 2018
CVE-2018-7664An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downl...9.8Mar 5, 2018
CVE-2016-1000307Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, oc...6.1Apr 6, 2017
CVE-2015-4673Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upl...5.4Apr 6, 2017
CVE-2016-4848Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.6.1Sep 2, 2016
CVE-2012-5849Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax....7.5May 14, 2015
CVE-2015-2102SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.7.5Feb 27, 2015
CVE-2014-4187Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field.4.3Jun 17, 2014
CVE-2012-6644Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (...4.3Apr 8, 2014
CVE-2012-6643Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to ...7.5Apr 8, 2014
CVE-2012-6642Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter to view_channel.php. NOTE: the provenance of this i...4.3Apr 8, 2014
CVE-2011-3717ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/sig...5.0Sep 23, 2011