Sites running ClipBucket CMS suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
a02f001b2078667922e5d206cc4508b63fcbfb1ae364a3e3768ac87ca6b4776f
This Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 - Release 4902 on Windows 7 and Kali Linux.
4cbc4f10623c015fe72317b111015c9c54dcbf8fdddd9d0a7b8d9e1a06c5b330
ClipBucket version 2.8.3 suffers from a remote code execution vulnerability.
f2d101c1868f5bf135c5889d537000610c831cd9ebaa72664d14c6d9b33aa667
ClipBucket version2.8.3 suffers from remote SQL injection, arbitrary file read/write, and default credential vulnerabilities.
35e3ac02402d77e06f0e1a4277e12bf1acda098063add07c4e899598c8fc9d6b
ClipBucket versions 2.8.2 and below suffer from multiple cross site scripting vulnerabilities.
bfc96451c84b6bad73bcd5ad0551dca3f08ed1c7a2f10bc94fa4faa643149557
Clipbucket version 2.8 suffers from a remote blind SQL injection vulnerability.
0879e22ea741f95b1974da688f9ec493df631683872484513b7c5a4f3f884f8c
Clipbucket version 2.7.0.4.v2929-rc3 suffers from a remote blind SQL injection vulnerability.
f9100e2bf9451bea1a2cc28324f069af76f121782cfc3f115453c63ed3703a94
This Metasploit module exploits a vulnerability found in ClipBucket version 2.6 and lower. The script "/admin_area/charts/ofc-library/ofc_upload_image.php" can be used to upload arbitrary code without any authentication. This Metasploit module has been tested on version 2.6 on CentOS 5.9 32-bit.
81de352ecf23e3b327062e9f36fae90c61585126242110b19930863e60e3b355
ClipBucket suffers from a remote code execution vulnerability that allows for a shell upload.
da2f74182f3ada40b94de330c0a44721cab69310c2e568b8c1e64aae6164dbf2
ClipBucket version 2.6 revision 738 suffers from a remote SQL injection vulnerability.
02430530f56dbae2ed8bdb034a591664f523e90e6296c1ffc8f06fc676222c37
Clipbucket version 2.5 suffers from a directory traversal vulnerability.
60276daddff1d6ad33d0d4b4a077e3bd663c889d534719331c76356e88d80d43
Clipbucket version 2.5 suffers from a remote blind SQL injection vulnerability.
7dc8211e010244ae9cf4425d8fab83465c7a0a8ecade28de6cd2185bc60a2be2
ClipBucket version 2.5 suffers from a cross site request forgery vulnerability.
215f31d79beeb64bdd951a84a80fada6fd029809053de09f547bcc6985301ca5
ClipBucket version 2 suffers from a remote blind SQL injection vulnerability. Note that this finding houses site-specific data.
908a1ea098afb0afffccbe3d11106c241ae2a4f161d8387e327501693cbf137d
Clip Bucket version 2.6 suffers from cross site scripting and remote SQL injection vulnerabilities.
f560fa56449644d6fa13d79ace64425fe5b0e87dd9843a1bdcafa7fc170914fd
A SQL injection vulnerability in Clipbucket version 2.4 RC2 645 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
6f0d10f78695697be08aaad71f69ebf5932985db42e1fc464f2a06ce15f1d538
Clip Bucket versions 1.7.1 and below suffer from an insecure cookie handling vulnerability.
6fa6b366dba826bc2b35dff449cfdf2e807b8e755d11ce0f3998db5e78459376