Clipbucket
Monthly
Unauthorized collection manipulation in ClipBucket v5 prior to 5.5.3 #59 allows authenticated attackers to add or remove items from other users' collections due to missing and broken authorization checks in the add and delete item functions. An attacker with valid credentials can exploit this to alter collections they do not own without restriction. Public exploit code exists for this vulnerability, and no patch is currently available.
Stored cross-site scripting in ClipBucket v5 prior to version 5.5.3 #59 allows authenticated users to inject malicious scripts that execute when viewed by administrators, enabling session hijacking or credential theft. Public exploit code exists for this vulnerability, which affects the open-source video sharing platform and has been patched in the latest release.
ClipBucket v5 before 5.5.3 allows authenticated users to trigger server-side request forgery (SSRF) through the Remote Play feature by specifying internal network URLs in video references, enabling attackers to scan and probe internal network infrastructure. Public exploit code exists for this vulnerability, which requires only standard user privileges to execute. The SSRF capability permits GET requests to internal servers without requiring the attacker to upload content to the platform.
Arbitrary PHP code execution in ClipBucket v5 prior to 5.5.3-#40 through a race condition in file upload validation, where files are moved to a web-accessible directory before security checks are performed. An authenticated attacker can exploit the time window between file placement and validation deletion to execute malicious PHP code on the server. Public exploit code exists for this vulnerability.
ClipBucket v5 (5.5.2-#187 and below) has blind SQL injection in the channel comment functionality via the obj_id parameter. Unauthenticated attackers can extract the entire database. PoC available.
ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
ClipBucket v5 is an open source video sharing platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
ClipBucket v5 is an open source video sharing platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ClipBucket V5 provides open source video hosting with PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.9%.
ClipBucket V5 provides open source video hosting with PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
ClipBucket V5 provides open source video hosting with PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Unauthorized collection manipulation in ClipBucket v5 prior to 5.5.3 #59 allows authenticated attackers to add or remove items from other users' collections due to missing and broken authorization checks in the add and delete item functions. An attacker with valid credentials can exploit this to alter collections they do not own without restriction. Public exploit code exists for this vulnerability, and no patch is currently available.
Stored cross-site scripting in ClipBucket v5 prior to version 5.5.3 #59 allows authenticated users to inject malicious scripts that execute when viewed by administrators, enabling session hijacking or credential theft. Public exploit code exists for this vulnerability, which affects the open-source video sharing platform and has been patched in the latest release.
ClipBucket v5 before 5.5.3 allows authenticated users to trigger server-side request forgery (SSRF) through the Remote Play feature by specifying internal network URLs in video references, enabling attackers to scan and probe internal network infrastructure. Public exploit code exists for this vulnerability, which requires only standard user privileges to execute. The SSRF capability permits GET requests to internal servers without requiring the attacker to upload content to the platform.
Arbitrary PHP code execution in ClipBucket v5 prior to 5.5.3-#40 through a race condition in file upload validation, where files are moved to a web-accessible directory before security checks are performed. An authenticated attacker can exploit the time window between file placement and validation deletion to execute malicious PHP code on the server. Public exploit code exists for this vulnerability.
ClipBucket v5 (5.5.2-#187 and below) has blind SQL injection in the channel comment functionality via the obj_id parameter. Unauthenticated attackers can extract the entire database. PoC available.
ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
ClipBucket v5 is an open source video sharing platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
ClipBucket v5 is an open source video sharing platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ClipBucket V5 provides open source video hosting with PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.9%.
ClipBucket V5 provides open source video hosting with PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
ClipBucket V5 provides open source video hosting with PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.