56 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/s9y/2023/Serendipity-2.4-beta-1 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. Serendipity versiones anteriores a 2.3.4 en Windows, permite a atacantes remotos ejecutar código arbitrario porque el nombre de archivo de un archivo renombrado puede terminar con un punto. Este archivo luego puede ser renombrado para tener un nombre de archivo .php. • https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html https://github.com/s9y/Serendipity/releases/tag/2.3.4 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf. Se presenta una vulnerabilidad de tipo Cross-site Scripting (XSS) en el plugin freetag para Serendipity versiones anteriores a 3.30 en el parámetro tagcloud en el archivo plugins/serendipity_event_freetag/tagcloud.swf. • https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html https://www.openwall.com/lists/oss-security/2011/10/10/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation. Serendipity versiones anteriores a 1.6, presenta un problema de tipo XSS en el plugin karma que puede permitir una escalada de privilegios. • https://www.exploit-db.com/exploits/36283 https://access.redhat.com/security/cve/cve-2011-4090 https://seclists.org/oss-sec/2011/q4/176 https://security-tracker.debian.org/tracker/CVE-2011-4090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versión 1.5.5, permite a atacantes remotos ejecutar código arbitrario en los archivos plugins/ExtendedFileManager/manager.php y plugins/ImageManager/manager.php. • https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 https://security-tracker.debian.org/tracker/CVE-2011-1135 https://www.openwall.com/lists/oss-security/2011/03/02/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •