Page 11 of 56 results (0.024 seconds)

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

Serendipity before 0.8 allows Chief users to "hide plugins installed by other users." • http://secunia.com/advisories/15145 http://www.s9y.org/63.html#A9 •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 2

SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters. • https://www.exploit-db.com/exploits/939 http://seclists.org/lists/bugtraq/2005/Apr/0195.html http://secunia.com/advisories/15145 http://securitytracker.com/id?1013699 http://www.osvdb.org/15542 http://www.s9y.org/5.html http://www.s9y.org/63.html#A9 http://www.securityfocus.com/bid/13161 https://exchange.xforce.ibmcloud.com/vulnerabilities/20119 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 4

SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php. • https://www.exploit-db.com/exploits/561 http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html http://secunia.com/advisories/12673 http://securitytracker.com/id?1011448 http://www.osvdb.org/10370 http://www.osvdb.org/10371 http://www.securityfocus.com/bid/11269 https://exchange.xforce.ibmcloud.com/vulnerabilities/17533 •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable. • http://secunia.com/advisories/13357 http://securitytracker.com/id?1012383 http://sourceforge.net/tracker/index.php?func=detail&aid=1076762&group_id=75065&atid=542822 http://www.osvdb.org/12177 http://www.securityfocus.com/bid/11790 https://exchange.xforce.ibmcloud.com/vulnerabilities/18322 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html http://secunia.com/advisories/12673 http://securitytracker.com/id?1011448 http://www.securityfocus.com/bid/11269 https://exchange.xforce.ibmcloud.com/vulnerabilities/17536 •