NotCVE - vendor:"S9y" product:"Serendipity" version:" <= 2.0.5"

Page 3 of 57 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3

CVE-2015-6943

https://notcve.org/view.php?id=CVE-2015-6943

15 Sep 2015 — SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php. Vulnerabilidad de inyección SQL en la función serendipity_checkCommentToken en include/functions_comments.inc.php en Serendipity en versiones anteriores a 2.0.2, cuando "Use Tokens for Comment Mo... • http://blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2015-2289

https://notcve.org/view.php?id=CVE-2015-2289

23 Mar 2015 — Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category. Vulnerabilidad de XSS en templates/2k11/admin/entries.tpl en Serendipity anterior a 2.0.1 permite a editores remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro serendipity[cat][name] en s... • http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

CVE-2014-9432

https://notcve.org/view.php?id=CVE-2014-9432

31 Dec 2014 — Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php. Múltiples vulnerabilidades de XSS en templates/2k11/admin/overview.inc.tpl en Serendipity anterior a 2.0-rc2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un comentario en un blog en QUERY_STRING en serendipity/i... • http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0

CVE-2013-5670

https://notcve.org/view.php?id=CVE-2013-5670

05 Nov 2013 — Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter. Vulnerabilidad cross-site scripting (XSS) en spell-check-savedicts.php en el módulo htmlarea SpellChecker, tal como se utiliza en Serendipity anterior a la versión 1.7.3 y posiblemente en otros productos, permite a atacantes remotos inyectar secuen... • http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 3

CVE-2013-5314 – S9Y Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-5314

19 Aug 2013 — Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter. Vulnerabilidad XSS en serendipity_admin_image_selector.php en Serendipity 1.6.2 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro serendipity[htmltarget]. • https://www.exploit-db.com/exploits/38642 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 14%CPEs: 35EXPL: 5

CVE-2012-2331 – S9Y Serendipity 1.6 - 'Backend' Cross-Site Scripting / SQL Injection

https://notcve.org/view.php?id=CVE-2012-2331

13 Aug 2012 — Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Serendipity/serendipity_admin_image_selector.php en Serendipity antes de v1.6.1 permite a atacantes remotos inyectar secuencias de comandos... • https://www.exploit-db.com/exploits/18884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 1%CPEs: 35EXPL: 4

CVE-2012-2332 – S9Y Serendipity 1.6 - 'Backend' Cross-Site Scripting / SQL Injection

https://notcve.org/view.php?id=CVE-2012-2332

13 Aug 2012 — SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). Una vulnerabilidad de inyección SQL en serendipity/serendipity_admin.php en Serendipity antes de v1.6.1 permite a atacantes remotos ejecutar comandos SQL a través del parámetro serendipity[plugin_to_conf]. NOTA: este problema podría ser r... • https://www.exploit-db.com/exploits/18884 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0

CVE-2012-2762

https://notcve.org/view.php?id=CVE-2012-2762

07 Jun 2012 — SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. Vulnerabilidad de inyección SQL en include/functions_trackbacks.inc.php en Serendipity v1.6.2 permite a atacantes remotos ejecutar comandos SQL a través del parámetro URL en comment.php. • http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2011-3800

https://notcve.org/view.php?id=CVE-2011-3800

24 Sep 2011 — Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files. Serendipity v1.5.5 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con templates/newspaper/layout.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 54EXPL: 1

CVE-2010-2957

https://notcve.org/view.php?id=CVE-2010-2957

10 Sep 2010 — Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Serendipity anteriores a v1.5.4, cuando el login "Remenber me" está activado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5