NotCVE - vendor:"S9y" product:"Serendipity" version:"1.1.1"

Page 3 of 31 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 5

CVE-2012-2331 – S9Y Serendipity 1.6 - 'Backend' Cross-Site Scripting / SQL Injection

https://notcve.org/view.php?id=CVE-2012-2331

13 Aug 2012 — Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Serendipity/serendipity_admin_image_selector.php en Serendipity antes de v1.6.1 permite a atacantes remotos inyectar secuencias de comandos... • https://www.exploit-db.com/exploits/18884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 4

CVE-2012-2332 – S9Y Serendipity 1.6 - 'Backend' Cross-Site Scripting / SQL Injection

https://notcve.org/view.php?id=CVE-2012-2332

13 Aug 2012 — SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). Una vulnerabilidad de inyección SQL en serendipity/serendipity_admin.php en Serendipity antes de v1.6.1 permite a atacantes remotos ejecutar comandos SQL a través del parámetro serendipity[plugin_to_conf]. NOTA: este problema podría ser r... • https://www.exploit-db.com/exploits/18884 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0

CVE-2012-2762

https://notcve.org/view.php?id=CVE-2012-2762

07 Jun 2012 — SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. Vulnerabilidad de inyección SQL en include/functions_trackbacks.inc.php en Serendipity v1.6.2 permite a atacantes remotos ejecutar comandos SQL a través del parámetro URL en comment.php. • http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 54EXPL: 1

CVE-2010-2957

https://notcve.org/view.php?id=CVE-2010-2957

10 Sep 2010 — Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Serendipity anteriores a v1.5.4, cuando el login "Remenber me" está activado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 5%CPEs: 41EXPL: 2

CVE-2010-1916

https://notcve.org/view.php?id=CVE-2010-1916

12 May 2010 — The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backen... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 8.8EPSS: 1%CPEs: 34EXPL: 0

CVE-2009-4412

https://notcve.org/view.php?id=CVE-2009-4412

24 Dec 2009 — Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information. Vulnerabilidad de subida de ficheros sin restricciones Serendipity anterior v1.5 permite a usuarios utenticados remotamente ejecutar código de su elección po... • http://blog.s9y.org/archives/211-Serendipity-1.5-released.html •

CVSS: 6.1EPSS: 1%CPEs: 27EXPL: 2

CVE-2008-1385 – S9Y Serendipity 1.3 - Referer HTTP Header Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2008-1385

23 Apr 2008 — Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. Vulnerabilidad de secuencias de comandos en sitios cruzados en el plugin Top Referers (también conocido como referrer) de Serendipity (S9Y) anterior a 1.3.1 permite a atacantes remotos inyectar código web o HTML de su elección a través de una cabecera HTTP Referer. • https://www.exploit-db.com/exploits/31682 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0

CVE-2008-1476

https://notcve.org/view.php?id=CVE-2008-1476

24 Mar 2008 — Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Serendipity (S9Y) antes de 1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados relacionados con trackbacks recibidos. • http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 34EXPL: 0

CVE-2008-0124

https://notcve.org/view.php?id=CVE-2008-0124

28 Feb 2008 — Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Serendipity (S9Y) anterior a 1.3-beta 1, permite a usuarios autenticados remotamente inyectar secuencias de comandos Web de su ... • http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 1%CPEs: 37EXPL: 1

CVE-2007-6205

https://notcve.org/view.php?id=CVE-2007-6205

11 Dec 2007 — Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en el añadido del lector RSS remoto de la barra lateral (serendipity_plugin_remoterss) en S9Y Serendipity before 1.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un enlace en un al... • http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4