NotCVE - vendor:"S9y" product:"Serendipity" version:" <= 1.6.1"

Page 4 of 52 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 34EXPL: 0

CVE-2008-0124

https://notcve.org/view.php?id=CVE-2008-0124

28 Feb 2008 — Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Serendipity (S9Y) anterior a 1.3-beta 1, permite a usuarios autenticados remotamente inyectar secuencias de comandos Web de su ... • http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-6390

https://notcve.org/view.php?id=CVE-2007-6390

17 Dec 2007 — Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin mycalendar versiones anteriores a 0.13 para Serendipity, permite a los atacantes remotos realizar acciones como administradores de blogs, que pueden ser aprovechadas para conducir ata... • http://secunia.com/advisories/28152 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 1%CPEs: 37EXPL: 1

CVE-2007-6205

https://notcve.org/view.php?id=CVE-2007-6205

11 Dec 2007 — Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en el añadido del lector RSS remoto de la barra lateral (serendipity_plugin_remoterss) en S9Y Serendipity before 1.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un enlace en un al... • http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 0

CVE-2007-4282

https://notcve.org/view.php?id=CVE-2007-4282

09 Aug 2007 — The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked. La extensión de "Propiedades extendidas de entrada" (entryproperties) en el serendipity_event_entryproperties.php del Serendipity 1.1.3 permite a atacantes remotos autenticados, evitar ... • http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-1326

https://notcve.org/view.php?id=CVE-2007-1326

07 Mar 2007 — SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter. Vulnerabilidad de inyección SQL en index.php de Serendipity 1.1.1 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro [multiCat][]. • http://osvdb.org/34935 •

CVSS: 9.1EPSS: 3%CPEs: 26EXPL: 3

CVE-2006-6242 – S9Y Serendipity 1.0.3 - 'comment.php' Local File Inclusion

https://notcve.org/view.php?id=CVE-2006-6242

03 Dec 2006 — Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativec... • https://www.exploit-db.com/exploits/2869 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0

CVE-2006-5499

https://notcve.org/view.php?id=CVE-2006-5499

25 Oct 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. Múltiples vulnerabilidades en secuencias de comandos en sitios cruzados (XSS) en Serendipity (s9y) 1.0.1 y anteriores, permite a atacantes remotos la inyección de secuencias de comandos Web o HTML de su elección, a través de vectores no especificados en la página del administrador del gestor ... • http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html •

CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0

CVE-2006-2495

https://notcve.org/view.php?id=CVE-2006-2495

20 May 2006 — Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. • http://secunia.com/advisories/20155 •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2006-1910

https://notcve.org/view.php?id=CVE-2006-1910

20 Apr 2006 — config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2005-3129

https://notcve.org/view.php?id=CVE-2005-3129

04 Oct 2005 — Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037580.html •

1 2 3 4 5