NotCVE - vendor:"S9y" product:"Serendipity" version:"1.0.4"

Page 4 of 32 results (0.004 seconds)

CVSS: 9.1EPSS: 3%CPEs: 26EXPL: 3

CVE-2006-6242 – S9Y Serendipity 1.0.3 - 'comment.php' Local File Inclusion

https://notcve.org/view.php?id=CVE-2006-6242

03 Dec 2006 — Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativec... • https://www.exploit-db.com/exploits/2869 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0

CVE-2006-2495

https://notcve.org/view.php?id=CVE-2006-2495

20 May 2006 — Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. • http://secunia.com/advisories/20155 •

1 2 3 4