CVSS: 9.1EPSS: 3%CPEs: 26EXPL: 3CVE-2006-6242 – S9Y Serendipity 1.0.3 - 'comment.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2006-6242
03 Dec 2006 — Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativec... • https://www.exploit-db.com/exploits/2869 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0CVE-2006-5499
https://notcve.org/view.php?id=CVE-2006-5499
25 Oct 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. Múltiples vulnerabilidades en secuencias de comandos en sitios cruzados (XSS) en Serendipity (s9y) 1.0.1 y anteriores, permite a atacantes remotos la inyección de secuencias de comandos Web o HTML de su elección, a través de vectores no especificados en la página del administrador del gestor ... • http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html •
CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0CVE-2006-2495
https://notcve.org/view.php?id=CVE-2006-2495
20 May 2006 — Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. • http://secunia.com/advisories/20155 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-1910
https://notcve.org/view.php?id=CVE-2006-1910
20 Apr 2006 — config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2005-3129
https://notcve.org/view.php?id=CVE-2005-3129
04 Oct 2005 — Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037580.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1713
https://notcve.org/view.php?id=CVE-2005-1713
24 May 2005 — Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins. • http://secunia.com/advisories/15405 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1712
https://notcve.org/view.php?id=CVE-2005-1712
24 May 2005 — Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files. • http://secunia.com/advisories/15405 •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2005-1448
https://notcve.org/view.php?id=CVE-2005-1448
03 May 2005 — Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://secunia.com/advisories/15145 •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2005-1451
https://notcve.org/view.php?id=CVE-2005-1451
03 May 2005 — The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files. • http://secunia.com/advisories/15145 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2005-1452
https://notcve.org/view.php?id=CVE-2005-1452
03 May 2005 — Serendipity before 0.8 allows Chief users to "hide plugins installed by other users." • http://secunia.com/advisories/15145 •