CVE-2012-2331 – S9Y Serendipity 1.6 - 'Backend' Cross-Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2012-2331
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Serendipity/serendipity_admin_image_selector.php en Serendipity antes de v1.6.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro serendipity[textarea]. NOTA: este problema podría ser resultante de una falsificación de solicitudes en sitios cruzados(CSRF). • https://www.exploit-db.com/exploits/18884 http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html http://secunia.com/advisories/49009 http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt http://www.openwall.com/lists/oss-security/2012/05/08/6 http://www.openwall.com/lists/oss-security/2012/05/09/2 http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Si • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2332 – S9Y Serendipity 1.6 - 'Backend' Cross-Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2012-2332
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). Una vulnerabilidad de inyección SQL en serendipity/serendipity_admin.php en Serendipity antes de v1.6.1 permite a atacantes remotos ejecutar comandos SQL a través del parámetro serendipity[plugin_to_conf]. NOTA: este problema podría ser resultante de una falsificación de solicitudes en sitios cruzados (CSRF). • https://www.exploit-db.com/exploits/18884 http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt http://www.openwall.com/lists/oss-security/2012/05/08/6 http://www.openwall.com/lists/oss-security/2012/05/09/2 http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-2762 – Serendipity 1.6.1 SQL Injection
https://notcve.org/view.php?id=CVE-2012-2762
SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. Vulnerabilidad de inyección SQL en include/functions_trackbacks.inc.php en Serendipity v1.6.2 permite a atacantes remotos ejecutar comandos SQL a través del parámetro URL en comment.php. Serendipity version 1.6.1 suffers from a remote SQL injection vulnerability. • http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html http://secunia.com/advisories/49234 http://www.osvdb.org/82036 http://www.securityfocus.com/bid/53620 http://www.securitytracker.com/id?1027079 https://exchange.xforce.ibmcloud.com/vulnerabilities/75760 https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1 https://www.htbridge.com/advisory/HTB23092 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-2957
https://notcve.org/view.php?id=CVE-2010-2957
Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Serendipity anteriores a v1.5.4, cuando el login "Remenber me" está activado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html http://www.openwall.com/lists/oss-security/2010/08/29/3 http://www.openwall.com/lists/oss-security/2010/08/31/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-1916
https://notcve.org/view.php?id=CVE-2010-1916
The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin. La funcionalidad de configuración dinámica del editor Xinha WYSIWYG v0.96 Beta 2 y anteriores, como la utilizada en Serendipity v1.5.2 y anteriores, permite a atacantes remotos evitar las restricciones de acceso pretendidas y modificar la configuración de complementos -plugins- de su elección mediante (1) los parámetros modificados backend_config_secret_key_location y backend_config_hash que se utilizan en un hash SHA1 de un secreto compartido que pueden ser conocidos o influenciados externamente, los cuales no son manejados adecuadamente por la funcionalidad "Deprecated config passing"; o (2) las variables manipuladas backend_data y backend_data[key_location], las cuales no son manejadas adecuadamente por la función xinha_read_passed_data. NOTA: Esto puede ser aprovechado para subir y puede que ejecutar los ficheros que se deseen mediante el fichero config.inc.php del complemento ImageManager plugin. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html http://secunia.com/advisories/39782 http://secunia.com/advisories/40124 http://trac.xinha.org/ticket/1518 http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html http://www.securityfocus.com/bid/40033 http://www.vupen • CWE-264: Permissions, Privileges, and Access Controls •