39 results (0.017 seconds)

CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. Serendipity versiones anteriores a 2.3.4 en Windows, permite a atacantes remotos ejecutar código arbitrario porque el nombre de archivo de un archivo renombrado puede terminar con un punto. Este archivo luego puede ser renombrado para tener un nombre de archivo .php. • https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html https://github.com/s9y/Serendipity/releases/tag/2.3.4 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation. Serendipity versiones anteriores a 1.6, presenta un problema de tipo XSS en el plugin karma que puede permitir una escalada de privilegios. • https://www.exploit-db.com/exploits/36283 https://access.redhat.com/security/cve/cve-2011-4090 https://seclists.org/oss-sec/2011/q4/176 https://security-tracker.debian.org/tracker/CVE-2011-4090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versión 1.5.5, permite a atacantes remotos ejecutar código arbitrario en los archivos plugins/ExtendedFileManager/manager.php y plugins/ImageManager/manager.php. • https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 https://security-tracker.debian.org/tracker/CVE-2011-1135 https://www.openwall.com/lists/oss-security/2011/03/02/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versión 1.5.5, permite a atacantes remotos ejecutar código arbitrario en el administrador de imágenes. • https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 https://security-tracker.debian.org/tracker/CVE-2011-1134 https://www.openwall.com/lists/oss-security/2011/03/02/5 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. Una vulnerabilidad de tipo Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versión 1.5.5, permite a atacantes remotos ejecutar código arbitrario por medio del archivo plugins/ExtendedFileManager/backend.php. • https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 https://security-tracker.debian.org/tracker/CVE-2011-1133 https://www.openwall.com/lists/oss-security/2011/03/02/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •