Filtered by vendor S9y
Subscriptions
Total
56 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-1449 | 1 S9y | 1 Serendipity | 2024-09-17 | N/A |
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. | ||||
CVE-2012-2332 | 1 S9y | 1 Serendipity | 2024-09-17 | N/A |
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). | ||||
CVE-2010-2957 | 1 S9y | 1 Serendipity | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2005-1713 | 1 S9y | 1 Serendipity | 2024-09-17 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins. | ||||
CVE-2017-8101 | 1 S9y | 1 Serendipity | 2024-09-17 | N/A |
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. | ||||
CVE-2013-5670 | 1 S9y | 1 Serendipity | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter. | ||||
CVE-2011-3800 | 1 S9y | 1 Serendipity | 2024-09-17 | N/A |
Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files. | ||||
CVE-2017-1000129 | 1 S9y | 1 Serendipity | 2024-09-17 | N/A |
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | ||||
CVE-2013-5314 | 1 S9y | 1 Serendipity | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter. | ||||
CVE-2016-10737 | 1 S9y | 1 Serendipity | 2024-09-17 | N/A |
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. | ||||
CVE-2015-6969 | 1 S9y | 1 Serendipity | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link. | ||||
CVE-2012-2331 | 1 S9y | 1 Serendipity | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). | ||||
CVE-2005-1450 | 1 S9y | 1 Serendipity | 2024-09-16 | N/A |
Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact. | ||||
CVE-2009-3337 | 1 S9y | 1 Serendipity Event Freetag | 2024-09-16 | N/A |
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry. | ||||
CVE-2017-8102 | 1 S9y | 1 Serendipity | 2024-09-16 | N/A |
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin. | ||||
CVE-2015-6968 | 1 S9y | 1 Serendipity | 2024-09-16 | N/A |
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension. | ||||
CVE-2004-2525 | 1 S9y | 1 Serendipity | 2024-08-08 | N/A |
Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable. | ||||
CVE-2004-2157 | 1 S9y | 1 Serendipity | 2024-08-08 | N/A |
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field. | ||||
CVE-2004-2158 | 1 S9y | 1 Serendipity | 2024-08-08 | N/A |
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php. | ||||
CVE-2004-1620 | 1 S9y | 1 Serendipity | 2024-08-08 | N/A |
CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php. |