S9y

Serendipity

56 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2012-2332

Exploit
  • EPSS 1.33%
  • Veröffentlicht 13.08.2012 23:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site...

4.3

CVE-2012-2331

Exploit
  • EPSS 14.79%
  • Veröffentlicht 13.08.2012 23:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might b...

7.5

CVE-2012-2762

  • EPSS 0.72%
  • Veröffentlicht 07.06.2012 19:55:09
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.

5

CVE-2011-3800

  • EPSS 0.28%
  • Veröffentlicht 24.09.2011 00:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.

2.6

CVE-2010-2957

Exploit
  • EPSS 0.29%
  • Veröffentlicht 10.09.2010 18:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2010-1916

Exploit
  • EPSS 0.71%
  • Veröffentlicht 12.05.2010 11:46:40
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) craf...

6

CVE-2009-4412

  • EPSS 2.11%
  • Veröffentlicht 24.12.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the ...

4.3

CVE-2008-1386

Exploit
  • EPSS 0.5%
  • Veröffentlicht 23.04.2008 13:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for e...

4.3

CVE-2008-1385

Exploit
  • EPSS 6.74%
  • Veröffentlicht 23.04.2008 13:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

4.3

CVE-2008-0124

  • EPSS 0.65%
  • Veröffentlicht 28.02.2008 20:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or ...