Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s9y vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2011-1134
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package prior to 1.5.5, allows remote malicious users to execute arbitrary code in the image manager.
S9y Serendipity
NA
CVE-2004-2158
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote malicious users to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
S9y Serendipity 0.7 Beta1
1 EDB exploit
7.5
CVSSv3
CVE-2017-1000129
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
S9y Serendipity 2.0.3
8.8
CVSSv3
CVE-2017-8101
There is CSRF in Serendipity 2.0.5, allowing malicious users to install any themes via a GET request.
S9y Serendipity 2.0.5
5.4
CVSSv3
CVE-2017-8102
Stored XSS in Serendipity v2.1-rc1 allows an malicious user to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
S9y Serendipity 2.1
NA
CVE-2006-1910
config.php in S9Y Serendipity 1.0 beta 2 allows remote malicious users to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...
S9y Serendipity 1.0 Beta2
8.8
CVSSv3
CVE-2023-31576
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows malicious users to execute arbitrary code via a crafted HTML or Javascript file.
S9y Serendipity 2.4.0
8.8
CVSSv3
CVE-2017-5609
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
S9y Serendipity 2.0.5
5.4
CVSSv3
CVE-2016-10737
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
S9y Serendipity 2.0.4
9.8
CVSSv3
CVE-2016-10752
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote malicious users to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
S9y Serendipity 2.0.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »