Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s9y vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-1713
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
S9y Serendipity 0.8
NA
CVE-2011-3800
Serendipity 1.5.5 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.
S9y Serendipity 1.5.5
NA
CVE-2004-2157
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions prior to 0.7-beta3, allows remote malicious users to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
S9y Serendipity 0.7 Beta1
NA
CVE-2008-1386
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote malicious users to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue...
S9y Serendipity 1.3
NA
CVE-2009-3337
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin prior to 3.09 for Serendipity (S9Y) allows remote malicious users to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.
S9y Serendipity Event Freetag
6.1
CVSSv3
CVE-2011-3610
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin prior to 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
S9y Serendipity Event Freetag
NA
CVE-2006-5499
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
Serendipity Serendipity
NA
CVE-2008-1476
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) prior to 1.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.
Serendipity Serendipity 0.7
Serendipity Serendipity 0.7.1
Serendipity Serendipity 0.9
Serendipity Serendipity 0.9.1
Serendipity Serendipity 1.0
Serendipity Serendipity 1.1.2
Serendipity Serendipity 1.1.3
Serendipity Serendipity 0.8
Serendipity Serendipity 0.8.1
Serendipity Serendipity 1.0.1
Serendipity Serendipity 1.0.2
Serendipity Serendipity 1.1.4
Serendipity Serendipity 1.2
Serendipity Serendipity 0.5 Pl1
Serendipity Serendipity 0.6 Pl3
Serendipity Serendipity 0.3
Serendipity Serendipity 0.4
Serendipity Serendipity 0.8.2
Serendipity Serendipity 0.8.3
Serendipity Serendipity 1.0.3
Serendipity Serendipity 1.0.4
Serendipity Serendipity
NA
CVE-2008-1066
The modifier.regex_replace.php plugin in Smarty prior to 2.6.19, as used by Serendipity (S9Y) and other products, allows malicious users to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
Smarty Smarty
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6