Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s9y vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1386
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote malicious users to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue...
S9y Serendipity 1.3
5.4
CVSSv3
CVE-2016-10737
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
S9y Serendipity 2.0.4
9.8
CVSSv3
CVE-2016-10752
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote malicious users to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
S9y Serendipity 2.0.3
8.8
CVSSv3
CVE-2023-31576
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows malicious users to execute arbitrary code via a crafted HTML or Javascript file.
S9y Serendipity 2.4.0
6.1
CVSSv3
CVE-2011-3610
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin prior to 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
S9y Serendipity Event Freetag
NA
CVE-2009-3337
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin prior to 3.09 for Serendipity (S9Y) allows remote malicious users to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.
S9y Serendipity Event Freetag
NA
CVE-2006-5499
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
Serendipity Serendipity
NA
CVE-2008-1476
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) prior to 1.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.
Serendipity Serendipity 0.7
Serendipity Serendipity 0.7.1
Serendipity Serendipity 0.9
Serendipity Serendipity 0.9.1
Serendipity Serendipity 1.0
Serendipity Serendipity 1.1.2
Serendipity Serendipity 1.1.3
Serendipity Serendipity 0.8
Serendipity Serendipity 0.8.1
Serendipity Serendipity 1.0.1
Serendipity Serendipity 1.0.2
Serendipity Serendipity 1.1.4
Serendipity Serendipity 1.2
Serendipity Serendipity 0.5 Pl1
Serendipity Serendipity 0.6 Pl3
Serendipity Serendipity 0.3
Serendipity Serendipity 0.4
Serendipity Serendipity 0.8.2
Serendipity Serendipity 0.8.3
Serendipity Serendipity 1.0.3
Serendipity Serendipity 1.0.4
Serendipity Serendipity
NA
CVE-2008-1066
The modifier.regex_replace.php plugin in Smarty prior to 2.6.19, as used by Serendipity (S9Y) and other products, allows malicious users to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
Smarty Smarty
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6