Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
serendipity vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2005-1450
Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity prior to 0.8 has unknown impact.
S9y Serendipity 0.3
S9y Serendipity 0.4
S9y Serendipity 0.5 Pl1
S9y Serendipity 0.6 Pl3
S9y Serendipity 0.7
S9y Serendipity 0.7.1
890
VMScore
CVE-2005-1452
Serendipity prior to 0.8 allows Chief users to "hide plugins installed by other users."
S9y Serendipity 0.7
S9y Serendipity 0.7.1
S9y Serendipity 0.4
S9y Serendipity 0.6 Pl3
S9y Serendipity 0.3
S9y Serendipity 0.5 Pl1
383
VMScore
CVE-2007-6390
Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin prior to 0.13 for Serendipity allows remote malicious users to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page.
Serendipity Serendipity
605
VMScore
CVE-2006-5499
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
Serendipity Serendipity
668
VMScore
CVE-2007-1326
SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote malicious users to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.
Serendipity Serendipity 1.1.1
445
VMScore
CVE-2007-4282
The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend&quo...
Serendipity Serendipity 1.1.3
534
VMScore
CVE-2015-6943
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity prior to 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the ser...
S9y Serendipity
578
VMScore
CVE-2015-6968
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity prior to 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
S9y Serendipity
383
VMScore
CVE-2015-6969
Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity prior to 2.0.2 allows remote malicious users to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.
S9y Serendipity
454
VMScore
CVE-2005-3129
Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and previous versions allows remote malicious users to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.
S9y Serendipity
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »