Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s9y vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-10082
include/functions_installer.inc.php in Serendipity up to and including 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the b...
S9y Serendipity
NA
CVE-2005-1713
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
S9y Serendipity 0.8
NA
CVE-2011-3800
Serendipity 1.5.5 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.
S9y Serendipity 1.5.5
NA
CVE-2008-1386
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote malicious users to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue...
S9y Serendipity 1.3
NA
CVE-2006-1910
config.php in S9Y Serendipity 1.0 beta 2 allows remote malicious users to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...
S9y Serendipity 1.0 Beta2
5.4
CVSSv3
CVE-2016-10737
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
S9y Serendipity 2.0.4
NA
CVE-2004-2157
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions prior to 0.7-beta3, allows remote malicious users to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
S9y Serendipity 0.7 Beta1
7.5
CVSSv3
CVE-2017-1000129
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
S9y Serendipity 2.0.3
8.8
CVSSv3
CVE-2017-5609
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
S9y Serendipity 2.0.5
NA
CVE-2004-2158
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote malicious users to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
S9y Serendipity 0.7 Beta1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »