26 matches found
EUVD-2007-6173
Malware in sbrugna...
EUVD-2008-0761
Malware in sbrugna...
EUVD-2006-1910
Malware in sbrugna...
s9y Serendipity Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Details ====== Software: s9y Serendipity Version: Mitigations ======= update to Serendipity v2.1.x ======== FIX: ========== https://github.com/s9y/Serendipity/issues/452 Best regards, Zhiyang Zeng of Tencent security platform department...
s9y Serendipity Cross Site Request Forgery
Details ====== Software: s9y Serendipity Version: Mitigations ======= update to Serendipity v2.1.x ======== FIX: ========== https://github.com/s9y/Serendipity/issues/452 Best regards, Zhiyang Zeng of Tencent security platform department...
S9Y Serendipity 1.3 - Referer HTTP Header XSS
No description provided by source. source: http://www.securityfocus.com/bid/28885/info S9Y Serendipity is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
CVE-2008-1386
CVE-2008-1386 affects Serendipity (S9Y) 1.3 and its installer, where multiple XSS vulnerabilities exist in the installer (via unspecified path fields and the database host field) and in the referrer plugin of the blog application. The underlying issue is improper escaping that allows injection of...
CVE-2008-1385
CVE-2008-1385 is an XSS vulnerability in Serendipity's Top Referrers (referrer) plugin prior to 1.3.1. The referrer string is not escaped, allowing injection via the Referer header and leading to arbitrary script/HTML execution. The issue is documented with a CVSS v2 base score of 4.3 (Medium). R...
[Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387)
Two smaller issues in s9y, published here: http://int21.de/cve/CVE-2008-1386-s9y.html http://int21.de/cve/CVE-2008-1387-s9y.html Cross Site Scripting XSS in serendipity 1.3 referrer plugin, CVE-2008-1385 References https://vulners.com/cve/CVE-2008-1385 http://www.s9y.org/ Description In the...
S9Y Serendipity 1.3 - Referer HTTP Header Cross-Site Scripting
source: https://www.securityfocus.com/bid/28885/info S9Y Serendipity is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in t...
CVE-2008-1476
Serendipity (S9Y) up to version 1.2.x is vulnerable to cross-site scripting via received trackbacks. Root cause: insufficient input sanitisation in several scripts. Impact: remote attackers can inject arbitrary script/HTML. Mitigation: upgrade to Serendipity 1.3 or later (per Debian DSAs and rela...
CVE-2008-0124
Cross-site scripting XSS vulnerability in Serendipity S9Y before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via 1 the "Real name" field in Personal Settings, which is presented to readers of articles; or 2 a file upload, as demonstrated by a .htm, .html, or...
CVE-2008-0124
CVE-2008-0124 affects Serendipity (S9Y) prior to 1.3-beta1, with cross-site scripting (XSS) via the Real name field in Personal Settings or via file uploads (e.g., .htm/.html/.js). The root cause is insufficient input sanitising in Serendipity, enabling remote authenticated users to inject script...
CVE-2008-0751
Cross-site scripting XSS vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to plugin/tag/...
Cross site scripting
Cross-site scripting XSS vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to plugin/tag/...
CVE-2008-0751
CVE-2008-0751 : Cross-site scripting in the Freetag before 2.96 plugin for S9Y Serendipity. When using Internet Explorer 6/7, an attacker can inject arbitrary script/HTML via PATH_INFO to plugin/tag/. Root cause is an XSS vulnerability in the plugin handling PATH_INFO. Affected: Freetag plugin (v...
CVE-2008-0751
Cross-site scripting XSS vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to plugin/tag/...
CVE-2007-6205
Cross-site scripting XSS vulnerability in the remote RSS sidebar plugin serendipitypluginremoterss in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed...
CVE-2007-6205
Cross-site scripting XSS vulnerability in the remote RSS sidebar plugin serendipitypluginremoterss in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed...
CVE-2007-6205
CVE-2007-6205 is a cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) of S9Y Serendipity prior to 1.2.1. An attacker can inject arbitrary script/HTML via a link in an RSS feed. Public advisories (Debian DSA-1528-1, related OpenVAS/NVL) documen...