18 matches found
EUVD-2008-0761
Malware in sbrugna...
EUVD-2007-6173
Malware in sbrugna...
EUVD-2006-1910
Malware in sbrugna...
s9y Serendipity Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Details ====== Software: s9y Serendipity Version: Mitigations ======= update to Serendipity v2.1.x ======== FIX: ========== https://github.com/s9y/Serendipity/issues/452 Best regards, Zhiyang Zeng of Tencent security platform department...
s9y Serendipity Cross Site Request Forgery
Details ====== Software: s9y Serendipity Version: Mitigations ======= update to Serendipity v2.1.x ======== FIX: ========== https://github.com/s9y/Serendipity/issues/452 Best regards, Zhiyang Zeng of Tencent security platform department...
S9Y Serendipity 1.3 - Referer HTTP Header XSS
No description provided by source. source: http://www.securityfocus.com/bid/28885/info S9Y Serendipity is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
S9Y Serendipity 1.3 - Referer HTTP Header Cross-Site Scripting
source: https://www.securityfocus.com/bid/28885/info S9Y Serendipity is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in t...
CVE-2008-0751
Cross-site scripting XSS vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to plugin/tag/...
Cross site scripting
Cross-site scripting XSS vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to plugin/tag/...
CVE-2008-0751
Cross-site scripting XSS vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to plugin/tag/...
CVE-2008-0751
CVE-2008-0751 : Cross-site scripting in the Freetag before 2.96 plugin for S9Y Serendipity. When using Internet Explorer 6/7, an attacker can inject arbitrary script/HTML via PATH_INFO to plugin/tag/. Root cause is an XSS vulnerability in the plugin handling PATH_INFO. Affected: Freetag plugin (v...
CVE-2007-6205
Cross-site scripting XSS vulnerability in the remote RSS sidebar plugin serendipitypluginremoterss in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed...
CVE-2007-6205
Cross-site scripting XSS vulnerability in the remote RSS sidebar plugin serendipitypluginremoterss in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed...
CVE-2007-6205
CVE-2007-6205 is a cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) of S9Y Serendipity prior to 1.2.1. An attacker can inject arbitrary script/HTML via a link in an RSS feed. Public advisories (Debian DSA-1528-1, related OpenVAS/NVL) documen...
Information disclosure
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1910
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1910
This CVE affects S9Y Serendipity 1.0 beta 2, where config.php values stored by the application can be edited to inject and later execute arbitrary PHP code. The underlying issue is PHP code execution triggered by manipulated config.php content, enabling remote code execution with likely impact to...
CVE-2006-1910
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...