15 matches found
CVE-2026-39963 Serendipity: Host Header Injection enables authentication cookie scoping to an attacker-controlled domain
Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipitysetCookie function in include/functionsconfig.inc.php uses $SERVER'HTTPHOST' without validation as the domain parameter of setcookie. An attacker who can influence the Host header at login time, such as vi...
CVE-2005-1450
Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact...
CVE-2023-53933
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server...
EUVD-2005-1455
Malware in sbrugna...
EUVD-2005-3129
Malware in sbrugna...
EUVD-2006-6225
Malware in sbrugna...
CVE-2020-10964
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename...
CVE-2012-2332
SQL injection vulnerability in serendipity/serendipityadmin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipityplugintoconf parameter. NOTE: this issue might be resultant from cross-site request forgery CSRF...
CVE-2017-8102
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipityeventxsstrust plugin and a setconfig error in that plugin...
CVE-2009-3337
SQL injection vulnerability in the Freetag serendipityeventfreetag plugin before 3.09 for Serendipity S9Y allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry...
Serendipity < 2.1.1 Multiple Vulnerabilities
According to its banner, the version of Serendipity running on the remote host is prior to 2.1.1. It is, therefore, affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists in the templates/2k11/admin/category.inc.tpl script due to improper validation of the...
Serendipity Cross-Site Request Forgery Vulnerability (CNVD-2017-00771)
Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. A cross-site request forgery vulnerability exists in the comment.php page in Serendipity 2.0.5 and earlier versions, which allows attackers to...
Serendipity < 0.7.0rc1 HTTP Response Splitting
Binary data 2367.prm...
serendipityPoC.txt
Serendipity 0.7-beta1 SQL Injection Proof of Concept By aCiDBiTS [email protected] 13-September-2004 "Serendipity http://www.s9y.org/ is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source BSD License." There is no user input sanitation for...
Serendipity 0.7-beta1 SQL Injection Proof of Concept
Exploit for unknown platform in category web applications ==================================================== Serendipity 0.7-beta1 SQL Injection Proof of Concept ==================================================== Proof of Concept 1 ------------------ Usage: ./sersqlipoc.sh...