Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2026/04/14 11:31 p.m.7 views

CVE-2026-39963 Serendipity: Host Header Injection enables authentication cookie scoping to an attacker-controlled domain

Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipitysetCookie function in include/functionsconfig.inc.php uses $SERVER'HTTPHOST' without validation as the domain parameter of setcookie. An attacker who can influence the Host header at login time, such as vi...

6.9CVSS5.7AI score0.00224EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:45 p.m.7 views

CVE-2005-1450

Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact...

7.5CVSS6.9AI score0.01317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.3 views

CVE-2023-53933

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server...

8.8CVSS8.8AI score0.00874EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2005-1455

Malware in sbrugna...

10CVSS6.4AI score0.01412EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-3129

Malware in sbrugna...

5.1CVSS6.4AI score0.05485EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-6225

Malware in sbrugna...

6.8CVSS6.4AI score0.04516EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 5:38 p.m.7 views

CVE-2020-10964

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename...

9.8CVSS8AI score0.02793EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:12 p.m.10 views

CVE-2012-2332

SQL injection vulnerability in serendipity/serendipityadmin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipityplugintoconf parameter. NOTE: this issue might be resultant from cross-site request forgery CSRF...

7.5CVSS8.6AI score0.01664EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:23 a.m.8 views

CVE-2017-8102

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipityeventxsstrust plugin and a setconfig error in that plugin...

5.4CVSS5.7AI score0.00858EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:9 a.m.7 views

CVE-2009-3337

SQL injection vulnerability in the Freetag serendipityeventfreetag plugin before 3.09 for Serendipity S9Y allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry...

7.5CVSS8.9AI score0.01404EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/06/14 12:0 a.m.30 views

Serendipity < 2.1.1 Multiple Vulnerabilities

According to its banner, the version of Serendipity running on the remote host is prior to 2.1.1. It is, therefore, affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists in the templates/2k11/admin/category.inc.tpl script due to improper validation of the...

9.8CVSS7.3AI score0.02883EPSS
Exploits1References10
CNVD
CNVD
added 2017/01/16 12:0 a.m.4 views

Serendipity Cross-Site Request Forgery Vulnerability (CNVD-2017-00771)

Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. A cross-site request forgery vulnerability exists in the comment.php page in Serendipity 2.0.5 and earlier versions, which allows attackers to...

8.8CVSS8.5AI score0.00558EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/10/21 12:0 a.m.10 views

Serendipity < 0.7.0rc1 HTTP Response Splitting

Binary data 2367.prm...

5CVSS7.3AI score0.08139EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2004/10/01 12:0 a.m.59 views

serendipityPoC.txt

Serendipity 0.7-beta1 SQL Injection Proof of Concept By aCiDBiTS [email protected] 13-September-2004 "Serendipity http://www.s9y.org/ is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source BSD License." There is no user input sanitation for...

7.4AI score
Exploits0
0day.today
0day.today
added 2004/09/28 12:0 a.m.91 views

Serendipity 0.7-beta1 SQL Injection Proof of Concept

Exploit for unknown platform in category web applications ==================================================== Serendipity 0.7-beta1 SQL Injection Proof of Concept ==================================================== Proof of Concept 1 ------------------ Usage: ./sersqlipoc.sh...

7.1AI score
Exploits0
Rows per page
Query Builder