Vulnerabilities > S9Y > Serendipity > 0.7.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-20 | CVE-2006-2495 | Cross-Site Request Forgery vulnerability in Serendipity Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. | 7.5 |
2005-10-04 | CVE-2005-3129 | Cross-Site Request Forgery vulnerability in Serendipity Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php. | 5.1 |
2005-05-03 | CVE-2005-1452 | Remote Security vulnerability in Serendipity Serendipity before 0.8 allows Chief users to "hide plugins installed by other users." | 10.0 |
2005-05-03 | CVE-2005-1451 | Remote Security vulnerability in Serendipity The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files. | 7.5 |
2005-05-03 | CVE-2005-1450 | Remote Security vulnerability in Serendipity Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact. | 7.5 |
2005-05-03 | CVE-2005-1449 | Remote Security vulnerability in Serendipity Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. | 10.0 |
2005-05-03 | CVE-2005-1448 | HTML Injection vulnerability in S9Y Serendipity BBCode Plugin Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network s9y | 6.8 |