Vulnerabilities > S9Y > Serendipity > 0.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-20 | CVE-2006-2495 | Cross-Site Request Forgery vulnerability in Serendipity Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. | 7.5 |
2005-10-04 | CVE-2005-3129 | Cross-Site Request Forgery vulnerability in Serendipity Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php. | 5.1 |
2005-05-03 | CVE-2005-1452 | Remote Security vulnerability in Serendipity Serendipity before 0.8 allows Chief users to "hide plugins installed by other users." | 10.0 |
2005-05-03 | CVE-2005-1451 | Remote Security vulnerability in Serendipity The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files. | 7.5 |
2005-05-03 | CVE-2005-1450 | Remote Security vulnerability in Serendipity Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact. | 7.5 |
2005-05-03 | CVE-2005-1449 | Remote Security vulnerability in Serendipity Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. | 10.0 |
2005-05-03 | CVE-2005-1448 | HTML Injection vulnerability in S9Y Serendipity BBCode Plugin Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network s9y | 6.8 |
2005-04-13 | CVE-2005-1134 | SQL injection vulnerability in S9Y Serendipity Exit.PHP SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters. | 7.5 |
2004-12-31 | CVE-2004-2525 | Remote Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable. network s9y | 4.3 |