Search CVE reports
1 – 10 of 35 results
CVE-2020-10964
Unknown prioritySerendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
1 affected packages
serendipity
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
serendipity | — | — | Not in release | Not in release | Not in release |
CVE-2011-4090
Medium prioritySerendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
1 affected packages
serendipity
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
serendipity | — | — | — | — | Not in release |
CVE-2011-1135
Medium priorityCross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
3 affected packages
dotlrn, openacs, serendipity
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotlrn | — | — | — | — | Not affected |
openacs | — | — | — | — | Not affected |
serendipity | — | — | — | — | Not in release |
CVE-2011-1134
Medium priorityCross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
3 affected packages
dotlrn, openacs, serendipity
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotlrn | — | — | — | — | Not affected |
openacs | — | — | — | — | Not affected |
serendipity | — | — | — | — | Not in release |
CVE-2011-1133
Medium priorityCross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
3 affected packages
dotlrn, openacs, serendipity
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotlrn | — | — | — | — | Not affected |
openacs | — | — | — | — | Not affected |
serendipity | — | — | — | — | Not in release |
CVE-2016-10752
Unknown priorityNot in release
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
1 affected packages
serendipity
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
serendipity | — | — | — | Not in release | Not in release |
CVE-2019-11870
Unknown priorityNot in release
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
1 affected packages
serendipity
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
serendipity | — | — | — | Not in release | Not in release |
CVE-2017-8102
Medium priorityStored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config...
1 affected packages
serendipity
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
serendipity | — | — | — | — | Not in release |
CVE-2017-8101
Medium priorityThere is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
1 affected packages
serendipity
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
serendipity | — | — | — | — | Not in release |
CVE-2017-5609
Medium prioritySQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
1 affected packages
serendipity
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
serendipity | — | — | — | — | Not in release |