Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 35 results


CVE-2020-10964

Unknown priority
Ignored

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.

1 affected packages

serendipity

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
serendipity Not in release Not in release Not in release
Show less packages

CVE-2011-4090

Medium priority
Ignored

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.

1 affected packages

serendipity

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
serendipity Not in release
Show less packages

CVE-2011-1135

Medium priority
Ignored

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.

3 affected packages

dotlrn, openacs, serendipity

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dotlrn Not affected
openacs Not affected
serendipity Not in release
Show less packages

CVE-2011-1134

Medium priority
Ignored

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.

3 affected packages

dotlrn, openacs, serendipity

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dotlrn Not affected
openacs Not affected
serendipity Not in release
Show less packages

CVE-2011-1133

Medium priority
Ignored

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.

3 affected packages

dotlrn, openacs, serendipity

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dotlrn Not affected
openacs Not affected
serendipity Not in release
Show less packages

CVE-2016-10752

Unknown priority

Not in release

serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.

1 affected packages

serendipity

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
serendipity Not in release Not in release
Show less packages

CVE-2019-11870

Unknown priority

Not in release

Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.

1 affected packages

serendipity

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
serendipity Not in release Not in release
Show less packages

CVE-2017-8102

Medium priority
Ignored

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config...

1 affected packages

serendipity

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
serendipity Not in release
Show less packages

CVE-2017-8101

Medium priority
Ignored

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.

1 affected packages

serendipity

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
serendipity Not in release
Show less packages

CVE-2017-5609

Medium priority
Ignored

SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.

1 affected packages

serendipity

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
serendipity Not in release
Show less packages