Garvin Hicking

6 exploits Active since Mar 2015
CVE-2026-6553 WRITEUP HIGH WRITEUP
TYPO3 CMS Stores Cleartext Password in User Settings Module
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
CVE-2015-2289 WRITEUP WRITEUP
S9Y Serendipity < 2.0 - XSS
Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
CVE-2016-9681 WRITEUP MEDIUM WRITEUP
S9Y Serendipity < 2.0.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
CVSS 5.4
CVE-2016-9752 WRITEUP HIGH WRITEUP
S9Y Serendipity < 2.0.4 - SSRF
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
CVSS 8.6
CVE-2017-5474 WRITEUP MEDIUM WRITEUP
S9Y Serendipity < 2.0.5 - Open Redirect
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
CVSS 6.1
CVE-2017-5609 WRITEUP HIGH WRITEUP
S9Y Serendipity - SQL Injection
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
CVSS 8.8