Garvin Hicking

6 exploits Active since Mar 2015
CVE-2026-6553 WRITEUP HIGH WRITEUP
TYPO3 CMS Stores Cleartext Password in User Settings Module
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
CVSS 7.5
CVE-2015-2289 WRITEUP WRITEUP
Serendipity < 2.0 - Authenticated Cross-Site Scripting via serendipity[cat][name] Parameter
Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
CVE-2016-9681 WRITEUP MEDIUM WRITEUP
Serendipity < 2.0.4 - Authenticated Cross-Site Scripting via Category or Directory Name
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
CVSS 5.4
CVE-2016-9752 WRITEUP HIGH WRITEUP
Serendipity < 2.0.5 - Server-Side Request Forgery via Malformed IP Address or 30x Redirection
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
CVSS 8.6
CVE-2017-5474 WRITEUP MEDIUM WRITEUP
Serendipity < 2.0.5 - Open Redirect via HTTP Referer Header
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
CVSS 6.1
CVE-2017-5609 WRITEUP HIGH WRITEUP
Serendipity 2.0.5 - Authenticated SQL Injection via cat Parameter
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
CVSS 8.8