Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2495

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2495
Last Modified 07 Mar 2011 09:36:18
Published 19 May 2006 11:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2495

Summary

Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.

Vulnerable Systems

Application

  • S9y Serendipity 0.3

  • S9y Serendipity 0.4

  • S9y Serendipity 0.5

  • S9y Serendipity 0.5 Pl1

  • S9y Serendipity 0.6

  • S9y Serendipity 0.6 Pl3

  • S9y Serendipity 0.7

  • S9y Serendipity 0.7.1

  • S9y Serendipity 0.8

  • S9y Serendipity 0.8.1

  • S9y Serendipity 0.8.2

  • S9y Serendipity 0.8.3

  • S9y Serendipity 0.8.4

  • S9y Serendipity 0.8.5

  • S9y Serendipity 0.9

  • S9y Serendipity 0.9.1

  • S9y Serendipity 1.0 Beta1

  • S9y Serendipity 1.0 Beta2


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=414920&group_id=75065

VUPEN - ADV-2006-1855

SECUNIA - 20155


Last Updated: 27 May 2016 10:42:29