| Reporter | Title | Published | Views | Family All 192 |
|---|---|---|---|---|
| Kerio Control Unified Threat Management 9.1.0 build 1087 / 9.1.1 build 1324 - Multiple Vulnerabiliti | 22 Sep 201600:00 | – | zdt | |
| Several vulnerabilities found in PHP | 19 Mar 201500:00 | – | freebsd | |
| PHP 5.4.x < 5.4.37 / 5.5.x < 5.5.21 / 5.6.x < 5.6.5 Multiple Vulnerabilities | 25 Feb 201500:00 | – | nessus | |
| PHP 5.4.x < 5.4.39 / 5.5.x < 5.5.23 / 5.6.x < 5.6.7 Multiple Vulnerabilities | 9 Apr 201500:00 | – | nessus | |
| Mac OS X < 10.11 Multiple Vulnerabilities | 28 Oct 201500:00 | – | nessus | |
| Amazon Linux AMI : php55 (ALAS-2015-474) | 13 Feb 201500:00 | – | nessus | |
| Amazon Linux AMI : php54 (ALAS-2015-475) | 13 Feb 201500:00 | – | nessus | |
| Amazon Linux AMI : php54 (ALAS-2015-506) | 17 Apr 201500:00 | – | nessus | |
| Amazon Linux AMI : php55 (ALAS-2015-507) | 17 Apr 201500:00 | – | nessus | |
| Amazon Linux AMI : php56 (ALAS-2015-508) | 17 Apr 201500:00 | – | nessus |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| k_variable | request body | set.php | Unsafe usage of unserialize-based exploit to achieve remote code execution via crafted data in POST to set.php | |
| k_value | request body | set.php | Unsafe usage of unserialize-based exploit to achieve remote code execution via crafted data in POST to set.php | |
| k_securityHash | request body | set.php | Unsafe usage of unserialize-based exploit to achieve remote code execution via crafted data in POST to set.php | |
| target | request body | set.php | Unsafe usage of unserialize-based exploit to achieve remote code execution via crafted data in POST to set.php | |
| k_getHistoryId | path | contentLoader.php?k_getHistoryId=1&k_securityHash=x | Triggers unserialize path via crafted history data in contentLoader.php to achieve code execution / crash | |
| k_securityHash | path | contentLoader.php?k_getHistoryId=1&k_securityHash=x | Triggers unserialize path via crafted history data in contentLoader.php to achieve code execution / crash | |
| k_getHistoryId | path | contentLoader.php | Unserialize payload path leading to RCE when contentLoader.php processes injected data | |
| k_securityHash | path | contentLoader.php | Unserialize payload path leading to RCE when contentLoader.php processes injected data | |
| kerio_username | path | internal/dologin.php | Brute-force authentication endpoint exposure for Kerio Control web interface | |
| kerio_password | path | internal/dologin.php | Brute-force authentication endpoint exposure for Kerio Control web interface |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation