Lucene search
K

8075 matches found

Prion
Prion
added 2021/04/28 3:15 a.m.29 views

Deserialization of untrusted data

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...

7.5CVSS8.9AI score0.03095EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2021/04/28 2:21 a.m.597 views

CVE-2020-36326

PHPMailer is affected in versions 6.1.8–6.4.0 by an object-injection vulnerability via Phar deserialization when using addAttachment with a UNC pathname. The issue arose after 6.1.8 fixed a UNC-path readability problem, unintentionally removing a block that previously prevented exploitation. Mult...

9.8CVSS8.7AI score0.03095EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/04/28 2:21 a.m.28 views

CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...

8.8AI score0.03095EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/04/28 2:21 a.m.78 views

CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...

9.8CVSS7.7AI score0.03095EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/04/28 12:0 a.m.4 views

PT-2021-12009 · Phpmailer · Phpmailer

Name of the Vulnerable Software and Affected Versions: PHPMailer versions 6.1.8 through 6.4.0 Description: The issue allows object injection through Phar Deserialization via the addAttachment method with a UNC pathname. This is a reintroduction of an earlier problem due to an unrelated bug fix in...

9.8CVSS6.4AI score0.03095EPSS
Exploits0References29
CNNVD
CNNVD
added 2021/04/27 12:0 a.m.21 views

PHPMailer 代码问题漏洞

PHPMailer is a PHP class library for sending emails. PHPMailer is vulnerable to a code issue that allows object injection via addAttachment with a UNC pathname via Phar deserialization. No details of the vulnerability are currently available...

9.8CVSS5.8AI score0.03095EPSS
Exploits0References10
OSV
OSV
added 2021/04/23 7:15 p.m.27 views

CVE-2021-20083

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype...

8.8CVSS6.5AI score
Exploits0References4
OSV
OSV
added 2021/04/23 6:15 p.m.14 views

CVE-2021-20087

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype...

8.8CVSS6.7AI score
Exploits0References2
Cvelist
Cvelist
added 2021/04/23 5:49 p.m.19 views

CVE-2021-20088

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype...

8.8AI score0.01449EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/04/23 12:0 a.m.5 views

jquery-sparkle 安全漏洞

jquery-sparkle is an application. jQuery's "Don't Repeat Yourself" plugin/effects framework. A security vulnerability exists in jquery-sparkle 1.5.2-beta, which arises from an improperly controlled modification that allows a malicious user to inject properties into Object...

8.8CVSS7.9AI score0.01409EPSS
Exploits1References2
Patchstack
Patchstack
added 2021/04/20 12:0 a.m.10 views

WordPress Redirection for Contact Form 7 plugin <= 2.3.3 - Authenticated PHP Object Injection vulnerability

Authenticated PHP Object Injection vulnerability discovered by WordFence in WordPress Redirection for Contact Form 7 plugin versions = 2.3.3. Solution Update the WordPress Redirection for Contact Form 7 plugin to the latest available version at least 2.3.4...

2.6AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2021/04/20 12:0 a.m.112 views

Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection

In the plugin, any authenticated user, such as a subscriber, could use the importfromdebug AJAX action to inject PHP objects. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // OBJI $ch = curlinit; curlsetopt$ch, CURLOPTURL, $wpur...

6.5CVSS0.7AI score0.01967EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/04/20 12:0 a.m.19 views

Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection

In the plugin, any authenticated user, such as a subscriber, could use the importfromdebug AJAX action to inject PHP objects. PoC $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // OBJI $ch = curlinit; curlsetopt$ch, CURLOPTURL,...

6.5CVSS0.9AI score0.01967EPSS
Exploits2References1Affected Software1
OpenVAS
OpenVAS
added 2021/04/13 12:0 a.m.29 views

WordPress Facebook for WordPress Plugin < 3.0.0 PHP Object Injection Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

8.1CVSS8.2AI score0.0352EPSS
Exploits2References2
OSV
OSV
added 2021/04/12 2:15 p.m.1 views

CVE-2021-24217

The runaction function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code...

8.1CVSS7.5AI score
Exploits0References2
NVD
NVD
added 2021/04/12 2:15 p.m.20 views

CVE-2021-24217

The runaction function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code...

8.1CVSS0.0352EPSS
Exploits2References2
Prion
Prion
added 2021/04/12 2:15 p.m.24 views

Design/Logic Flaw

The runaction function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code...

6.8CVSS8.5AI score0.0352EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/04/12 2:1 p.m.22 views

CVE-2021-24217 Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain

The runaction function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code...

8.8AI score0.0352EPSS
Exploits2References2
CVE
CVE
added 2021/04/12 2:1 p.m.85 views

CVE-2021-24217

The CVE-2021-24217 entry concerns the WordPress Facebook for WordPress plugin prior to version 3.0.0. The vulnerability arises because run_action deserializes user-supplied data, enabling PHP object injection, and an available magic method could be exploited to achieve remote code execution. Affe...

8.1CVSS8.6AI score0.0352EPSS
Exploits2References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-7808

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...

7.5CVSS7.6AI score0.80635EPSS
Exploits12References1
Rows per page
Query Builder