UBUNTU-CVE-2020-14933

DISPUTED compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct,...

CVE-2020-14933

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...

CVE-2020-14933

CVE-2020-14933 affects SquirrelMail 1.4.22. compose.php calls unserialize on the attachments value derived from HTTP POST data, enabling an unsafe deserialization path. The vendor disputes that the required PHP object-injection conditions are met (presence of a PHP magic method and attack-relevan...

PT-2020-14070 · Squirrelmail · Squirrelmail

Name of the Vulnerable Software and Affected Versions: SquirrelMail version 1.4.22 Description: The issue arises in compose.php, where the $attachments value from an HTTP POST request is passed to unserialize. This could potentially lead to PHP object injection. However, the vendor disputes this,...

Agent Tesla Panel Remote Code Execution Exploit

This Metasploit module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to September 12, 2018...

Agent Tesla Panel Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Agent Tesla Panel Remote Code Execution', 'Description' = %q This module exploits a command injection vulnerability within the Agent Tesla contro...

PHP-Fusion has multiple vulnerabilities Vulnerabilities

PHP-Fusion is a lightweight open source content management system . It uses mySQL database to store site content and provide a simple , comprehensive back-end management system . PHP-Fusion includes most of the CMS system has the functionality . PHP-Fusion has PHP object injection and SQL injecti...

Agent Tesla Panel Remote Code Execution

This module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to Sepetember 12, 2018 can be...

PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection

PHP-Fusion version 9.03.60 PHP object injection to SQL injection pre-authentication exploit. Exploit Title: PHP-Fusion v9.03.60, PHP Object Injection to SQL injection pre-auth Date: 2020-05-26 Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link:...

PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection

Exploit Title: PHP-Fusion v9.03.60, PHP Object Injection to SQL injection pre-auth Date: 2020-05-26 Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.60 import sys import requests impo...

Ruby on Rails code issue vulnerability (CNVD-2020-39016)

Ruby on Rails is a set of Rails team based on the Ruby language open source Web application framework. A code issue vulnerability exists in Ruby on Rails versions prior to 5.2.5 and prior to 6.0.4. An attacker can exploit this vulnerability to inject untrusted Ruby objects into a web application,...

EZSA-2020-004 Object Injection in SiteAccessMatchListener

More info at https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener...

EZSA-2020-004 Object Injection in SiteAccessMatchListener

More info at https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener...

CVE-2020-12835

An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network...

PHP Object Injection

intelliants/subrion is vulnerable to PHP object injection. The vulnerability exists through the serialized data in the subpages value within admin/blocks.php to block/edit...

Subrion CMS Code Issue Vulnerability

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A security vulnerability exists in the admin/blocks.php file in Subrion CMS 4.2.1 and earlier versions. An attacker ca...

CVE-2020-12469

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection with resultant file deletion via serialized data in the subpages value within a block to blocks/edit...

CVE-2020-12469

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection with resultant file deletion via serialized data in the subpages value within a block to blocks/edit...

Design/Logic Flaw

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection with resultant file deletion via serialized data in the subpages value within a block to blocks/edit...

CVE-2020-12469

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection with resultant file deletion via serialized data in the subpages value within a block to blocks/edit...