8069 matches found
CVE-2019-19826
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...
CVE-2019-19826
The CVE refers to Drupal’s Views Dynamic Fields module (7.x-1.0-alpha4). It insecurely unserializes data in handlers/views_handler_filter_dynamic_fields.inc, enabling PHP object injection via a field_names object and an Archive_Tar object, with file deletion as an example. This could lead to code...
Object Injection
phpsocialnetwork/phpfastcache is vulnerable to object injection. The vulnerability exists as an object can be included through the value of $keyword in Cookie/Driver.php, potentially allowing an attacker to execute arbtirary code...
CVE-2019-16774
In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver...
CVE-2019-16774
In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver...
Design/Logic Flaw
In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver...
CVE-2019-16774 Object injection in cookie driver
In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver...
CVE-2019-16774
Removed by vendor...
CVE-2019-16774
In phpfastcache, the cookie driver is vulnerable to object injection in versions before 5.1.3. The root cause is unsafe handling during deserialization/inclusion via cookies, enabling crafted data to instantiate objects. Impact ranges from partial to high severity, with some sources indicating po...
GHSA-484F-743F-6JX2 Object injection in cookie driver in phpfastcache
Impact An possible object injection has been discovered in cookie driver prior 5.0.13 versions of 5.x releases. Patches The issue has been addressed by enforcing JSON conversion when deserializing Workarounds If you can't fix it, use another driver such as "Files" Filesystem References Fixing...
Object injection in cookie driver in phpfastcache
Impact An possible object injection has been discovered in cookie driver prior 5.0.13 versions of 5.x releases. Patches The issue has been addressed by enforcing JSON conversion when deserializing Workarounds If you can't fix it, use another driver such as "Files" Filesystem References Fixing...
OkayCMS 2.3.4 Remote Code Execution Exploit #RCE
Exploit for php platform in category web applications Unauthenticated remote code execution in OkayCMS Overview Target: OkayCMS Vendor: OkayCMS Version: all versions including 2.3.4 CVE: CVE-2019-16885 Accessibility: Local Severity: Critical Author: Wolfgang Hotwagner AIT Austrian Institute of...
Revive Adserver 4.2 Remote Code Execution
Exploit Title: Revive Adserver 4.2 - Remote Code Execution Google Dork: "inurl:www/delivery filetype:php" Exploit Author: crlf Vendor Homepage: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/archive/ Version: 4.1.x '' : @list$x, $url, $code = $argv;...
Remote code execution
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie pricefilter, and second in api/Comparison.php via the cookie compariso...
Revive Adserver 4.2 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Revive Adserver 4.2 - Remote Code Execution Google Dork: "inurl:www/delivery filetype:php" Exploit Author: crlf Vendor Homepage: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/archive/...
Revive Adserver 4.2 - Remote Code Execution
Revive Adserver 4.2 - Remote Code Execution Exploit Title: Revive Adserver 4.2 - Remote Code Execution Google Dork: "inurl:www/delivery filetype:php" Exploit Author: crlf Vendor Homepage: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/archive/ Version:...
Revive Adserver 4.2 - Remote Code Execution
Exploit Title: Revive Adserver 4.2 - Remote Code Execution Google Dork: "inurl:www/delivery filetype:php" Exploit Author: crlf Vendor Homepage: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/archive/ Version: 4.1.x '' : @list$x, $url, $code = $argv;...
CMS Made Simple 2.2.8 Remote Code Execution Exploit
An issue was discovered in CMS Made Simple version 2.2.8. In the module DesignManager in the files action.adminbulkcss.php and action.adminbulktemplate.php, with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1allparms...
CMS Made Simple 2.2.8 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CMS Made Simple Authenticated RCE via object injection', 'Description' = %q An issue was discovered in CMS Made Simple 2.2.8. In the module...
CMS Made Simple Authenticated RCE via object injection
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager in the files action.adminbulkcss.php and action.adminbulktemplate.php, with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1allparms parameter, an...