CVE-2016-8901

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/callplugin.php...

Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE", 'Description' = %q This module exploits a php object instantiation...

Exponent CMS Object Injection Vulnerability

OIC Exponent CMS is a free, open source, modular PHP-based content management system CMS from OIC USA. A security vulnerability exists in the framework/modules/core/controllers/expCatController.php file in Exponent CMS version 2.3.9. No details of the vulnerability are provided at this time...

Shopware createInstanceFromNamedArguments PHP Object Instantiation Exploit

This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently...

Option Tree < 2.7.3 - Object Injection Bypass

The OptionTree WordPress plugin was affected by an Object Injection Bypass security vulnerability...

Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE

This module exploits a php object instantiation vulnerability that can lead to RCE in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which ca...

Carts Guru <= 1.4.4 - Unauthenticated Object Injection

The Carts Guru WordPress plugin was affected by an Unauthenticated Object Injection security vulnerability...

Virim - Unauthenticated Object Injection

The Virim WordPress plugin was affected by an Unauthenticated Object Injection security vulnerability...

CVE-2019-5434

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities...

CVE-2019-5434

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities...

Design/Logic Flaw

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities...

A single click to achieve remote code execution: content management framework Drupal malicious image upload exploit chain analysis-vulnerability warning-the black bar safety net

Overview Recently, Drupal has released a set for the 7. x and 8. x version key patch. In the update, contains a set of vulnerabilities fix the vulnerabilities is our initial participation in the for the target of the vulnerability incentive program when submitted. These vulnerabilities can achiev...

Revive Adserver: Deserialization of Untrusted Data in www/delivery/dxmlrpc.php

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the first parameter in the "pluginExecute" RPC method. Impact Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP...

Drupal vulnerability a combination of Boxing: by a malicious picture of a key RCE-vulnerability warning-the black bar safety net

One, Foreword Recent Drupal released two critical patches, support 7. x and 8. the x version. In this security update fixes some bugs, these bugs have been submitted to our targeted vulnerability incentive program TIPS. Exploitation of these vulnerabilities it is possible to achieve code executio...

Option Tree < 2.7.0 - PHP Object Injection

The OptionTree WordPress plugin was affected by a PHP Object Injection security vulnerability...

Design/Logic Flaw

An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php, it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection...

CVE-2019-9056

An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php, it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection...

CVE-2019-9056

An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php, it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection...

CVE-2019-9056

CMS Made Simple 2.2.8 contains a vulnerability in the FrontEndUsers module (class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php) that allows an unauthenticated attacker to trigger an unserialize call via an untrusted FEU cookie, enabling authenticated object injection. Impact ...

CVE-2019-9056

An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php, it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection...