CVE-2019-9055

CMS Made Simple 2.2.8 contains a vulnerability in the DesignManager module (action.admin_bulk_css.php and action.admin_bulk_template.php) where an unserialize call on m1_allparms can be triggered by an unprivileged user with Designer permission to achieve object injection, enabling authenticated ...

PT-2019-19344 · Cms Made Simple · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.8 Description: An issue was discovered in the ModuleManager module, specifically in the action.installmodule.php file, where it is possible to reach an unserialize call with untrusted input. This can lead to...

PT-2019-19342 · Cms Made Simple · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.8 Description: An issue was discovered in the administrator page "admin/changegroupperm.php" where it is possible to send a crafted value in the sel groups parameter, leading to authenticated object injection...

PT-2019-19341 · Cms Made Simple · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.8 Description: An issue was discovered in the FilePicker module, where it is possible to reach an unserialize call with an untrusted parameter, achieving authenticated object injection. Recommendations: For CMS Mad...

TCPDF 6.2.19 Deserialization / Remote Code Execution Exploit

TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution. CVE-2018-17057: phar deserialization in TCPDF might lead to RCE --------------------------------------------------------------- Affected products ================= TCPDF While it ...

Revive Adserver: Deserialization of Untrusted Data in www/delivery/adxmlrpc.php

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. Impact Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP...

CMS Made Simple < 2.2.10 Multiple Vulnerabilities

CMS Made Simple is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Public disclosed vulnerabilities from Jackson-databind affects IBM Spectrum LSF

Summary Public disclosed vulnerabilities from Jackson-databind affects IBM Spectrum LSF: CVE-2017-7525, CVE-2017-15095, CVE-2017-17485, CVE-2018-5968, CVE-2018-7489 Vulnerability Details CVE-2017-7525 Jackson-databind Also implemented in JBoss BPM Suite is vulnerable to remote code execution when...

Joomla! 2.5.0 < 3.9.3 Multiple Vulnerabilities

According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.9.3. It is, therefore, affected by multiple vulnerabilities: - An object injection vulnerability exists in Joomla! prior to 3.9.3 due to the absence of a protection mechanism to...

Joomla! 1.0.x < 3.9.3 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - XSS in URL fields in various core components affects Joomla 2.5.0 through 3.9.2 - XSS in browserside mime-type sniffing affects Joomla 1.0.0 through 3.9.2 - "No Filtering"...

Amazon Linux 2 : php-pear (ALAS-2019-1159)

PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...

Medium: php-pear

Issue Overview: PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can...

Design/Logic Flaw

An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism such as the TYPO3 PHAR stream wrapper to prevent use of the phar:// handler for non .phar-files...

[SECURITY] [DLA 1674-1] php5 security update

Package : php5 Version : 5.6.39+dfsg-0+deb8u2 CVE ID : CVE-2018-1000888 php-pear in php5 contains CWE-502 Deserialization of Untrusted Data and CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerabilities in its ArchiveTar class. When extract is called...

Debian DLA-1673-1 : wordpress security update

CVE-2018-20147 Authors could modify metadata to bypass intended restrictions on deleting files. CVE-2018-20148 Contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the...

[SECURITY] [DLA 1673-1] wordpress security update

Package : wordpress Version : 4.1.25+dfsg-1+deb8u1 CVE ID : CVE-2018-20147 CVE-2018-20148 CVE-2018-20149 CVE-2018-20150 CVE-2018-20151 CVE-2018-20152 CVE-2018-20153 Debian Bug : 916403 CVE-2018-20147 Authors could modify metadata to bypass intended restrictions on deleting files. CVE-2018-20148...

NextGen Gallery <= 3.1.5 - Authenticated PHP Object Injection

Legacy serialization handling allows unserialize of user input for low privileged users, leading to RCE...

Debian DSA-4378-1 : php-pear - security update

Fariskhi Vidyan discovered that the PEAR ArchiveTar package for handling tar files in PHP is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...

[SECURITY] [DSA 4378-1] php-pear security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq -...

CTF Writeup: Complex Drupal POP Chain

About the Challenge The Droops challenge consisted of a website which had a modified version of Drupal 7.63 installed. The creators of the challenge added a Cookie to the Drupal installation that contained a PHP serialized string, which would then be unserialized on the remote server, leading to ...