Froxlor php object injection vulnerability

Froxlor is a web-based version of the server backend control panel developed by the Froxlor team, which supports a wide range of servers such as Apache, Lighttpd and Nginx. A PHP object injection vulnerability exists in the Domain name form in Froxlor 0.9.39.5 and earlier versions. A remote...

Security Bulletin: IBM Data Server Driver for JDBC and SQLJ is affected by a 3RD PARTY Unsafe deserialization

Summary Unsafe deserialization in DB2 JDBC driver Vulnerability Details The Db2 JDBC driver deserializes the contents of /tmp/connlicj.bin default path, this is configurable, which leads to object injection and potentially arbitrary code execution depending on the classpath. CVEID: CVE-2017-1677...

CVE-2018-1000527

Froxlor version = 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $POST'sslipandport'. This vulnerability appears to...

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

CVE-2018-1000527

Froxlor version = 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $POST'sslipandport'. This vulnerability appears to...

Information disclosure

Froxlor version = 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $POST'sslipandport'. This vulnerability appears to...

Information disclosure

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

CVE-2018-1000525

OpenPSA is affected by a PHP Object Injection vulnerability in form data passed as GET variables, allowing a crafted GET request to serialize a PHP object and potentially disclose information or achieve remote code execution. The issue arises from unsafe deserialization, enabling arbitrary code e...

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

CVE-2018-1000527

CVE-2018-1000527 affects Froxlor ≤ 0.9.39.5, describing a PHP Object Injection in the Domain name form that can lead to information disclosure and remote code execution. The attack is reported as exploitable by sending a malicious PHP object via $_POST['ssl_ipandport']; multiple sources corrobora...

CVE-2018-1000527

Froxlor version = 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $POST'sslipandport'. This vulnerability appears to...

Joomla! User-Agent Object Injection RCE

The Joomla! application running on the remote web server is affected by a remote code execution vulnerability due to improper sanitization of the User-Agent header field when saving session values. An unauthenticated, remote attacker can exploit this, via a serialized PHP object, to execute...

CVE-2018-11135

The script '/adminui/errordetails.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks...

CVE-2018-11135

The script '/adminui/errordetails.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks...

Design/Logic Flaw

The script '/adminui/errordetails.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks...

CVE-2018-11135

The script '/adminui/errordetails.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks...

CVE-2018-11135

CVE-2018-11135 concerns the Quest KACE System Management Appliance 8.0.318. An authenticated user can trigger a deserialization-based PHP object injection in the script /adminui/error_details.php, enabling arbitrary PHP object execution as described in the vulnerability notes. Core Security CORE-...

PT-2018-10326 · Quest · Quest Kace System Management Appliance

Name of the Vulnerable Software and Affected Versions: Quest KACE System Management Appliance version 8.0.318 Description: The issue allows authenticated users to conduct PHP object injection attacks through the script '/adminui/error details.php'. Recommendations: For Quest KACE System Managemen...

Multiple Wordpress Plugin PHP Object Injection Vulnerabilities

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple Wordpress plugins suffer from a PHP object injection vulnerability that stems from a failure to adequately validate...