Moodle 2.x / 3.x Remote Code Execution Vulnerability (Mar 2017) - Linux

Moodle is prone to an authenticated remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Moodle 2.x / 3.x Remote Code Execution Vulnerability (Mar 2017) - Windows

Moodle is prone to an authenticated remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Open Web Analytics < 1.5.7 PHP Object Injection Vulnerability

Open Web Analytics is prone to a PHP object injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

DRUPAL-CONTRIB-2018-022

This module enables you to monitor and manage any number of remote Drupal sites and aggregate useful information for administrators in a central dashboard. The modules DRD and DRD Agent encrypt the data which is exchanged between them but in order to do so, they use the PHP serialize/unserialize...

DRD Agent - Critical - PHP object injection - SA-CONTRIB-2018-022

This module enables you to monitor and manage any number of remote Drupal sites and aggregate useful information for administrators in a central dashboard. The modules DRD and DRD Agent encrypt the data which is exchanged between them but in order to do so, they use the PHP serialize/unserialize...

CVE-2014-2294

Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...

Design/Logic Flaw

Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...

CVE-2014-2294

Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...

CVE-2014-2294

Open Web Analytics (OWA) before 1.5.7 is vulnerable to PHP object injection via the owa_event parameter to queue.php. The root cause is unsafe unserialize() of a crafted serialized object (after decoding base64) in queue.php, enabling remote attackers to manipulate configuration or achieve arbitr...

CVE-2018-10085

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

Code injection

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

CVE-2018-10085

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

CVE-2018-10085

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

CVE-2018-10085

CMS Made Simple (CMSMS)

CMS Made Simple PHP Object Injection Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A PHP object injection vulnerability exists in CMS...

Open Web Analytics Heap Buffer Overflow Vulnerability

Open Web Analytics OWA is a PHP and MySQL based open source web traffic statistics software from the Open Web Analytics team. The software can be used to track and analyze the websites and applications visited by users, and can be used with WordPress, MediaWiki integration. Open Web Analytics OWA...

IBM DB2 Data Server Driver for JDBC and SQLJ Injection Vulnerabilities

IBM DB2 is a relational database management system from IBM in the United States. The system's execution environments are mainly UNIX, Linux, IBM i, z/OS, and Windows server versions.Data Server Driver for JDBC and SQLJ is one of the data server drivers. A security vulnerability exists in Data...

Design/Logic Flaw

Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the 1 authenticationmethodser or 2 authenticationinfoser parameter to index.php, or 3...

CVE-2014-2293

Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the 1 authenticationmethodser or 2 authenticationinfoser parameter to index.php, or 3...

CVE-2014-2293

Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the 1 authenticationmethodser or 2 authenticationinfoser parameter to index.php, or 3...