8067 matches found
CVE-2014-2293
CVE-2014-2293 affects Zikula Application Framework prior to 1.3.7 build 11. The vulnerability arises from PHP object injection via crafted serialized data in index.php parameters: authentication_method_ser, authentication_info_ser, or zikulaMobileTheme. This can allow remote attackers to delete a...
CVE-2017-1677
IBM Data Server Driver for JDBC and SQLJ IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999...
Design/Logic Flaw
IBM Data Server Driver for JDBC and SQLJ IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999...
CVE-2017-1677
IBM Data Server Driver for JDBC and SQLJ IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999...
CVE-2017-1677
CVE-2017-1677 affects IBM DB2 family via unsafe deserialization in the Data Server Driver for JDBC/SQLJ. The vulnerability occurs when the driver deserializes /tmp/connlicj.bin, enabling object injection and potentially arbitrary code execution depending on the classpath. Affected products/versio...
CVE-2017-1677
IBM Data Server Driver for JDBC and SQLJ IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999...
WordPress WP Job Manager plugin <=1.29.2 - Unauthenticated Object Injection vulnerability
Unauthenticated Object Injection vulnerability found in WordPress WP Job Manager plugin versions =1.29.2. Solution Update the WordPress WP Job Manager plugin to the latest available version at least 1.29.3...
infinispan: Unsafe deserialization of malicious object injected into data cache
It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
Newsletters Lite < 4.6.8.6 - PHP Object Injection
The Newsletters WordPress plugin was affected by a PHP Object Injection security vulnerability...
WordPress Category Order and Taxonomy Terms Order plugin <=1.5.2.2 - Authenticated PHP Object Injection vulnerability
Authenticated PHP Object Injection vulnerability found in WordPress Category Order and Taxonomy Terms Order plugin versions =1.5.2.2. Solution Update the WordPress Category Order and Taxonomy Terms Order plugin to the latest available version at least 1.5.3...
WP Job Manager <= 1.29.2 - Unauthenticated Object Injection
Preauth PHP Object injection - none authenticated attacker could supply his own payload and system to perform unserialize over its data...
Category Order and Taxonomy Terms Order <= 1.5.2.2 - Authenticated PHP Object Injection
Usage of unserialize on user input in the saving request of the orders leads to PHP object injection vulnerability. PoC Send POST request to "URL/wp-admin/admin-ajax.php" with parameters "action=update-taxonomy-order=SERIALIZED-OBJECT"...
ValidFormBuilder PHP Object Injection Vulnerability
ValidForm Builder is an open source for creating Web forms and field validation of JavaScript and PHP libraries . A PHP object injection vulnerability exists in the Valid Form deserialization method in ValidFormBuilder version 4.5.4. A remote attacker can exploit this vulnerability to execute...
WordPress WooCommerce plugin <=3.2.3 - Authenticated PHP Object Injection vulnerability
Authenticated PHP Object Injection vulnerability found in WordPress WooCommerce plugin versions =3.2.3. Solution Update the WordPress WooCommerce plugin to the latest available version at least 3.2.4...
Unsafe Deserialization
infinispan-client-hotrod is vulnerable to unsafe deserializations. Attackers can inject objects into the data cache, which would get deserialized within the client. This could lead to remote code execution and other attacks...
CVE-2018-1000059
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...
CVE-2018-1000059
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...
Design/Logic Flaw
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...
CVE-2018-1000059
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...
CVE-2018-1000059
Summary: ValidFormBuilder 4.5.4 contains a PHP Object Injection vulnerability in the Valid Form unserialize method. The root cause is insecure deserialization, enabling possible remote command execution and disclosure of files. Affected product/version: ValidFormBuilder 4.5.4. Impact: unauthorise...