Ultimate Product Catalog Plugin for WordPress < 4.2.26 PHP Object Injection

According to its self-reported version, the Ultimate Product Catalog Plugin for WordPress running on the remote web server is prior to 4.2.26. It is, therefore, affected by a PHP object injection vulnerability. An unauthenticated, remote attacker can exploit this to inject PHP objects and execute...

Appointments Plugin for WordPress < 2.2.2 PHP Object Injection

According to its self-reported version, the Appointments Plugin for WordPress running on the remote web server is prior to 2.2.2. It is, therefore, affected by a PHP object injection vulnerability. An unauthenticated, remote attacker can exploit this to inject PHP objects and execute arbitrary...

Ultimate Form Builder Lite for WordPress < 1.3.7 SQL Injection

According to its self-reported version, the Ultimate Form Builder Lite Plugin for WordPress running on the remote web server is prior to 1.3.7. It is therefore, affected by a SQL Injection vulnerability, resulting in PHP Object Injection exploitation vectors. With a specially crafted request, a...

Slimstat Analytics Plugin for WordPress < 4.7.1 PHP Object Injection

According to its self-reported version, the Slimstat Analytics Plugin for WordPress running on the remote web server is prior to 4.7.1. It is, therefore, affected by a PHP object injection vulnerability. An authenticated, remote attacker can exploit this issue to inject PHP objects and execute...

Cacti < 1.0.0 Multiple Vulnerabilities - Linux

Cacti is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cacti:cacti"; ifdescription...

Cacti < 1.0.0 Multiple Vulnerabilities - Windows

Cacti is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cacti:cacti"; ifdescription...

Cacti PHP Object Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A security vulnerability exists in versions of Cacti prior to 1.0.0...

Object Injection

October CMS is vulnerable to object injection. The library does not properly handle the serialization of the selectedList variable in the modules/cms/widgets/AssetList.php file, allowing a malicious user to inject PHP objects that can lead to the ability to delete arbitrary files on the server...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

Design/Logic Flaw

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in the asset move functionality, allowing an attacker to delete files on the server within the constraints of file permissions. The vulnerability is triggered through the asset handling path in October CMS, with documented remediation vi...

October CMS PHP Object Injection Vulnerability

OctoberCMS is a CMS system based on Laravel PHP development framework. A PHP object injection vulnerability exists in the asset movement feature of October CMS build 412. An attacker can exploit the vulnerability to delete restricted files on the server...

WooCommerce <= 3.2.3 - Authenticated PHP Object Injection

Versions 3.2.3 and earlier are affected by an issue where cached queries within shortcodes could lead to object injection. This is related to the recent WordPress 4.8.3 security release. This issue can only be exploited by users who can edit content and add shortcodes, but we still recommend all...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

Design/Logic Flaw

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

DEBIAN-CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...