DEBIAN-CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CVE-2014-4000

CVE-2014-4000 affects Cacti prior to 1.0.0. A remote authenticated attacker can trigger PHP object injection via a crafted serialized object (unserialize(stripslashes())) to execute arbitrary PHP code. Public references confirm impact and recommend upgrading to 1.0.0+ (or newer versions such as 1...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

osCommerce 2.3.4.1 - Arbitrary File Upload

osCommerce 2.3.4.1 - Arbitrary File Upload Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload Date: 11.11.2017 Exploit Author: Simon Scannell - https://scannell-infosec.net Vendor Homepage: https://www.oscommerce.com/ Software Link:...

osCommerce 2.3.4.1 - Arbitrary File Upload

Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload Date: 11.11.2017 Exploit Author: Simon Scannell - https://scannell-infosec.net Vendor Homepage: https://www.oscommerce.com/ Software Link: https://www.oscommerce.com/Products&Download=oscom234 Version: 2.3.4.1, 2.3.4 - Other...

WPML Translation Management <= 2.4.1 - PHP Object Injection

The wpml-translation-management WordPress plugin was affected by a PHP Object Injection security vulnerability...

Tuleap 9.6 Second-Order PHP Object Injection

This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to execute...

WordPress Ultimate Product Catalog plugin <= 4.2.24 - PHP Object Injection

A vulnerability exists in UPCPAddToCart function. There the cookie is unserialized which means an attacker can create a malicious user input to create a PHP object injection. Solution Update the plugin...

WordPress Ultimate Product Catalog 4.2.24 PHP Object Injection

Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage: http://www.etoilewebdesign.com/plugins/ultimate-product-catalog/ Software Link:...

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage:...

WordPress Ultimate Product Catalog 4.2.24 Plugin - PHP Object Injection Exploit

Exploit for php platform in category web applications Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage:...

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection

Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage: http://www.etoilewebdesign.com/plugins/ultimate-product-catalog/ Software Link:...

CVE-2017-15919

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

Sql injection

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

CVE-2017-15919

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

CVE-2017-15919

The CVE-2017-15919 affects the WordPress plugin Ultimate Form Builder Lite (prior to 1.3.7). The vulnerability is a SQL Injection in wp-admin/admin-ajax.php that can lead to PHP Object Injection. Public notes describe remote exploitation with possibly arbitrary code execution; CVSS data shows hig...

GHSA-M7FQ-CF8Q-35Q7 crack does not properly restrict casts of string values

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

GHSA-9H36-4JF2-HX53 extlib does not properly restrict casts of string values

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...

GHSA-PCHC-949F-53M5 Improper Input Validation in multi_xml

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...