GHSA-MGX3-27HR-MFGP HTTParty does not restrict casts of string values

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for YAML type...

nori contains Improper Input Validation

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

crack does not properly restrict casts of string values

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

extlib does not properly restrict casts of string values

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...

HTTParty does not restrict casts of string values

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for YAML type...

Improper Input Validation in multi_xml

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

Tuleap < 9.7 Object Injection Vulnerability

Tuleap is prone to an object injection vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Kaltura Remote PHP Code Execution over Cookie

This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hardcoded cookie secret which allows to sign arbitrary cookie data. After passing...

VulnCheck KEV: CVE-2017-15919

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

WordPress Invite Anyone plugin <=1.3.18 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found in WordPress Invite Anyone plugin versions =1.3.18. Solution Update the WordPress Invite Anyone plugin to the latest available version at least version 1.3.19...

Invite Anyone <= 1.3.18 - Unauthenticated PHP Object Injection

The plugin invite-anyone insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Similar to previous attacks, you send a cookie named "invite-anyone" with serialized data for your target object...

Invite Anyone <= 1.3.18 - Unauthenticated PHP Object Injection

The plugin invite-anyone insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Similar to previous attacks, you send a cookie named "invite-anyone" with serialized data for your target object...

WordPress Flickr Gallery plugin <=1.5.2 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress Appointments plugin versions =1.5.2. Solution Update the WordPress Flickr Gallery plugin to the latest available version at least 1.5.3...

WordPress Appointments plugin <=2.2.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress Appointments plugin versions =2.2.1. Solution Update the WordPress Appointments plugin to the latest available version at least 2.2.2...

WordPress RegistrationMagic-Custom Registration Forms plugin <= 3.7.9.2 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress RegistrationMagic-Custom Registration Forms plugin versions = 3.7.9.2. Solution Update the WordPress RegistrationMagic-Custom Registration Forms plugin to the latest available version at least 3.7.9.3...

VulnCheck KEV: CVE-2017-20208

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 exclusive via deserialization of untrusted input from the isexpiredbydate function. This makes it...

Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection

The flickr-gallery WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...

VulnCheck KEV: CVE-2017-20206

The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting...

VulnCheck KEV: CVE-2017-20207

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this...

MarketPress <= 3.2.6 - PHP Object Injection

The MarketPress plugin installs to a directory named wordpress-ecommerce versions 3.2.6 and prior are vulnerable to a PHP Object Injection attack from the cart cookie value stored in connection with this plugin. PoC Send an object to the site using the mpglobalcart cookie value and it will be...