Piwik 2.16.0 - layout PHP Object Injection

Piwik 2.16.0 - layout PHP Object Injection --------------------------------------------------------------- Piwik checkTokenInUrl; 213. 214. $layout = Common::unsanitizeInputValueCommon::getRequestVar'layout'; 215. $layout = striptags$layout; 216. $idDashboard = Common::getRequestVar'idDashboard',...

Piwik 2.16.0 - 'layout' PHP Object Injection

--------------------------------------------------------------- Piwik checkTokenInUrl; 213. 214. $layout = Common::unsanitizeInputValueCommon::getRequestVar'layout'; 215. $layout = striptags$layout; 216. $idDashboard = Common::getRequestVar'idDashboard', 1, 'int'; 217. $name =...

Alienvault OSSIMUSM 5.3.1 - PHP Object Injection

Alienvault OSSIMUSM 5.3.1 - PHP Object Injection Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object...

Alienvault OSSIM/USM 5.3.1 PHP Object Injection

Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget...

Alienvault OSSIM/USM 5.3.1 - PHP Object Injection Vulnerability

Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP objec...

Alienvault OSSIM/USM 5.3.1 - PHP Object Injection

Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget...

Alienvault OSSIM and USM PHP Object Injection Vulnerabilities

AlienVault OSSIM is an open source security information management system.USM is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system. An object injection vulnerability exists in Alienvault OSSIM and USM, which...

CVE-2016-8580

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...

CVE-2016-8580

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...

Design/Logic Flaw

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...

CVE-2016-8580

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...

CVE-2016-8580

Summary (concrete details): AlienVault OSSIM/USM before 5.3.2 is affected by a PHP object injection vulnerability caused by unsafe unserialize() usage in multiple widgets (flow_chart.php, gauge.php, honeypot.php, image.php, inventory.php, otx.php, rss.php, security.php, siem.php, taxonomy.php, ti...

Tuleap PHP Unserialize Code Execution (CVE-2014-8791)

This module exploits a PHP object injection vulnerability. Tuelap could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. This could lead to execute PHP code on the server...

CVE-2016-6496: LDAP Java Object Injection in Crowd

The Crowd LDAP directory connector allowed an attacker to gain remote code execution in Crowd by injecting malicious attributes in LDAP entries. To exploit this issue, attackers need to modify an entry in your LDAP directory or successfully execute a Man-in-The-Middle attack between an LDAP serve...

Kaltura Remote PHP Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution', 'Description' = %q This module exploits an Object Injection vulnerability in Kaltura. By exploiting this...

Kaltura 11.1.0-2 - Remote Code Execution (Metasploit)

Kaltura 11.1.0-2 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution', 'Description' = %q This module exploits an Object Injectio...

CS-Cart Twigmo Plugin PHP Object Injection Vulnerability

CS-Cart is a PHP and MySQL based e-commerce software system developed by CS-Cart team. The system supports third-party software extensions , custom promotional strategies , product filtering definitions , etc. Twigmo is one of the template plug-ins developed specifically for mobile terminals . A...

Kaltura 11.1.0-2 - Remote Code Execution (Metasploit)

Exploit for php platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution', 'Description' = %q This module exploits an Object Injecti...

Kaltura 11.1.0-2 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution', 'Description' = %q This module exploits an Object Injection vulnerability in Kaltura. By exploiting this...

Kaltura Remote PHP Code Execution

This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized...