Peel Shopping 8.0.2 Object Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Peel Shopping 8.0.2 Fixed in: 8.0.3 Fixed Version Link: www.peel-shopping.com Vendor Website: www.peel-shopping.com Vulnerability Type: Object Injection Remote Exploitable: Yes Reported to vendor: 04/11/2016 Disclosed to...

CS-Cart add-on "Twigmo" vulnerable to PHP object injection

Overview CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote...

JVN#55389065: CS-Cart add-on "Twigmo" vulnerable to PHP object injection

CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized. Impact A remote attacker may execute arbitrary PHP code. Solution Edit twigmo.php This vulnerability can be addressed by deleting or commenting out the following part...

Design/Logic Flaw

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection...

CVE-2016-7125

Removed by vendor...

UBUNTU-CVE-2016-7125

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection...

CVE-2016-7125

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection...

SugarCRM REST Unserialize PHP Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This module exploits a PHP Object Injection vulnerability in...

SugarCRM 6.5.23 - REST PHP Object Injection (Metasploit)

SugarCRM 6.5.23 - REST PHP Object Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This...

SugarCRM 6.5.23 - REST PHP Object Injection Exploit (Metasploit)

Exploit for php platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This...

SugarCRM REST Unserialize PHP Code Execution

This module exploits a PHP Object Injection vulnerability in SugarCRM CE 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This module exploits a PHP Object Injection vulnerability in SugarCRM CE 'EgiX', 'License' = MSFLICENSE, 'References' = 'URL', 'http...

Malware Information Sharing Platform PHP Object Injection Vulnerability

The Malware Information Sharing Platform MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and analyzing cybersecurity events and malware. A PHP object injection vulnerability exists in versions of MISP prior to 2.3.90. A remote...

CVE-2015-5721

Malware Information Sharing Platform MISP before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populateeventfromtemplateattributes.ctp...

Design/Logic Flaw

Malware Information Sharing Platform MISP before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populateeventfromtemplateattributes.ctp...

CVE-2015-5721

Malware Information Sharing Platform MISP before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populateeventfromtemplateattributes.ctp...

CVE-2015-5721

The vulnerability CVE-2015-5721 affects Malware Information Sharing Platform (MISP) before 2.3.90. A PHP object injection flaw exists via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp. Remote attackers could exploit this to execute cod...

Drupal coder module presence unauthenticated remote code execution vulnerability-vulnerability warning-the black bar safety net

! In a review of the coder module secure code when I'm on Drupal Security Advisory SA-CONTRIB-2 0 1 6 years-0 3 9 found that an unauthenticated remote code execution vulnerability. The vulnerability affects Drupal coder module version including 7. the x - 1.3 and 7. x -2.6 all of the following...

WordPress Ecwid Shopping Cart Plugin <= 4.4.3 - Unauthenticated PHP Object Injection

Because of this vulnerability, attackers can execute arbitrary PHP code. Solution Update the plugin...

Ecwid Ecommerce Shopping Cart <= 4.4.3 - Unauthenticated PHP Object Injection

The Ecwid Ecommerce Shopping Cart WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...

Multiple PHP object injection vulnerabilities in SugarCRM

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. Multiple PHP obje...