Design/Logic Flaw

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...

CVE-2015-7808

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...

CVE-2015-7808

CVE-2015-7808 affects vBulletin 5 Connect 5.1.2–5.1.9. The vulnerability is a PHP object injection in vB_Api_Hook::decodeArguments that allows a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments, enabling remote code execution. Exploitation is demonstrated in p...

vBulletin 5 Connect 5.1.2 through 5.1.9 PHP object injection attack

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments. Recent assessments: busterb ...

Piwik PHP对象注入漏洞

No description provided by source...

Piwik PHP Object Injection Vulnerability

Piwik formerly known as phpMyVisites is an open source website access statistics system based on PHP5 and MySQL. A security vulnerability exists in the 'DisplayTopKeywords' function in the plugins/Referrers/Controller.php script of Piwik versions prior to 2.15.0. A remote attacker can exploit thi...

piwik -- multiple vulnerabilities

Piwik changelog reports: This release is rated critical. We are grateful for Security researchers who disclosed security issues privately to the Piwik Security Response team: Elamaran Venkatraman, Egidio Romano and Dmitriy Shcherbatov. The following vulnerabilities were fixed: XSS, CSRF, possible...

CVE-2015-7816

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...

CVE-2015-7816

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...

CVE-2015-7816

CVE-2015-7816 affects Piwik (renamed Matomo) prior to 2.15.0, where the DisplayTopKeywords function in plugins/Referrers/Controller.php allows PHP object injection, Server-Side Request Forgery (SSRF), and arbitrary PHP code execution via a crafted HTTP header. The issue is caused by insecure hand...

CVE-2015-7816

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...

vBulletin 5.1.2 Unserialize Code Execution Exploit

This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9 This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'vBulletin 5.1.2 Unserialize Code...

vBulletin 5.1.2 Unserialize Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'vBulletin 5.1.2 Unserialize Code Execution', 'Description' = %q This module exploits a PHP object injection vulnerability in vBullet...

vBulletin 5.1.2 Unserialize Code Execution

This module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.1.2 Unserialize Code Execution', 'Description' ...

vBulletin 5.x.x 远程任意代码执行漏洞

unserialize 实战之 vBulletin 5.x.x 远程代码执行 --- Author: RickGray 知道创宇404安全实验室 近日，vBulletin 的一枚 RCE 利用和简要的分析被曝光，产生漏洞的原因源于 vBulletin 程序在处理 Ajax API 调用的时候，使用 unserialize 对传递的参数值进行了反序列化操作，导致攻击者使用精心构造出的 Payload 直接导致代码执行。关于 PHP 中反序列化漏洞的问题可以参考 OWASP 的《PHP Object Injection》。 使用 原文 提供的 Payload 可以直接在受影响的站点上执行...

Piwik 2.14.3 PHP Object Injection

----------------------------------------------------------------------- Piwik = 2.14.3 DisplayTopKeywords PHP Object Injection Vulnerability ----------------------------------------------------------------------- - Software Link: https://piwik.org/ - Affected Versions: Version 2.14.3 and prior...

Piwik 2.14.3 PHP Object Injection Vulnerability

Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution. ----------------------------------------------------------------------- Piwik = 2.14.3 DisplayTopKeywords PHP Object Injection Vulnerability...

Design/Logic Flaw

system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie...

CVE-2015-5687

system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie...

CVE-2015-5687

system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie...