CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8050 matches found

NVD•added 2015/05/25 5:59 p.m.•14 views

CVE-2015-2945

mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015...

7.5CVSS7.7AI score0.01735EPSS

Exploits1References3

Prion•added 2015/05/25 5:59 p.m.•14 views

Design/Logic Flaw

7.5CVSS8.2AI score0.01735EPSS

Exploits1References3

CVE•added 2015/05/25 5:0 p.m.•45 views

CVE-2015-2945

mt-phpincgi (Movable Type template script) is vulnerable to PHP object injection due to improper URL restriction in mt-phpincgi prior to 2015-05-15. This allows unauthenticated remote attackers to execute arbitrary PHP code on the server via a crafted request, with exploitation reported in the wi...

7.5CVSS7.9AI score0.01735EPSS

Exploits1References3Affected Software1

Cvelist•added 2015/05/25 5:0 p.m.•15 views

CVE-2015-2945

7.7AI score0.01735EPSS

Exploits1References3

0day.today•added 2015/05/24 12:0 a.m.•33 views

TCPDF Library 5.9 Arbitrary File Deletion Vulnerability

TCPDF library versions 5.9 and below suffer from an arbitrary file deletion vulnerability via object injection. TCPDF library Universal POI Payload to Arbitrary File Deletion + Author: Filippo Roncari + Target: TCPDF library + Version: internalencoding...

7.5AI score

Exploits0

Packet Storm•added 2015/05/22 12:0 a.m.•39 views

TCPDF Library 5.9 Arbitrary File Deletion

TCPDF library Universal POI Payload to Arbitrary File Deletion + Author: Filippo Roncari + Target: TCPDF library + Version: internalencoding AND !empty$this-internalencoding mbinternalencoding$this-internalencoding;...

0.2AI score

Exploits0

Japan Vulnerability Notes•added 2015/05/20 5:34 a.m.•4 views

mt-phpincgi vulnerable to PHP object injection

Overview mt-phpincgi is script that runs Movable Type templates as PHP. mt-phpincgi contains a PHP object Injection vulnerability. According to the reporter, attacks that attempt to exploit this vulnerability have been confirmed. Impact Arbitrary PHP code may be executed on the server by an...

7.5CVSS7.3AI score0.01735EPSS

Exploits1References7

Japan Vulnerability Notes•added 2015/05/20 12:0 a.m.•26 views

JVN#64459670: mt-phpincgi vulnerable to PHP object injection

mt-phpincgi is script that runs Movable Type templates as PHP. mt-phpincgi contains a PHP object Injection vulnerability. According to the reporter, attacks that attempt to exploit this vulnerability have been confirmed. Impact Arbitrary PHP code may be executed on the server by an unauthenticate...

7.5CVSS7AI score0.01735EPSS

Exploits1

CNVD•added 2015/05/20 12:0 a.m.•2 views

Laravel 'prepareForUnserialize()' function remote PHP object injection vulnerability

Laravel is a set of PHP development framework. A remote PHP object injection vulnerability exists in Laravel that allows remote attackers to submit specially crafted serialized objects, delete and read files, and execute arbitrary local script code...

7.6AI score

Exploits0References1

VulnCheck KEV•added 2015/05/20 12:0 a.m.•1 views

VulnCheck KEV: CVE-2015-2945

7.5CVSS6.1AI score0.01735EPSS

Exploits1References1

exploitpack•added 2015/05/18 12:0 a.m.•20 views

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full...

0.5AI score

Exploits0

0day.today•added 2015/05/18 12:0 a.m.•31 views

Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities

Exploit for php platform in category web applications Forma LMS 1.3 Multiple SQL Injections + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

7.1AI score

Exploits0

Packet Storm•added 2015/05/18 12:0 a.m.•35 views

Forma LMS 1.3 PHP Object Injection

Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

0.2AI score

Exploits0

Exploit DB•added 2015/05/18 12:0 a.m.•31 views

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities

7.4AI score

Exploits0

exploitpack•added 2015/05/11 12:0 a.m.•154 views

eFront 3.6.15 - PHP Object Injection

eFront 3.6.15 - PHP Object Injection eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

7.5CVSS0.53166EPSS

Exploits8

Exploit DB•added 2015/05/11 12:0 a.m.•113 views

eFront 3.6.15 - PHP Object Injection

eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...

7.5CVSS7.8AI score0.53166EPSS

Exploits8

Packet Storm•added 2015/05/09 12:0 a.m.•157 views

eFront 3.6.15 PHP Object Injection

7.5CVSS0.53166EPSS

Exploits8

Tenable Nessus•added 2015/04/20 12:0 a.m.•33 views

Moodle < 2.4 / 2.4.x < 2.4.11 / 2.5.x < 2.5.7 / 2.6.x < 2.6.4 / 2.7.x < 2.7.1 Multiple Vulnerabilities

Binary data 8723.prm...

7.5CVSS6.7AI score0.04667EPSS

Exploits2References15

UbuntuCve•added 2015/03/31 2:59 p.m.•20 views

CVE-2014-2027

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...

7.5CVSS6.1AI score0.04046EPSS

Exploits1References2

ATTACKERKB•added 2015/03/31 2:59 p.m.•2 views

CVE-2014-2027

7.5CVSS6.2AI score0.04046EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by