TCPDF Library 5.9 Arbitrary File Deletion Vulnerability

TCPDF library versions 5.9 and below suffer from an arbitrary file deletion vulnerability via object injection. TCPDF library Universal POI Payload to Arbitrary File Deletion + Author: Filippo Roncari + Target: TCPDF library + Version: internalencoding...

TCPDF Library 5.9 Arbitrary File Deletion

TCPDF library Universal POI Payload to Arbitrary File Deletion + Author: Filippo Roncari + Target: TCPDF library + Version: internalencoding AND !empty$this-internalencoding mbinternalencoding$this-internalencoding;...

mt-phpincgi vulnerable to PHP object injection

Overview mt-phpincgi is script that runs Movable Type templates as PHP. mt-phpincgi contains a PHP object Injection vulnerability. According to the reporter, attacks that attempt to exploit this vulnerability have been confirmed. Impact Arbitrary PHP code may be executed on the server by an...

JVN#64459670: mt-phpincgi vulnerable to PHP object injection

mt-phpincgi is script that runs Movable Type templates as PHP. mt-phpincgi contains a PHP object Injection vulnerability. According to the reporter, attacks that attempt to exploit this vulnerability have been confirmed. Impact Arbitrary PHP code may be executed on the server by an unauthenticate...

Laravel 'prepareForUnserialize()' function remote PHP object injection vulnerability

Laravel is a set of PHP development framework. A remote PHP object injection vulnerability exists in Laravel that allows remote attackers to submit specially crafted serialized objects, delete and read files, and execute arbitrary local script code...

VulnCheck KEV: CVE-2015-2945

mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015...

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full...

Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities

Exploit for php platform in category web applications Forma LMS 1.3 Multiple SQL Injections + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

Forma LMS 1.3 PHP Object Injection

Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities

Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

eFront 3.6.15 - PHP Object Injection

eFront 3.6.15 - PHP Object Injection eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

eFront 3.6.15 - PHP Object Injection

eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...

eFront 3.6.15 PHP Object Injection

eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...

Moodle < 2.4 / 2.4.x < 2.4.11 / 2.5.x < 2.5.7 / 2.6.x < 2.6.4 / 2.7.x < 2.7.1 Multiple Vulnerabilities

Binary data 8723.prm...

CVE-2014-2027

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...

Design/Logic Flaw

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...

CVE-2014-2027

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...

CVE-2014-2027

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...

CVE-2014-2027

CVE-2014-2027 affects eGroupware prior to 1.8.006.20140217. The issue arises from improper input handling allowing PHP object injection and potential remote code execution via multiple parameters across addressbook/csv_import.php, calendar/csv_import.php, csv_import.php (in projectmanager/ or inf...

CVE-2014-2027

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...