[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability

----------------------------------------------------------------- Tuleap = 7.6-4 register.php PHP Object Injection Vulnerability ----------------------------------------------------------------- - Software Links: https://www.tuleap.org/ https://www.enalean.com/ - Affected Versions: Version 7.6-4...

OpenCart 1.5.6.4 PHP Object Injection Vulnerability

Exploit for php platform in category web applications OpenCart session-data'cart' as $key = $quantity $product = explode':', $key; $productid = $product0; $stock = true; // Options if !empty$product1 $options = unserializebase64decode$product1; else $options = array; The vulnerability exists...

Tuleap 7.6-4 PHP Object Injection Vulnerability

Tuleap versions 7.6-4 and below suffer from a PHP object injection vulnerability in register.php...

Open Web Analytics 1.5.6 PHP Object Injection Vulnerability

Exploit for php platform in category web applications Open Web Analytics setSetting'base', 'isremoteeventqueue', true; $owa-e-debug$POST; $rawevent = owacoreAPI::getRequestParam'event'; if $rawevent $dispatch = owacoreAPI::getEventDispatch; $event = unserialize base64decode $rawevent ;...

OpenPNE 3.8.9 PHP Object Injection Vulnerability

Exploit for php platform in category web applications OpenPNE getRequest-getHost; if $value = sfContext::getInstance-getRequest-getCookie$key $value = unserializebase64decode$value; return $value; User input passed through cookies is not properly sanitized before being used in an unserialize call...

Tuleap 7.6-4 PHP Object Injection

----------------------------------------------------------------- Tuleap route$request; 35. exit; 36. 37. 38. $currentstep = $request-exist'currentstep' ? $request-get'currentstep' : 0; 39. $data = $request-exist'data' ? unserialize$request-get'data' : array; User input passed through the "data"...

[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability

-------------------------------------------------------------------------- TestLink = 1.9.12 execSetResults.php PHP Object Injection Vulnerability -------------------------------------------------------------------------- - Software Link: http://testlink.org/ - Affected Versions: Version 1.9.12 a...

CVE-2014-8081

lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filterresultresult parameter...

Design/Logic Flaw

lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filterresultresult parameter...

CVE-2014-8081

CVE-2014-8081 affects TestLink up to version 1.9.12 (and earlier) where lib/execute/execSetResults.php processes the filter_result_result parameter unsafely, allowing PHP object injection and arbitrary code execution. The vulnerability stems from unserialize on user input, enabling crafted serial...

CVE-2014-8081

lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filterresultresult parameter...

TestLink 1.9.12 Multiple Vulnerabilities

TestLink versions 1.9.12 and below suffer from a path disclosure weakness and below suffer from a PHP object injection vulnerability in execSetResults.php ---------------------------------------------------------------- TestLink "; debugprintbacktrace; echo ""; 211. 212. else 213. 214. echo "";...

[KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability

----------------------------------------------------------------- OpenCart = 1.5.6.4 cart.php PHP Object Injection Vulnerability ----------------------------------------------------------------- - Software Link: http://www.opencart.com/ - Affected Versions: Version 1.5.6.4 and prior versions. -...

[KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability

------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected Versions: All versions fr...

Pimcore CMS 1.4.9 2.1.0 - Multiple Vulnerabilities

Pimcore CMS 1.4.9 2.1.0 - Multiple Vulnerabilities Vulnerabilities in Pimcore 1.4.9 to 2.1.0 inclusive Discovered by Pedro Ribeiro [email protected] of Agile Information Security ==================================================================== Disclosure: 14/04/2014 / Last updated: 12/10/2014...

Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities

Vulnerabilities in Pimcore 1.4.9 to 2.1.0 inclusive Discovered by Pedro Ribeiro [email protected] of Agile Information Security ==================================================================== Disclosure: 14/04/2014 / Last updated: 12/10/2014 Vulnerability: Remote code execution in Pimcore CMS...

CVE-2014-5297

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery SSRF attacks via crafted serialized data in the report parameter...

Server side request forgery (ssrf)

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery SSRF attacks via crafted serialized data in the report parameter...

CVE-2014-5297

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery SSRF attacks via crafted serialized data in the report parameter...

CVE-2014-5297

The CVE-2014-5297 entry affects X2Engine 2.8–4.1.7, specifically the actionSendErrorReport method in protected/controllers/SiteController.php. The vulnerability arises from taking user-supplied data in the POST parameter report, applying base64_decode followed by unserialize without proper saniti...